PrepAway - Latest Free Exam Questions & Answers

Which of the following are attacks/techniques related to Wired Equivalent Privacy (WEP)?

Which of the following are attacks/techniques related to Wired Equivalent Privacy (WEP)?
Each correct answer represents a complete solution. Choose all that apply.

PrepAway - Latest Free Exam Questions & Answers

A.
Bit-flipping attack

B.
Phishing

C.
Weak key

D.
Baiting

Explanation:
Following are the types of attacks related to Wired Equivalent Privacy (WEP). Bit-flipping attack. A bit-flipping attack is an attack on a cryptographic cipher in which the attacker can change the ciphertext in such a way as to result in a predictable change of the plaintext, although the attacker is not able to learn the plaintext itself. Note that this type of attack is not directly against the cipher itself (as cryptanalysis of it would be), but against a particular message or series of messages. In the extreme, this could become a Denial of service attack against all messages on a particular channel using that cipher. The attack is especially dangerous when the attacker knows the format of the message. In such a situation, the attacker can turn it into a similar message but one in which some important information is altered. For example, a change in the destination address might alter the message route in a way that will force reencryption with a weaker cipher, thus possibly making it easier for an attacker to decipher the message. Weak key. In cryptography, a weak key is a key which when used with a specific cipher, makes the cipher behave in some undesirable way. Weak keys usually represent a very small fraction of the overall keyspace, which usually means that if one generates a random key to encrypt a message weak keys are very unlikely to give rise to a security problem.

Answer B and D are incorrect. Phishing and baiting are social engineering techniques.
Fact What is phishing? Hide Phishing is a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number. An example of phishing attack is a fraudulent e-mail that appears to come from a user’s bank asking to change his online banking password. When the user clicks the link available on the e-mail, it directs him to a phishing site which replicates the original bank site. The phishing site lures the user to provide his personal information. Fact What is baiting? Hide Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the victim. In this attack, the attacker leaves a malware infected floppy disk, CD ROM, or USB flash drive in a location sure to befound (like bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and curiosity-piquing label, and simply waits for the victim to use the device.

Reference. http.//en.wikipediA.org/wiki/Wired_Equivalent_Privacy


Leave a Reply