Connectivity and always-on can be wonderful. The Internet and the wide range of connected devices have made access to digital resources as easy as a mouse-click or a touch. But with increased convenience come increased security vulnerabilities. Every connection to the Internet, and every web page offers another opportunity for attackers to cause damage, gain unauthorized access to information, and impersonate other users. This post gives a brief discussion of various ways in which malicious users cause problems for almost all of us.
Drive-by Downloading is a method used by attackers to get their malicious code on a user’s machine by causing it to be downloaded without the user’s knowledge or consent.
Phishing is a word used to describe how an attacker “phishes” for user information by using both social engineering and digital techniques to trick a user into divulging private and valuable information.
Cross-Site Scripting (XSS) is an attack in which a malicious website user inserts her own malicious script into the website, so that when another unsuspecting user visits the site, the script is run, possibly stealing valuable information.
Cross-Site Request Forgery (XSRF) is another kind of browser-based attack in which an attacker lures a website user away from the website to a malicious website where a script executes that causes a request to be sent back to the original website using the unwary user’s credentials.
SQL Injection is a database-centered attack in which an attacker is able to access or affect information in a database by injecting SQL code into a web form.
Denial of Service (DOS) is a network-related attack in which a resource, such as a particular web server, is bombarded with so many requests (often from fake IP addresses) that the server crashes and becomes unavailable to legitimate users.