Cache Poisoning (or DNS Spoofing) is an attack technique where corrupted Domain Name Server (DNS) data is stored into the DNS Resolver’s cache and causes it to return an incorrect Internet Protocol (IP) Address. As a result of this, the network traffic is then redirected to the attacker’s (or any other) computer instead of the intended recipient. From here, the attacker could use this to supplement other types of attacks such as a Denial of Service (DoS) attack or a man-in-the-middle attack. It can even be used in aiding them to spread computer worms and other malware or even redirecting users to a malicious site owned by the attacker (this method can be used in phishing attacks).

Keystroke logging, also called keylogging or keyboard capturing, is the action of recording and saving each keystroke on a keyboard over sometime, usually covertly. This is so that the person who enters the information onto to the keyboard remains unaware of having their information be monitored. The action is done through a logging program which is called a keylogger and it can be either software or hardware.

A man-in-the-middle (MITM) attack is a special type of attack in which an attacker covertly relays and potentially alters data between two parties on a network. These parties are usually oblivious to this attack and believe their connection and communication between each other is secured and their messages have integrity; however, that is not the case. The basis of the attack is to circumvent mutual authentication between the two parties and it can only be considered successful if the attacker can successfully impersonate the involved parties to each other. That is to say, the attacker must appear like Person A to Person B and like Person B to Person A. While it is a very common form of attack, most protocols do provide some kind of endpoint verification process to prevent MITM attacks; such as Transport Layer Security (TLS) which can authenticate both parties via a mutually trusted certificate authority.

The most recent news of huge cyber-attacks using “Zombies” and “Bots” will not be alarming. This will not create this enthusiast think, even for a second, that the digital world has been taken by the living dead creatures or yet alien armies. But one thing will come to realize the "Botnets".

Ransomware is a type of malware that locks users from accessing their data in their computer or any mobile device. To unlock their data, the users must pay a certain amount of ransom, this is mainly done by the payment method which uses Bitcoin. Although paying is an option in recovering your data, it is recommended not to pay because we cannot guarantee the promise of the attackers.

Learn about the stealthy threat of Cross-Site Request Forgery (CSRF) attacks and how they exploit web application authentication. Discover how CSRF vulnerabilities can be identified and safeguarded with unique tokens, protecting critical user data in online banking, social media, and beyond.

Carriage Return and Line Feed (CRLF) are special character elements typically embedded in Hypertext Transfer Protocol (HTTP) headers and some other software code. The inclusion of these character elements is to denote an End of Line (EOL) marker. These character elements are actually very common as many protocols of the Internet Protocol (IP) Suite, such as HTTP, MIME, and NNTP, use them to discretely split the text into elements. As such, CRLF injection is when an attacker can inject a sequence of CRLF into one of these protocols or software applications; such as an HTTP stream. This is one of the attacks most common uses and as such, has the alternative names of HTTP Response Splitting and Neutralization of CRLF Sequences in HTTP Headers.

Firstly, we must define what a buffer is. A buffer is an allocated section of memory which can hold anything from a string of characters to an array of integers. That being the case, a buffer overflow (or overrun) is what happens a buffer with a fixed-length receives more data than what it can handle. In this case, the extra data has to be stored somewhere and spills over into an adjacent space in memory which can corrupt or overwrite the data stored there. These overflows usually result in a system crash; however, they also create opportunities for an attacker to run some malicious code or manipulate coding errors. The success of these attacks are very high as most programming languages, such as C, C++, and Fortran are vulnerable to these types of attacks.

Encryption of data has become an integral part of data security. Encryption can protect sensitive information and also provide secure network connections. Encryption generates a ciphertext from your original data, which can be decrypted by the intended recipient. This makes brute force attacks and Man-in-the-middle attack almost impossible.

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are two cryptographic protocols used for providing secure communication over a network. The Internet Engineering Task Force (IETF) prohibited the use of SSL which led the way for TLS to succeed it. The protocols have several variations and iterations used in web browsing, email, Internet faxing, instant messaging, and voice over IP (VoIP). Websites, in particular, are known for using TLS for securing communications between their servers and web browsers. This is accomplished by TLS providing privacy and integrity to data between two communicating nodes on a network.