I'd like to know in a simpler way what these types of attacks are.
And please, if you can go deeper into the subject, you could tell me a simple example of how to protect yourself from them. I am creating a website for a company and would like to understand them better and how to protect myself. Thanks
Occurs when someone uses hardware or software to register each key that the user has used. The attacker can then do an analysis of the texts to find usernames, passwords, bank account numbers etc.
How to defend yourself: use anti-virus to protect yourself from the software version, since it is malware. The hardware version is very rare - it's a device that sits on the USB port between the keyboard and the computer. This is easier to solve, just play the keylogger out if you find it.
It's all about testing passwords until they work out. Many systems nowadays have automatic protections against this type of attack. If you miss the password five times in a row on an iPhone with the most current iOS, for example, the phone deletes all files: D
This attack works best against systems that do not limit the maximum amount of password errors, and if the attacker has physical access to the machine.
How to defend yourself: Ensure minimal password complexity. Do not forgive anyone who misses the password more than a few times.
This is the oldest method of attack to get confidential information. This is to fill a user's gate until he says the passwords and other sensitive information.
How to defend yourself: train your users in martial arts and firearms handling. False teeth with cyanide capsules are an option for team members who are physically weak.
This is about exploiting a general programming flaw committed by people who have discovered what SQL is all about recently. It occurs when a program passes to a SQL query a data entered by the user, without doing any treatment on this input .
How to defend yourself: Never leave your system in the hands of only a beginner. The development team needs to have at least one experienced professional to avoid not only this, but also other types of programming failures that may be caused by lack of experience.
Friend and simple A brute force attack is nothing more than a bot or a network of bots that attempt by the "trial and error" method to set their password. Getting access it captures your password and comes back later through an invasion, somehow through the front door of your site. How to protect yourself: Generate and frequently exchange strong passwords, which contain at least 8 characters, uppercase and lowercase letters, numbers and special characters (! @ # $% & * *), Not putting words that are known or easy to discover , even better if they are totally random. keep your computer (especially if you run the Windows operating system in any version) clean and away from viruses, with frequent checks with good antivirus (that free antivirus does not always solve). never, ever and under any circumstances save passwords on your computer or ask the browser / browser to save for future access.
keylogger: (or keylogger), although often understood as spyware, is a computer program whose purpose is to record everything that is typed on a keyboard, most of the time aiming to capture passwords, card numbers credit and other important information. It has a typical virus operation, as it is installed and acts without the user noticing its presence. How to protect yourself: Keeping an up-to-date antivirus is critical, even more so when we are almost all connected to the internet, downloading files, swapping music, videos and testing programs and games.
Sql Injection: is an attack consisting of the insertion (known as injection) of a query via web application. Locaweb always takes all precautions regarding updates to avoid any security breaches in the hosted sites. However, sometimes vulnerabilities emerge that are exploited through programming, nothing to advance the precautions we take. Such vulnerabilities are present in codes (ASP, PHP, etc.) placed by the clients themselves. This is the case of "SQL Injection", a loophole through which an attacker can execute arbitrary queries or statements on a relational basis via "injection" of commands into form fields. How to protect yourself: Using the addslashes () function has the same effect as enabling magic quotes, but only applies where convenient. What it does is to put an escaped character before the single or double quotes, before the backslash and the NULL character. Using 'prepared statements' instead of the SQL code itself assigning all other prevention measures to use this, would give us more performance and security, as well as being simpler to read and write. However it can only be used in SELECT, INSERT, UPDATE, REPLACE, DELETE and CREATE TABLE. $ login = $ _GET ['login'] $ query="SELECT * FROM records WHERE login = '$ login'"; Would be like this: $ query="SELECT * FROM records WHERE login = OR 1";
Cryptanalysis of rubber hose: In cryptography, rubber hose cryptanalysis is the extortion of cryptographic secrets (eg the password to an encrypted file) from a person by coercion or torture, [1] [2] by contrast with the attack of mathematical or technical cryptanalysis. Euphemism refers to striking someone with a rubber hose until it cooperates. How to protect yourself: Training users for any type of torture.
