The last attack presented that impacts confidentiality is a social engineering attack called phishing. Social engineering attacks aim at exploiting of the natural human tendency to trust. In a phishing attack, the trust in a web site is abused to fraudulently acquire personal confidential data, such as credentials and bank account information (KYE - Phishing). These web-based client-side attacks present the user with a fraudulent web site, often promoted via SPAM Email, which appear to be from a trusted entity, such as a bank. The web site, however, is, in fact, in the control of the attacker and once the user provides personal information to the web site, the attacker will have obtained this confidential information.
Next, I look at attacks that impact availability. These attacks are concerned with partially or fully consuming the client resources, which reduces or leads to a complete failure of a service the client normally performs. The attacks reviewed are simple crashes, popup floods, browser hijacking, network floods, Web SPAM/junk pages and web pages that commit click fraud.
A denial-of-service is an attack that results in partial or complete consumption of resources that negatively impact a service. In the setting of a web-based client-side attack, a web page could cause the lock-up or crash of the browser or even the operating system or one if its components. Many browser vulnerabilities exist that permit a malicious web server to launch an availability impacting attack.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.