Monday, June 25, 2007

Hack Attacks

Hack Attacks

Ever been tongue-tied thinking up explanations for why your PC has been brought to its knees? Here’s a favourite excuse/genuine reason: it’s been hacked! But how? What kind of attack is it? Were there swords involved? Take your pick:

DDoS: A Distributed Denial of Service attack is carried out by flooding servers with data till they’re crippled and can’t service genuine requests. A popular method is the dreaded Ping of Death—pinging a server repeatedly from different sources. Most Web sites are still quite vulnerable to this type of attack, and it’s a general avourite among those with malicious intent.

Trojan Horse: A program that comes disguised as something harmless, even useful, but really opens up access to a computer, making it a participant in a DDoS attack, or making it possible to use it to attack other computers.

Worm: True to their biological counterparts, worms keep consuming system resources, slowly overloading the system and finally causing it to cease functioning.

SQL Injection: Nothing like a flu shot, this is a technique whereby SQL commands are passed through a Web application so they get executed by a backend database. One of the most common application-layer attacks currently being used. To be able to perform SQL Injection hacking, all the attacker needs is a browser and some guesswork to figure table and field names.

Cross-Site Scripting: Called XSS or CSS, this is a security exploit in which the attacker inserts malicious code into any link that appears to be from a trustworthy source. When you click on the link, the embedded code is submitted as part of your Web request and can execute on your computer, possibly (and usually) allowing the attacker to steal information.

No comments: