HOME

TheInfoList



Click Here for Items Related To - Login Spoofing
OR:
Login Spoofing on:   [Wikipedia]   [Google]   [Amazon]

Login spoofings are techniques used to steal a user's
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
. The user is presented with an ordinary looking
login In computer security, logging in (or logging on, signing in, or signing on) is the process by which an individual gains access to a computer system by identifying and authenticating themselves. The user credentials are typically some form ...
prompt for username and password, which is actually a malicious program (usually called a
Trojan horse The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
) under the control of the
attacker In some team sports, an attacker is a specific type of player, usually involved in aggressive play. Heavy attackers are, usually, placed up front: their goal is to score the most possible points for the team. In association football, attackers a ...
. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security. To prevent this, some
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
s require a special key combination (called a
secure attention key A secure attention key (SAK) or secure attention sequence (SAS) is a special key or key combination to be pressed on a computer keyboard before a login screen which must, to the user, be completely trustworthy. The operating system kernel, which i ...
) to be entered before a login screen is presented, for example
Control-Alt-Delete Control-Alt-Delete (often abbreviated to Ctrl+Alt+Del, also known as the "three-finger salute" or "Security Keys") is a computer keyboard command on IBM PC compatible computers, invoked by pressing the Delete key while holding the Control key, C ...
. Users should be instructed to report login prompts that appear without having pressed this secure attention sequence. Only the
kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learnin ...
, which is the part of the operating system that interacts directly with the hardware, can detect whether the secure attention key has been pressed, so it cannot be intercepted by third party programs (unless the kernel itself has been compromised).


Similarity to phishing

While similar to login spoofing,
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
usually involves a scam in which victims respond to unsolicited e-mails that are either identical or similar in appearance to a familiar site which they may have prior affiliation with. Login spoofing usually is indicative of a much more heinous form of vandalism or attack in which case the attacker has already gained access to the victim computer to at least some degree.


Internet

Internet-based login spoofing can be caused by * compromised sites * those named similarly to legitimate sites: typos bring people there.


References


External link


IBM recommendation re possible Login spoofing
{{DEFAULTSORT:Login Spoofing Computer security exploits