2,224 research outputs found

    Man in the Browser Attacks

    Get PDF
    In the present world, everyone uses the Internet and to access the internet they would need to use a browser. Unfortunately, the benefits of the Web are also available to hackers to exploit its weaknesses. Man-in-the-Browser (MITB) attacks are utilized through Trojan malware that infects an Internet browser. This attack is dangerous because of its ability to hide from anti-virus software and steal information from a user from the browser. MITB is able to see information within the browser since no encryption occurs in a browser. This is a serious threat to financial institutions and many other secret institutions as well. No one is safe from a MITB once it is installed because it easily bypasses the security mechanisms we all rely on. This paper explains what MITB attacks are, and how dangerous are those, and how it can be identified and how can we prevent it by discussing various preventive techniques and its effectiveness. This paper will also help to create awareness to the people about this attac

    BATTLE AGAINST PHISHING

    Get PDF
    Phishing is a model problem for illustrating usability concerns of privacy and security because both system designers and attackers battle using user interfaces to guide (or misguide) users. There are two novel interaction techniques to prevent spoofing. First, our browser extension provides a trusted window in the browser dedicated to username and password entry. We use a photographic image to create a trusted path between the user and this window to prevent spoofing of the window and of the text entry fields. Second, our scheme allows the remote server to generate a unique abstract image for each user and each transaction. This imag e creates a "skin" that automatica lly customizes the browser window or the user interface elements in the content of a remote web page. Our extension allows the users browser to independently compute the image that it expects to receive from the server. To authenticate cont ent from the se rver, the user can visually verify that the images match. We contrast our work with existing anti - phishing proposals. In contrast to other proposals, our scheme places a very low burden on the user in terms of effort, memory and time. To authenticate himse lf the user has to recognize only one image and remember one low entropy password, no matter how many servers he wishes to interact with. To authenticate content from an authenticated server, the us er only needs to perform one visual matching operation to compare two images. Furthermore, it places a high burden of effort on an attacker to spoof customized security indicators

    Analysis of Mozambican websites : how do they protect their users?

    Get PDF
    Web security is an important approach for most institutions, organizations and individuals which use or provide their services through websites. In this study, a systematic and methodical evaluation of the exposure of web servers and HTTP security headers to attackers that can cause potential harm was tested in 240 Mozambican websites. Vulnerabilities related to HTTP security headers were obtained and the mechanisms which should be taken to reduce the security risks of the services available on the websites are presented

    Network Security Concepts, Dangers, and Defense Best Practical

    Get PDF
    In today's highly interconnected world, network security has become a critical aspect of protecting organizations from cyber-attacks. The increasing sophistication of attackers and their ability to exploit software and firmware vulnerabilities pose significant dangers to the security of networks. However, many organizations often neglect the essential steps required to secure their networks, leading to an increased risk of security breaches. In this research article, we aim to address this issue by investigating network security concepts, potential dangers, and practical defense strategies. We begin by exploring the different types of cyber-attacks and their sources, highlighting the various ways attackers exploit network vulnerabilities. We also examine the reasons why organizations often overlook network security and the consequences of not prioritizing it. To better understand the complexity of network security, we categorize the different security concerns using the CIA (confidentiality, integrity, and availability) triangle. This approach allows us to identify the various areas of vulnerability and their potential impact on network security. Next, we focus on the most crucial basic concepts and steps involved in various network security operations. We outline the best practices and practical approaches organizations can take to improve their network security, including implementing security policies and procedures, using encryption and authentication methods, and conducting regular security assessments. By highlighting the importance of network security and providing practical guidance on how organizations can defend against cyber-attacks, we hope to raise awareness and help prevent security breaches. Keywords: Network, Internet, Security, Security Threats, IP Address, Network Attack, Attackers DOI: 10.7176/CEIS/14-2-03 Publication date:March 31st 202
    corecore