Hacking: The Next Generation (Animal Guide)
Nitesh Dhanjani, Brett Hardin
Format: PDF / Kindle (mobi) / ePub
With the advent of rich Internet applications, the explosion of social media, and the increased use of powerful cloud computing infrastructures, a new generation of attackers has added cunning new techniques to its arsenal. For anyone involved in defending an application or a network of systems, Hacking: The Next Generation is one of the few books to identify a variety of emerging attack vectors.
You'll not only find valuable information on new hacks that attempt to exploit technical flaws, you'll also learn how attackers take advantage of individuals via social networking sites, and abuse vulnerabilities in wireless technologies and cloud infrastructures. Written by seasoned Internet security professionals, this book helps you understand the motives and psychology of hackers behind these attacks, enabling you to better prepare and defend against them.
- Learn how "inside out" techniques can poke holes into protected networks
- Understand the new wave of "blended threats" that take advantage of multiple application vulnerabilities to steal corporate data
- Recognize weaknesses in today's powerful cloud infrastructures and how they can be exploited
- Prevent attacks against the mobile workforce and their devices containing valuable data
- Be aware of attacks via social networking sites to obtain confidential information from executives and their assistants
- Get case studies that show how several layers of vulnerabilities can be used to compromise multinational corporations
script, 16 223 Google Calendar, 21, 202 information gathering, 226–232 (see also calendar data) 272 | Index Google Docs, stealing from, 56–62 images indicative of software, searching for, Google Earth, 5 41 Google hacking, 7 important information, recognizing, 22–23 Google Hacking Database (GHDB), 8 information to influence people, 201–221 Google Maps, viewing open hotspots on, 151 calendar data, 21, 201–206 Google search on “ReZulT”, 196–197 emotional responses (psyche), 217–220
to find victim’s networks, 232 threat models, 102 for reconnaissance of executives, 230–232 Tor service, 244 trust (see trusted circles) tracking employees, 16–21 social profiles, 12 transaction forgery (see cross-site request SOCKS4 protocol, 249 forgery) software complexity, as vulnerability, 91 translation service, Google, 62 (see also blended attacks) trashing (see dumpster diving) software interaction vulnerabilities (see trial accounts with cloud providers, 144–146 blended
Blended threats take advantage of weaknesses in two (or more) different pieces of software to compromise or steal data from a victim’s system. Modern-day information systems are not homogeneous systems consisting of 102 | Chapter 4: Blended Threats: When Applications Exploit Each Other software from a single organization. Instead, systems are heterogeneous, consisting of software from various (many times, competing) publishers and organizations. This myriad software on our systems creates a
arguments) to the underlying operating system. Typically, support for protocol handlers is not a security risk in itself; however, when a protocol handler allows an attacker to control a capability not normally allowed for a particular situation, or when it reaches a portion of vulnerable code, it becomes a contributing factor in a security risk. In this example, the iPhoto application registered the photo:// protocol handler. The photo:// protocol handler allows the attacker to use Safari
Tim O’Reilly’s LinkedIn profile Figure 9-10. O’Reilly Media’s key executives and board of directors; an attacker can use these as “trusted” sources for an attack on Tim O’Reilly Figure 9-10 identifies four sources that the attacker could use for an email attack against Tim. Before continuing, the attacker should uncover more information on these people. The more information the attacker has on these people, the greater his chances of success in attacking Tim. 234 | Chapter 9: Hacking