From the course: Learning Threat Modeling for Security Professionals
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Spoofing a specific server
From the course: Learning Threat Modeling for Security Professionals
Spoofing a specific server
- Spoofing is what happens when authenticity fails. Authenticity meaning something is real, it's genuine, it's the one we expect, rather than being about something done in a traditional way, like authentic Italian food. It's about the authentic website loading when you click a URL, rather than a fake trying to get you to expose your password. Authenticity is about the name matching the expectation. When an attacker spoofs, they provide a fake, a sham, an unexpected thing in place of the real. RED30 has a website where advertisers upload content. The site is protected by a username and password. An attacker might try to upload ads as a different brand, by spoofing a user from another company. Then, the attacker's ads will be shown, and the bill will be sent to someone else. To log in as someone else, the attacker can pick a likely username, say, Topsy Turvy, and try common passwords like password or 123456. A brute force attack can happen by hand, or there's software like THC Hydra to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.