Assignment 1 CISC 3325 I. Search on-line to find an example of a recent computer
ID: 3748438 • Letter: A
Question
Assignment 1 CISC 3325 I. Search on-line to find an example of a recent computer data or security breach. Provide the URL and a short description of the breach giving details of who was affected, when and where it occurred. I. Exercise 19, Chapter l: A program is used by a company to allow customers to order products on-line: a. Who might want to attack the program? b. What type of harm could occur? c. List some vulnerabilities that the program might have. Exercise 13, Chapter 2: Describe a situation where a weak but easy-to-use password may be adequate. III.Explanation / Answer
I. URL: https://www.csoonline.com/article/3223229/security/equifax-says-website-vulnerability-exposed-143-million-us-consumers.html
Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases
In October 2017, Equifax raised its estimate of the number of impacted consumers to 145.5 million. Then, on March 1, 2018, the company raised the number by another 2.4 million, bringing the tally to147.9 million.
II. a) Criminals and activists would want to attack such program which sells products online.
b) Types of harms:
c) Some of the vulnerabilities of the program are:
SQL injection refers to the insertion of SQL meta-characters in user input, which allows attacker’s queries, are executed by the back-end database. Attackers will first determine if a site is vulnerable to such an attack by sending in the single-quote (‘) character. The results from an SQL injection attack on a vulnerable site may range from a detailed error message, which discloses the back-end technology being used, or allowing the attacker to access restricted areas of the site because he manipulated the query to an always-true Boolean value, or it may even allow the execution of operating system commands.
SQL injection varies from database to database, for example in Oracle database, this is done by using the UNION keyword and is much more difficult than on the MS SQL Server, where multiple queries can be executed by separating them with the semi-colon.
In its default configuration, MS SQL server runs with Local System privileges and has the ‘xp_cmdshell’ extended procedure, which allows execution of operating system commands.
This is one of the most unique vulnerabilities seen in the online shopping carts and payment gateways. In this vulnerability the total payable price of the purchased goods is stored in a hidden HTML field of a dynamically generated web page.
An attacker can use a web application proxy such as Achilles to simply modify the amount that is payable, when this information flows from the user’s browser to the web server The final payable price can be manipulated by the attacker to a value of his choice.
This information is eventually sent to the payment gateway with whom the online merchant has partnered. If the number of transactions is very high, the price manipulation may go completely unnoticed. Repeated attacks of this nature could destroy the number of users to the website
The Cross-site Scripting (XSS) attack are targeted against the end user and leverages two factors: 1.The lack of input and output validation being done by the web application 2.The trust placed by the end-user in a URL that carries the vulnerable web site’s name. The XSS attack requires a web form that takes in user input, processes it, and prints out the results on a web page, which also contains the user’s original input. It is most commonly found in ‘search’ features, where the search logic will print out the results along with a line such as ‘Results for user_supplied_input’.
Suppose if we write the JavaScript function also with the search elements then the result page of the search will the output of the search results along with the JavaScript result, which is not good in any website.
In another scenario we can use JavaScript to redirect the user to a site that looks similar to the original web site and requests the user to enter sensitive information such as his authentication details for that web site, or his credit card number or social security number which should not happen in the real time scenarios.
Since HTTP is a stateless protocol, web applications commonly maintain state using session IDs or transaction IDs stored in a cookie on the user’s system. Thus session ID is the only way that the web application can determine the online identity of the user.
If the session ID is stolen (say through XSS), or it can be predicted, then an attacker can take over a genuine user’s online identity. Hence we need to take care of the session id by providing the necessary algorithms.
The other cause is providing the week passwords, which can be broken very easily. When providing the password option to the user we need to have some passwords policy like in the given passwords we need to have a 1 capital letters, 1 numeric and passwords length should be 4 – 10 characters. Such policies will strength the user passwords.
III. You can use weak and easy-to-use password for online e-learning platforms like coursera, CodeAcademy, etc.
These e-learning websites don't store any critical informations and are very frequently accessed in everyday life. Hence, these passwords should be easy to remeber and can be weak too.