What Is a Security Bug?
Vulnerabilities are flaws in the specific implementation of hardware, software, protocols, or system security policies, which can allow attackers to access or damage the system without authorization. An unintentionally left unprotected entry point for a restricted computer, component, application, or other online resource.
Security breach
- The vulnerability is in
- Loophole
- Code injection. Generalized attack, including SQL injection, which depends on inserting code and execution by the application.
- The session is fixed. This is a session attack through which an attacker can hijack a valid user session. A session fixation attack can modify an established session on the victim's browser, so a malicious attack can be performed before the user logs in.
- Path access, or "directory access". The vulnerability is designed to access files or directories stored outside the web root file.
- Weak passwords with few characters, short digits, and missing special symbols. This password is relatively easy to crack.
- Hard-coded encryption keys provide a false sense of security. Some people believe that spreading hard-coded passwords before storage can help protect information from malicious users. But many such dispersions are reversible processes. [1]
- The relationship between vulnerabilities and computer systems
- Relationship between vulnerability issues and computer systems with different security levels
- Computer system security classification standards are generally based on the definition in the "Orange Book." The official name of the Orange Book is "Trusted Computer System Evaluation Criteria." Orange Book Pair
- A brief description of common attack methods and attack processes
- If a defect cannot be exploited to do something "originally" (safety related), then it cannot be called
- Must be clear first
- The vulnerability of the investigation should be closely related to the harm brought by the exploitation of this vulnerability. Not all buffer overflow vulnerabilities commonly known are
- One
- Internet Explorer exposes security breach, hackers could steal passwords
- Computer security researchers have said that Microsoft's widely popular Internet Explorer has vulnerabilities, and hackers can gain access to Facebook, Twitter and other websites by stealing certificates. Researchers call this technique "cookiejacking." Rosario Valotta, an independent Internet security researcher in Italy, said: "Any website, any cookie, the scope can only be imagined." Hackers can use the vulnerability to enter the data saved in the browser, that is "Cookie", which stores the login name and password.
- Once a hacker steals cookies, they can enter the same website. Experts call this technology "cookiejacking".
- The vulnerability exists in all IE versions, including the latest IE 9, and also in all Windows operating systems.
- To exploit the vulnerability, a hacker must first cause the victim to drag and drop a target on the PC display before hacking the user's computer. This may sound like a difficult task, but Varota says he can do it fairly easily. He built a program on Facebook that users challenge: make a beauty naked.
- "I posted the game on Facebook, and less than three days later, more than 80 cookies were sent back to my server. I only have 150 friends," Varotta said.
- Microsoft says that success in a true cookiejacking scam is almost impossible. Microsoft spokesman Jerry Bryant said: "Given the need for user interaction, we don't consider this issue to be very risky. To be affected, users must first visit a malicious website and be persuaded to click And dragging the target on the webpage, hackers can attack cookies that the user has logged in from online. "