Top 10 Hacker Attacks
It's quite easy to find the best of the best—or, arguably, the worst of the worst—hacker attacks ever made. They're very widespread. However, the past ten years had been such a busy decade that it would've been better to come up with a top one hundred than a top ten. Nevertheless, here are the top ten hacker attacks to ever spread through the Internet or victimize a network.
1. GIFAR: The GIFAR hack that's been discovered by John Heasman, Rob Carter, Nathan McFeters, and Billy Rios takes the top spot because it's a very widespread GIF (image file) and JAR (Java Archive) attack that allows the execution of an arbitrary applet code hidden behind a web application.
2. Google Gears Cross-Origin Model Exploit: This particular hacking model that's been discovered by Yair Yamit involves abusing the Google Gears loader's tendency to disregard a Gears worker file's headers as it loads it.
3. The Safari Bomber: Nitesh Dhanjani revealed to the Internet at large that a rogue website has the capability to "carpet bomb" a user's Windows desktop or Mac OS X's downloads directory with malicious codes using the Safari browser.
4. Clickjacking: Robert Hansen and Jeremiah Grossman has demonstrated that stealing the "clicks" away from users via link redirects or streaming videos is possible care of an arbitrary JavaScript code.
5. Opera Exploitation: Stefano Di Paola divulged that the Opera exploit mostly revolves around stealing history, creating a botnet, or redirecting users to a hacker-controlled rogue website.
6. HTML 5 Abuse: Alberto Trivero reports that the structured client-side storage technology of HTML 5 is very, very vulnerable to an assortment of creative and not-so-creative hacker techniques all aimed at stealing stored data from a target's computer.
7. Cross-Domain Leakage: Site logins via authenticated CSS were proven to be leaky by Michal Zalewski and Chris Evans. More to the point, hackers can pretty much do whatever they want with a targeted site by simply exploiting the generic browser cross-domain bug of whether an image is existent or not.
8. TCP Tunneling: Haroon Meer, Marco Slaviero, and Glenn Wilkinson conclude that it's possible to tunnel TCP over HTTP and SQL injection as demonstrated by their special reDuh project that can make a TCP circuit via properly developed HTTP requests.
9. ActiveX Repurposing: Haroon Meer appears in this list for a second time by informing the tech community about using the upgrade functionality of the ActiveX control that causes one's client to download a possibly dangerous file.
10. Flash Parameter Injection: Adi Sharabani, Ayal Yogev, and Yuval Baror produced a presentation showcasing just how a cyber attacker could use the Flash parameter to load malicious movies and attack a Flash-based system even after the vulnerability is patched.
No comments:
Post a Comment