What attack is depicted in the e-mail?
Study the following e-mail message.
Dear SuperShopper valued member,
Due to concerns, for the safety and integrity of the SuperShopper community we have issued this warning message. It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof reports.
If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to update your records will result to your account cancellation. This notification expires within 24 hours.
Once you have updated your account records your SuperShopper will not be interrupted and will continue as normal.
Please follow the link below and renew your account information.
https://www.supershopper.com/cgi-bin/webscr?cmd=update-run
SuperShopper Technical Support
http://www.supershopper.com
The link takes you to an address like: http://hacker.xsecurity.com/in.htm. Note that hacker.xsecurity.com is not an official SuperShopper site!
What attack is depicted in the e-mail?
Choose one of the following pseudo codes to describe this statement:
Choose one of the following pseudo codes to describe this statement:
f we have written 200 characters to the buffer variable, the stack should stop because it cannot hold any more data.
Which of the following tools can she use to protect the link?
Jane wishes to forward X-Windows traffic to a remote host as well as POP3 traffic. She is worried that adversaries might be monitoring the communication link and could inspect captured traffic. She would like to tunnel the information to the remote end but does not have VPN capabilities to do so. Which of the following tools can she use to protect the link?
Within the context of Computer Security, which of the following statements describes Social Engineering best?
Within the context of Computer Security, which of the following statements describes Social Engineering best?
How do you prevent a hacker from launching FIN, NULL, and X-MAS scans on your network?
Port scans are often used to profile systems before they are attacked. Knowing what ports are open allows an attacker to determine which services can be attacked.
How do you prevent a hacker from launching FIN, NULL, and X-MAS scans on your network?
A company is legally liable for the content of email that is sent from its systems, regardless of whether the
A company is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purposes. This could lead to prosecution for the sender and for the company’s directors if, for example, outgoing email was found to contain material that was pornographic, racist, or likely to incite someone to commit an act of terrorism.
You can always defend yourself by “ignorance of the law” clause.
What can you conclude from the following nmap results?
What can you conclude from the following nmap results?
Starting nmap V. 3.10ALPHA9 ( www.insecure.org/nmap/ )
Interesting ports on 192.168.1.1:
(The 1592 ports scanned but not shown below are in state: closed)
PortStateService
21/tcpopenftp
25/tcpopensmtp
80/tcpopenhttp
389/tcpopenldap
443/tcpopenhttps
3268/tcpopengc
Remote operating system guess: Too many signatures match to reliably guess the OS. Nmap run completed — 1 IP address (1 host up) scanned in 91.66 seconds
What would you do next to fingerprint the OS?
While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:
Starting nmap V. 3.10ALPHA9 ( www.insecure.org/nmap/ )
Interesting ports on 172.121.12.222:
(The 1592 ports scanned but not shown below are in state: filtered) PortStateService
21/tcpopenftp
25/tcpopensmtp
53/tcpcloseddomain
80/tcpopenhttp
443/tcpopenhttp
Remote operating system guess: Too many signatures match to reliably guess the OS.
Nmap run completed — 1 IP address (1 host up) scanned in 277.483 seconds
What would you do next to fingerprint the OS?
How would you search for these posting using Google search?
System administrators sometimes post questions to newsgroups when they run into technical challenges. As an ethical hacker, you could use the information in newsgroup postings to glean insight into the makeup of a target network. How would you search for these posting using Google search?
What kind of attack did the Hacker attempt to carry out at the bank?
Bank of Timbuktu is a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web application recently. Customers can access their account balances, transfer money between accounts, pay bills and conduct online financial business using a Web browser.
John Stevens is in charge of information security at Bank of Timbuktu. After one month in production, several customers have complained about the Internet enabled banking application. Strangely, the account balances of many of the bank’s customers had been changed! However, money hasn’t been removed from the bank; instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application’s logs and found the following entries:
Attempted login of unknown user: johnm
Attempted login of unknown user: susaR
Attempted login of unknown user: sencat
Attempted login of unknown user: pete”;
Attempted login of unknown user: ‘ or 1=1–
Attempted login of unknown user: ‘; drop table logins–
Login of user jason, sessionID= 0x75627578626F6F6B
Login of user daniel, sessionID= 0x98627579539E13BE
Login of user rebecca, sessionID= 0x9062757944CCB811
Login of user mike, sessionID= 0x9062757935FB5C64
Transfer Funds user jason
Pay Bill user mike
Logout of user mike
What kind of attack did the Hacker attempt to carry out at the bank?