Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Login spoofing
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{short description|Techniques used to steal a user's password}} '''Login spoofings''' are techniques used to steal a user's [[password]].<ref>{{cite book |title=A Practical Introduction to Enterprise Network and Security Management |url=https://books.google.com/books?isbn=1498787983 |isbn=978-1498787987 |author=Bongsik Shin |date=2017| publisher=CRC Press }}</ref><ref>{{cite web |author1=Insupp Lee |author2=Dianna Xu |author2-link=Dianna Xu |title=CSE 380 Computer Operating Systems |url=http://www.cis.upenn.edu/~lee/03cse380/lectures/ln22-security-v3.ppt|publisher=University of Pennsylvania |accessdate=6 April 2016 |page=35 |format=ppt |date=2 December 2003}}</ref> The user is presented with an ordinary looking [[Logging (computer security)|login]] prompt for username and password, which is actually a malicious program (usually called a [[Trojan horse (computing)|Trojan horse]]) under the control of the [[security cracking|attacker]]. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security. To prevent this, some [[operating system]]s require a special key combination (called a [[secure attention key]]) to be entered before a login screen is presented, for example [[Control-Alt-Delete]]. Users should be instructed to report login prompts that appear without having pressed this [[secure attention sequence]]. Only the [[kernel (operating system)|kernel]], which is the part of the operating system that interacts directly with the hardware, can detect whether the secure attention key has been pressed, so it cannot be intercepted by third party programs (unless the kernel itself has been compromised). ==Similarity to phishing== While similar to login spoofing, [[phishing]] usually involves a scam in which victims respond to unsolicited e-mails that are either identical or similar in appearance to a familiar site which they may have prior affiliation with. Login spoofing usually is indicative of a much more heinous form of vandalism or attack in which case the attacker has already gained access to the victim computer to at least some degree. ==Internet== Internet-based login spoofing<ref>{{cite book |title=CompTIA Security+ Deluxe Study Guide: SY0-201 |url=https://books.google.com/books?isbn=0470439858 |isbn=978-0470439852 |author=Emmett Dulaney |date=2011| publisher=John Wiley & Sons }}</ref> can be caused by * compromised sites * [[typosquatting]] ==References== {{Reflist}} ==External links== * [https://www.ibm.com/support/libraryserver_os390/handheld/BOOKS/EZ4USR01/3.2.4.3?SHELF=ez2aik03&DT=19930412133212&CASE=. IBM recommendation re possible Login spoofing] {{DEFAULTSORT:Login Spoofing}} [[Category:Computer security exploits]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Cite book
(
edit
)
Template:Cite web
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)