Some web applications send unnecessary information to attackers
Surfing the Side
Sometimes error messages or log entries are too verbose for their own good, disclosing valuable information to attackers.
If you believe the movies, expert hackers only need to type a few cryptic characters at the command line to gain full access to the target within seconds. In reality, however, attacks on IT systems are usually not so easy to accomplish. Instead, the attacker sometimes needs days or weeks to succeed. During this time, the intruder explores the system to find a way around defensive measures, determines the best strategy for the attack, and avoids telltale log entries. Such attacks often occur in several successive steps and are called side channel attacks if they exploit hidden information just from observing the target system.
If this scrutiny relates to the hardware, it can include runtimes, processor power consumption, or electromagnetic radiation; if the intruder is focused on software resources, the attack might center on error messages or log entries. An intruder who is looking for information on the software might try to find out the version and patch level of the operating system, the database, the network components, or any active applications. The study might also include file paths to confidential data or configuration files.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia
Direct Download
Read full article as PDF:
Price $2.95
News
-
Tuxedo Computers Joins the Ryzen Bandwagon
Tuxedo Computers has released the Tuxedo Boot BA15 with an AMD Ryzen 3500 CPU.
-
Linux Apps on Windows Is Coming
Linux GUI apps will be coming to Windows Subsystem for Linux.
-
Linux Usage Is on the Rise
According to NetMarketShare, Linux saw a significant bump in usage during April.
-
Lenovo is Jumping on the Linux Laptop Bandwagon
PC and laptop maker Lenovo is set to release ThinkPad laptops pre-installed with Fedora Linux.
-
A New Linux Laptop Is in the Making
Manjaro Linux and TUXEDO computers have joined forces to develop the InfinityBook Manjaro.
-
Ubuntu 20.04 Has Been Released
The latest iteration of the user-friendly Linux distribution is now available.
-
Nextcloud Partners with IONOS
Nextcloud has partnered with Germany’s largest cloud provider, IONOS, to provide a safe haven for your data within the cloud.
-
Linux to Get High Resolution Wheel Scrolling
Work on high resolution wheel scrolling for the Linux desktop is being completed.
-
KDE Developers Are Working on a TV Interface
The developers of the KDE desktop are hard at work to create a TV interface.
-
System76 Is Developing a New Keyboard
The company behind the incredibly powerful Thelio desktop is developing a new keyboard.