Skip to main content

Posts

Showing posts from December 29, 2013

3.2.14 Privilege Escalation

Privilege escalation In this context of computer security, privilege escalation is the malicious acquisition or exercise of escalated access to resources that are normally reserved for administrative or other authorized users or applications. When applied in an unauthorized way, privilege escalation is a security violation and is enabled by a flaw in the configuration, services, installed software or operating system. It results in a regular user being given more access than was intended by the developer or the administrator. In November 2013, Microsoft issued a security advisory on vulnerability that would allow privilege escalation exploits in computers running Windows XP and Windows Server 2003. The security advisory (2914486) reads in part, “The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or

3.2.6 Spoofing

Spoofing A spoofing attack is an attempt to masquerade as someone else. There are a variety of spoofing attacks, including: Wolf in sheep's clothing Spoofing email messages to trick the recipient to accept an email from an attacker Creating fake logon programs that attempt to capture user ID and password Spoofing IP addresses to make it appear to come from a trusted source DNS spoofing involves an attempt to populate a name server database with false information. This can result in a user being sent to a website other than the one intended Spoofing is making data appear to come from someone or somewhere other than where it originated by maliciously modifying TCP/IP source information. The goal of spoofing attacks is to gain illegitimate access to a resource. A number of the TCP/IP protocols (DNS, IP, ARP, ICMP, SMTP, NTP, etc.) are vulnerable to spoofing attacks as they were not designed with authentication as a core feature. As such,