Developments in Hacking, Cybercrime, and Malware
IS4560
Unit 1 Assignment 1
Developments in Hacking, Cybercrime, and Malware
Web-based attacks are on the front lines of Internet security. The trending threats are as followed in rank:
1. PDF Suspicious File Download
2. Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness
3. Microsoft Internet Explorer 7 Uninitialized Memory Code Execution
4. Microsoft Internet Explorer MS Snapshot ActiveX File Download
5. Adobe SWF Remote Code Executable
6. Microsoft Internet Explorer Malformed XML Buffer Overflow
7. Microsoft Internet Explorer DHTML CreateControlRange Code Executable
8. Microsoft Internet Explorer WPAD Spoofing
9. Microsoft MPEG2TuneRequestControl ActiveX Buffer Overflow
10. Microsoft MPEG2TuneRequestControl ActiveX Instantiation
These threats have changed the face of Internet security. These vulnerabilities allow attackers to install malicious files on a vulnerable computer when a user visits a website hosting an exploit. To carry out this attack, an attacker must exploit an arbitrary vulnerability that bypasses Internet Explorer security settings. The attacker can then execute malicious files installed by the initial security weakness. Also, an attacker can exploit this vulnerability by enticing a victim to open a malicious Web page. A
successful attack will allow an attacker to execute remote code on a victim’s computer. This vulnerability may be appealing to attackers because, rather than relying on a plug-in that may or may not be installed on a target computer; it relies only on the use of a version of a popular browser, thereby increasing the number of potential victims.
Cisco response to MD5 collisions in certificates issued by vulnerable certificate authorities is its release of the Cisco Adaptive Security Appliance (ASA) and IOS may both serve as certificate authorities and by default use the MD5 hashing algorithm in the digital signatures of certificates issued to end users and devices. The
Unit 1 Assignment 1
Developments in Hacking, Cybercrime, and Malware
Web-based attacks are on the front lines of Internet security. The trending threats are as followed in rank:
1. PDF Suspicious File Download
2. Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness
3. Microsoft Internet Explorer 7 Uninitialized Memory Code Execution
4. Microsoft Internet Explorer MS Snapshot ActiveX File Download
5. Adobe SWF Remote Code Executable
6. Microsoft Internet Explorer Malformed XML Buffer Overflow
7. Microsoft Internet Explorer DHTML CreateControlRange Code Executable
8. Microsoft Internet Explorer WPAD Spoofing
9. Microsoft MPEG2TuneRequestControl ActiveX Buffer Overflow
10. Microsoft MPEG2TuneRequestControl ActiveX Instantiation
These threats have changed the face of Internet security. These vulnerabilities allow attackers to install malicious files on a vulnerable computer when a user visits a website hosting an exploit. To carry out this attack, an attacker must exploit an arbitrary vulnerability that bypasses Internet Explorer security settings. The attacker can then execute malicious files installed by the initial security weakness. Also, an attacker can exploit this vulnerability by enticing a victim to open a malicious Web page. A
successful attack will allow an attacker to execute remote code on a victim’s computer. This vulnerability may be appealing to attackers because, rather than relying on a plug-in that may or may not be installed on a target computer; it relies only on the use of a version of a popular browser, thereby increasing the number of potential victims.
Cisco response to MD5 collisions in certificates issued by vulnerable certificate authorities is its release of the Cisco Adaptive Security Appliance (ASA) and IOS may both serve as certificate authorities and by default use the MD5 hashing algorithm in the digital signatures of certificates issued to end users and devices. The