Some web applications send unnecessary information to attackers
Surfing the Side
Sometimes error messages or log entries are too verbose for their own good, disclosing valuable information to attackers.
If you believe the movies, expert hackers only need to type a few cryptic characters at the command line to gain full access to the target within seconds. In reality, however, attacks on IT systems are usually not so easy to accomplish. Instead, the attacker sometimes needs days or weeks to succeed. During this time, the intruder explores the system to find a way around defensive measures, determines the best strategy for the attack, and avoids telltale log entries. Such attacks often occur in several successive steps and are called side channel attacks if they exploit hidden information just from observing the target system.
If this scrutiny relates to the hardware, it can include runtimes, processor power consumption, or electromagnetic radiation; if the intruder is focused on software resources, the attack might center on error messages or log entries. An intruder who is looking for information on the software might try to find out the version and patch level of the operating system, the database, the network components, or any active applications. The study might also include file paths to confidential data or configuration files.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia
Direct Download
Read full article as PDF:
Price $2.95
News
-
Linux Mint Edge Is Ready for the Newest Hardware
With the release of Linux Mint 20.03 comes a new version geared for newer hardware.
-
Linux Mint 20.3 Now Available
That latest release of Linux Mint is now available for general use and offers a polished, but less Mint-y theme.
-
Linux is Getting an Exciting New Firmware Feature
Intel is bringing a new driver to the 5.17 kernel that will make it possible to update firmware without a reboot.
-
Elementary OS 6.1 Has Been Released
The .1 version of the sixth iteration of elementary OS (named Odin) is now available for download and takes the distribution to new heights of refinement.
-
Linux Mint 20.3 Beta is Now Available
The developers of Linux Mint have made the beta of their latest release available for download and installation.
-
EndeavorOS 21.4 Has Arrived
Arch-based EndeavorOS 21.4 is finally available for download with plenty of new features and improvements.
-
NixOS 21.11 Now Available for Download
NixOS “Porcupine” has been made available for installation and includes numerous improvements.
-
KDE Plasma Developers Introduce a GNOME-Like Overview
A new overview effect makes it easier for users to interact with both Plasma Activities and Virtual Desktops.
-
Rocky Linux 8.5 Now Available with Secure Boot Support
The latest iteration of CentOS alternative, Rocky Linux has arrived and includes numerous updates as well as support for Secure Boot.
-
System76 Developing a New Desktop Environment
The makers of Pop!_OS are currently in the early stages of creating a brand new, non-GNOME, desktop environment.