Attacking The Login Page, Continued

Next, go to your Google page and enter 'screen scraper'. Now what you get is a listing of programs that grab an image of your desktop screen, like when you press the Print Screen button on your keyboard.

Now for the kicker - there are programs out there on the net that will do both of these tasks. Some of them come in the form of Trojan horse and spyware programs. These are downloaded onto your system, usually where you stumble across sites hosting pages where they are embedded - especially porn-related ones - or are perhaps received by email.

If you are infected with such a program, your confidential data will be captured as you enter it. At some time thereafter, your vital information will be appended to an email that reaches the hacker. Alternately, it may be silently 'piped' directly to a purpose-built server that harvests such information for later retrieval by the hacker.

You now know that these programs exist, and hopefully can understand that they are capable of recording and passing on vital information. In that light, it isn't difficult to see why the common logon box is such an easy target. Now think about those sites where you have submitted your credit card details, and where you have agreed to store that data for subsequent and convenient one-click purchasing...

But let's return to the attack on our login page. When the page is submitted, it passes typically with a POST or GET HTTP Request to its action target. Let us decipher some of this jargon.

HTTP stands for Hyper Text Transfer Protocol, and is the method by which pages of information are formed and transmitted across the Internet. A form can be passed in two ways: through a POST request or a GET request. Suffice to say that both are methods through which data is passed from a browser to a site. Each HTTP request can have a response, so when you submit a search for data from Google, the returning page is an HTTP Response.

Now there are two possible ways to have the data reach its intended target. It can either be encrypted using a mechanism such as Secure Sockets Layer (SSL, using a prefix of HTTPS://) or the information can be sent in the clear (HTTP://).

Either way it can be attacked, but to elaborate on how this can occur, we need to walk through a few concepts first.

Tags: Internet Security,

Related Articles: