{"id":187,"date":"2021-02-23T14:30:37","date_gmt":"2021-02-23T14:30:37","guid":{"rendered":"http:\/\/learnlearn.uk\/igcsecs\/?page_id=187"},"modified":"2021-02-23T14:31:36","modified_gmt":"2021-02-23T14:31:36","slug":"online-threats","status":"publish","type":"page","link":"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/","title":{"rendered":"Online Threats"},"content":{"rendered":"<div class=\"responsive-tabs\">\n<h2 class=\"tabtitle\">Phishing<\/h2>\n<div class=\"tabcontent\">\n\n<h3>Phishing<\/h3>\n<p><a href=\"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/phishing.jpg\"><img decoding=\"async\" loading=\"lazy\" class=\"alignright size-full wp-image-874\" src=\"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/phishing.jpg\" alt=\"\" width=\"279\" height=\"181\" \/><\/a><\/p>\n<p>Phishing is a very common form of attack, using using emails. Attackers send emails purporting to be from organisations such as banks and ecommerce sites, with the aim of tricking users in to clicking on the email links and divulging personal information, especially:<\/p>\n<ul>\n<li>Usernames<\/li>\n<li>Passwords<\/li>\n<li>Credit \/ Debit card information<\/li>\n<\/ul>\n<p><strong>Threat Reduction Measures<\/strong><\/p>\n<ul>\n<li>Always be wary of clicking on links in emails.<\/li>\n<li>Check emails for spelling mistakes or typos as these are a tell-tale sign that an email is fake<\/li>\n<li>Don&#8217;t give your card details out or login details &#8211; if in doubt navigate directly to the website an sign in using the normal address<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n\n<\/div><h2 class=\"tabtitle\">Pharming<\/h2>\n<div class=\"tabcontent\">\n\n<h3>Pharming<\/h3>\n<p>This attack centres around poisoning the DNS cache on either a computer, server or router, with the intention of redirecting a user&#8217;s browser to a fake version of a website when the user types in a domain name.<\/p>\n<p>When you type in a web address (e.g.\u00a0www.amazon.co.uk) the browser needs to lookup the IP address (e.g.\u00a096.127.32.0)\u00a0 that matches the domain name. It is to this address that the request to load the page is send. If a hacker is able to alter the contents of the DNS cache then your browser will be passed the wrong IP address and you will be redirected to the fake site without noticing.<\/p>\n<div id=\"attachment_188\" style=\"width: 922px\" class=\"wp-caption alignnone\"><img aria-describedby=\"caption-attachment-188\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-188\" src=\"https:\/\/learnlearn.uk\/igcsecs\/wp-content\/uploads\/sites\/23\/2021\/02\/cie-igcse-pharming-online-threats.png\" alt=\"\" width=\"912\" height=\"243\" srcset=\"https:\/\/learnlearn.uk\/igcsecs\/wp-content\/uploads\/sites\/23\/2021\/02\/cie-igcse-pharming-online-threats.png 912w, https:\/\/learnlearn.uk\/igcsecs\/wp-content\/uploads\/sites\/23\/2021\/02\/cie-igcse-pharming-online-threats-300x80.png 300w, https:\/\/learnlearn.uk\/igcsecs\/wp-content\/uploads\/sites\/23\/2021\/02\/cie-igcse-pharming-online-threats-768x205.png 768w\" sizes=\"(max-width: 912px) 100vw, 912px\" \/><p id=\"caption-attachment-188\" class=\"wp-caption-text\">Want to see your computer&#8217;s DNS cache? Open a CMD prompt and type in<strong> ipconfig \/displaydns<\/strong><\/p><\/div>\n<p><strong>Threat Reduction Measures<\/strong><\/p>\n<ul>\n<li>Most websites now use SSL certificates. These certificates are used by your browser to ensure that the site is genuine.<\/li>\n<li>Most browsers and anti-virus products keep an up to date list of servers that host fake content and warn the users before a page is known.<\/li>\n<\/ul>\n\n<\/div><h2 class=\"tabtitle\">DOS<\/h2>\n<div class=\"tabcontent\">\n\n<h3>DOS\/ DDOS &#8211; denial of service attacks \/ Distributed Denial Of Service Attacks<\/h3>\n<p><a href=\"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/ddos.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignright size-medium wp-image-871\" src=\"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/ddos-300x203.png\" alt=\"\" width=\"300\" height=\"203\" \/><\/a><\/p>\n<p>Often an objective of attackers is to shut down a webserver or website. A simple way of achieving this is to overload the site with thousands and thousands of requests for data. The server is overloaded with requests and it crashes. This is known as a <strong>Denial Of Service Attack.(DOS)<\/strong><\/p>\n<p>In order to defend attack such an attack, webservers often block requests from an IP address if it starts to send too many requests. The only way to circumvent this defence is to attack the server from many machines, in many locations at once. This can only be achieved if you first find a vulnerability in client computers (or more recently Internet Connected Devices like webcams, Network Attached Storage, Smart devices). You take control of these devices and turn them in to a large <strong>BOTNET,<\/strong> getting thousands or millions of hacked devices to send requests to the intended target. This type of attack of known as a <strong>Distributed Denial of Service Attack.<\/strong><\/p>\n<p><strong>Threat Reduction Measures<\/strong><\/p>\n<ul>\n<li>Enable DDOS protection on any web servers that you host.<\/li>\n<\/ul>\n\n<\/div><h2 class=\"tabtitle\">Brute Force<\/h2>\n<div class=\"tabcontent\">\n\n<h3>Brute Force Attacks<\/h3>\n<p><a href=\"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/password.jpg\"><img decoding=\"async\" loading=\"lazy\" class=\"alignright size-full wp-image-869\" src=\"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/password.jpg\" alt=\"\" width=\"268\" height=\"188\" \/><\/a><br \/>\nThis is useful again systems where either the website \/ system allows unlimited login attempts. The attacker keeps trying every possible password combination until they are successful. This form of attack is usually combined with a dictionary attack and is especially effective where short or common passwords are used (e.g. password123)<\/p>\n<p><strong>Activity<\/strong><\/p>\n<p>See how long it would take for your favourite password to be hacked using the following site:<\/p>\n<p><a href=\"https:\/\/random-ize.com\/how-long-to-hack-pass\/\">https:\/\/random-ize.com\/how-long-to-hack-pass\/<\/a><\/p>\n<p><a href=\"https:\/\/howsecureismypassword.net\/\">https:\/\/howsecureismypassword.net\/<\/a><\/p>\n<p><strong>Threat Reduction Measures<\/strong><\/p>\n<ul>\n<li>Use a hard to guess password where possible<\/li>\n<li>Don&#8217;t use the same password for multiple sites.<\/li>\n<li>Use 2 factor authentication<\/li>\n<li>Change your password regularly<\/li>\n<li>If you are developing your own website then enable login limits<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n\n<\/div><h2 class=\"tabtitle\">Interception<\/h2>\n<div class=\"tabcontent\">\n\n<h3>Data interception and Theft<\/h3>\n<p><a href=\"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/wifi.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignright size-medium wp-image-872\" src=\"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/wifi-277x300.png\" alt=\"\" width=\"277\" height=\"300\" \/><\/a><\/p>\n<p>With the widespread adoption of WIFI in offices around the world, data interception has become widespread. Encrypted packets can be sniffed, and given enough packets and time, the WIFI encryption key can be computed and access to the network can be obtained. This is especially effective against older, weaker encryption technologies, for example WEP (Wired Equivalent Privacy)<\/p>\n<p>A former student of mine did a class demonstration where he hacked my router WEP password in under ten seconds using free software!<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Threat Reduction Measures<\/strong><\/p>\n<ul>\n<li>Use a strong encryption method such as WPA2<\/li>\n<li>Always use end to end encryption on public wifi hotspots<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n\n<\/div><h2 class=\"tabtitle\">SQL Injection<\/h2>\n<div class=\"tabcontent\">\n\n<h3>SQL Injection<\/h3>\n<p><a href=\"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/bobby-tables.png\"><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-867 aligncenter\" src=\"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/bobby-tables.png\" alt=\"\" width=\"666\" height=\"205\" \/><\/a><\/p>\n<p>An SQL Injection works by taking advantage of poor programming discipline while programming using SQL databases.<\/p>\n<p>If user inputs are not sanitized (checked to make sure no illegal input has been entered) before processing, then an attacker can inject their own SQL statements in to the system.<\/p>\n<p>&nbsp;<\/p>\n<p><em>Weak Python\/SQL Code Example:<\/em><\/p>\n<ul>\n<li>fname = input(&#8220;What&#8217;s you first name?&#8221;)<\/li>\n<li>lname = input(&#8220;What&#8217;s your last name?&#8221;)<\/li>\n<li>c.execute(&#8220;INSERT INTO STUDENTS VALUES(&#8216;&#8221;+ fname + &#8220;&#8216;,'&#8221;+lname+&#8221;&#8216;);&#8221;)<\/li>\n<\/ul>\n<p>In the example above the user input on lines 1 and 2 are directed added to the SQL statement using string concatenation, this allows the attack shown in the cartoon above to take place.<\/p>\n<p><strong>Threat Reduction Measures<\/strong><\/p>\n<p><em>Strong Python\/SQL Code Example:<\/em><\/p>\n<ul>\n<li>fname = input(&#8220;What&#8217;s you first name?&#8221;)<\/li>\n<li>lname = input(&#8220;What&#8217;s your last name?&#8221;)<\/li>\n<li>entry = (fname,lname)<\/li>\n<li>c.execute(&#8220;INSERT INTO STUDENTS VALUES(?,?);&#8221;,entry)<\/li>\n<\/ul>\n<p>In the example above the user input is first added to a tuple and then passed to execute function as an function parameter. This input is then sanitized internally within the execute function before being passed to the SQL query for processing.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Phishing Phishing is a very common form of attack, using using emails. Attackers send emails purporting to be from organisations such as banks and ecommerce sites, with the aim of tricking users in to clicking on the email links and divulging personal information, especially: Usernames Passwords Credit \/ Debit card information Threat Reduction Measures Always&hellip;&nbsp;<a href=\"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/\" class=\"\" rel=\"bookmark\">Read More &raquo;<span class=\"screen-reader-text\">Online Threats<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":70,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Online Threats | IGCSE Computer Science | Learnlearn.uk<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Online Threats | IGCSE Computer Science | Learnlearn.uk\" \/>\n<meta property=\"og:description\" content=\"Phishing Phishing is a very common form of attack, using using emails. Attackers send emails purporting to be from organisations such as banks and ecommerce sites, with the aim of tricking users in to clicking on the email links and divulging personal information, especially: Usernames Passwords Credit \/ Debit card information Threat Reduction Measures Always&hellip;&nbsp;Read More &raquo;Online Threats\" \/>\n<meta property=\"og:url\" content=\"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/\" \/>\n<meta property=\"og:site_name\" content=\"IGCSE Computer Science\" \/>\n<meta property=\"article:modified_time\" content=\"2021-02-23T14:31:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/phishing.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/\",\"url\":\"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/\",\"name\":\"Online Threats | IGCSE Computer Science | Learnlearn.uk\",\"isPartOf\":{\"@id\":\"https:\/\/learnlearn.uk\/igcsecs\/#website\"},\"datePublished\":\"2021-02-23T14:30:37+00:00\",\"dateModified\":\"2021-02-23T14:31:36+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"IGCSE Computer Science Course\",\"item\":\"https:\/\/learnlearn.uk\/igcsecs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Online Threats\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/learnlearn.uk\/igcsecs\/#website\",\"url\":\"https:\/\/learnlearn.uk\/igcsecs\/\",\"name\":\"IGCSE Computer Science\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/learnlearn.uk\/igcsecs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/learnlearn.uk\/igcsecs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/learnlearn.uk\/igcsecs\/#organization\",\"name\":\"IGCSE Computer Science\",\"url\":\"https:\/\/learnlearn.uk\/igcsecs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/learnlearn.uk\/igcsecs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/learnlearn.uk\/igcsecs\/wp-content\/uploads\/sites\/23\/2020\/08\/LearnLearnLogowhitenew.png\",\"contentUrl\":\"https:\/\/learnlearn.uk\/igcsecs\/wp-content\/uploads\/sites\/23\/2020\/08\/LearnLearnLogowhitenew.png\",\"width\":710,\"height\":98,\"caption\":\"IGCSE Computer Science\"},\"image\":{\"@id\":\"https:\/\/learnlearn.uk\/igcsecs\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Online Threats | IGCSE Computer Science | Learnlearn.uk","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/","og_locale":"en_GB","og_type":"article","og_title":"Online Threats | IGCSE Computer Science | Learnlearn.uk","og_description":"Phishing Phishing is a very common form of attack, using using emails. Attackers send emails purporting to be from organisations such as banks and ecommerce sites, with the aim of tricking users in to clicking on the email links and divulging personal information, especially: Usernames Passwords Credit \/ Debit card information Threat Reduction Measures Always&hellip;&nbsp;Read More &raquo;Online Threats","og_url":"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/","og_site_name":"IGCSE Computer Science","article_modified_time":"2021-02-23T14:31:36+00:00","og_image":[{"url":"https:\/\/learnlearn.uk\/gcsecs\/wp-content\/uploads\/sites\/8\/2018\/01\/phishing.jpg"}],"twitter_card":"summary_large_image","twitter_misc":{"Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/","url":"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/","name":"Online Threats | IGCSE Computer Science | Learnlearn.uk","isPartOf":{"@id":"https:\/\/learnlearn.uk\/igcsecs\/#website"},"datePublished":"2021-02-23T14:30:37+00:00","dateModified":"2021-02-23T14:31:36+00:00","breadcrumb":{"@id":"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/learnlearn.uk\/igcsecs\/online-threats\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/learnlearn.uk\/igcsecs\/online-threats\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"IGCSE Computer Science Course","item":"https:\/\/learnlearn.uk\/igcsecs\/"},{"@type":"ListItem","position":2,"name":"Online Threats"}]},{"@type":"WebSite","@id":"https:\/\/learnlearn.uk\/igcsecs\/#website","url":"https:\/\/learnlearn.uk\/igcsecs\/","name":"IGCSE Computer Science","description":"","publisher":{"@id":"https:\/\/learnlearn.uk\/igcsecs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/learnlearn.uk\/igcsecs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/learnlearn.uk\/igcsecs\/#organization","name":"IGCSE Computer Science","url":"https:\/\/learnlearn.uk\/igcsecs\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/learnlearn.uk\/igcsecs\/#\/schema\/logo\/image\/","url":"https:\/\/learnlearn.uk\/igcsecs\/wp-content\/uploads\/sites\/23\/2020\/08\/LearnLearnLogowhitenew.png","contentUrl":"https:\/\/learnlearn.uk\/igcsecs\/wp-content\/uploads\/sites\/23\/2020\/08\/LearnLearnLogowhitenew.png","width":710,"height":98,"caption":"IGCSE Computer Science"},"image":{"@id":"https:\/\/learnlearn.uk\/igcsecs\/#\/schema\/logo\/image\/"}}]}},"rttpg_featured_image_url":null,"rttpg_author":{"display_name":"learnlearnadmin","author_link":"https:\/\/learnlearn.uk\/igcsecs\/author\/learnlearnadmin\/"},"rttpg_comment":0,"rttpg_category":null,"rttpg_excerpt":"Phishing Phishing is a very common form of attack, using using emails. Attackers send emails purporting to be from organisations such as banks and ecommerce sites, with the aim of tricking users in to clicking on the email links and divulging personal information, especially: Usernames Passwords Credit \/ Debit card information Threat Reduction Measures Always&hellip;&nbsp;Read&hellip;","_links":{"self":[{"href":"https:\/\/learnlearn.uk\/igcsecs\/wp-json\/wp\/v2\/pages\/187"}],"collection":[{"href":"https:\/\/learnlearn.uk\/igcsecs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/learnlearn.uk\/igcsecs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/learnlearn.uk\/igcsecs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/learnlearn.uk\/igcsecs\/wp-json\/wp\/v2\/comments?post=187"}],"version-history":[{"count":3,"href":"https:\/\/learnlearn.uk\/igcsecs\/wp-json\/wp\/v2\/pages\/187\/revisions"}],"predecessor-version":[{"id":191,"href":"https:\/\/learnlearn.uk\/igcsecs\/wp-json\/wp\/v2\/pages\/187\/revisions\/191"}],"wp:attachment":[{"href":"https:\/\/learnlearn.uk\/igcsecs\/wp-json\/wp\/v2\/media?parent=187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}