Cybersecurity For Dummies. Joseph Steinberg
Чтение книги онлайн.
Читать онлайн книгу Cybersecurity For Dummies - Joseph Steinberg страница 23
Malformed URL attacks
Malformed URL attacks are attacks in which an attacker crafts a URL that appears to link to a particular legitimate website, but because of special characters utilized within the URL text, actually does something nefarious. The attacker may then distribute the nefarious URL in email and text messages and/or by posting it within a comment on a blog or via other social media.
Another form of malformed URL attack is an attack in which an attacker crafts a URL that contains elements within it that will cause a system being accessed to malfunction.
Buffer overflow attacks
Buffer overflow attacks are attacks in which an attacker submits data to a system that exceeds the storage capacity of the memory buffer in which that data is supposed to be stored, thereby causing the system to overwrite other memory with the data the user submitted. Carefully crafted buffer overflow input by an attacker, for example, could overwrite memory space in which the system is storing commands that it will execute per the instructions of its authorized user — perhaps even replacing such commands with commands the attacker wants the system to execute.
Chapter 3
The Bad Guys You Must Defend Against
IN THIS CHAPTER
Clarifying who the “good guys” and “bad guys” are
Seeing how some “good guys” might become “accidental bad guys”
Discovering how hackers profit from their crimes
Exploring threats from nonmalicious actors
Many centuries ago, the now world-famous Chinese military strategist and philosopher, Sun Tzu, wrote:
If you know the enemy and know yourself,
you need not fear the result of a hundred battles.
If you know yourself but not the enemy,
for every victory gained you will also suffer a defeat.
If you know neither the enemy nor yourself,
you will succumb in every battle.
As has been the case since ancient times, knowing your enemy is necessary in order to ensure that you can properly protect yourself.
Such wisdom remains true in the age of digital security. While Chapter 2 covers many of the threats posed by cyber-enemies, this chapter covers the enemies themselves:
Who are they?
Why do they launch attacks?
How do they profit from attacks?
You also find out about nonmalicious attackers — both people and inanimate parties who can inflict serious damage even without any intent to do harm.
Bad Guys and Good Guys Are Relative Terms
Albert Einstein famously said that “everything is relative,” and that concept certainly holds true when it comes to understanding who the “good” guys and “bad” guys are online. As someone seeking to defend yourself against cyberattacks, for example, you may view Russian hackers seeking to compromise your computer in order to use it to hack U.S. government sites as bad guys, but to patriotic Russian citizens, they may be heroes.
If you’re an American enjoying free speech online and make posts promoting atheism, Christianity, Buddhism, or Judaism and an Iranian hacker hacks your computer, you’ll likely consider the hacker to be a bad guy, but various members of the Iranian government and other fundamentalist Islamic groups may consider the hacker’s actions to be a heroic attempt to stop the spread of blasphemous heresy.
In many cases, determining who is good and who is bad may be even more complicated and create deep divides between members of a single culture. For example, how would you view someone who breaks the law and infringes on the free speech of neo-Nazis by launching a crippling cyberattack against a neo-Nazi website that preaches hate? Or someone outside of law enforcement who illegally launches attacks against sites spreading child pornography, malware, or jihadist material that encourages people to kill Americans? Do you think that everyone you know would agree with you? Would U.S. courts agree?
Before answering, please consider that in the 1977 case, National Socialist Party of America v. Village of Skokie, the U.S. Supreme Court ruled that freedom of speech goes so far as to allow Nazis brandishing swastikas to march freely in a neighborhood in which many survivors of the Nazi Holocaust lived. Clearly, in the world of cyber, only the eye of the beholder can measure good and bad — and the eyes of different beholders can be quite different in such regards.
For the purposes of this book, therefore, you need to define who the good and bad guys are, and, as such, you should assume that the language in the book operates from your perspective as you seek to defend yourself digitally. Anyone seeking to harm your interests, for whatever reason, and regardless of what you perceive your interests to be, is, for the purposes of this book, bad.
Bad Guys Up to No Good
A group of potential attackers that is likely well-known to most people are the bad guys who are up to no good. This group consists of multiple types of attackers, with a diverse set of motivations and attack capabilities, who share one goal in common: They all seek to benefit themselves at the expense of others, including, potentially, you.
Bad guys up to no good include
Script kiddies
Kids who are not kiddies
Nations and states
Corporate spies
Criminals
Hacktivists
Script kiddies
The term script kiddies