Login spoofing

Short description: Techniques used to steal a user's password

Login spoofings are techniques used to steal a user's password.^[1]^[2] The user is presented with an ordinary looking login prompt for username and password, which is actually a malicious program (usually called a Trojan horse) under the control of the attacker. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security.

To prevent this, some operating systems require a special key combination (called a secure attention key) to be entered before a login screen is presented, for example Control-Alt-Delete. Users should be instructed to report login prompts that appear without having pressed this secure attention sequence. Only the kernel, which is the part of the operating system that interacts directly with the hardware, can detect whether the secure attention key has been pressed, so it cannot be intercepted by third party programs (unless the kernel itself has been compromised).

Similarity to phishing

While similar to login spoofing, phishing usually involves a scam in which victims respond to unsolicited e-mails that are either identical or similar in appearance to a familiar site which they may have prior affiliation with. Login spoofing usually is indicative of a much more heinous form of vandalism or attack in which case the attacker has already gained access to the victim computer to at least some degree.

Internet

Internet-based login spoofing^[3] can be caused by

compromised sites
those named similarly to legitimate sites: typos bring people there.^{[citation needed]}

References

↑ Bongsik Shin (2017). A Practical Introduction to Enterprise Network and Security Management. ISBN 978-1498787987. https://books.google.com/books?isbn=1498787983.
↑ "CSE 380 Computer Operating Systems" (ppt). University of Pennsylvania. 2 December 2003. p. 35. http://www.cis.upenn.edu/~lee/03cse380/lectures/ln22-security-v3.ppt. Retrieved 6 April 2016.
↑ Emmett Dulaney (2011). CompTIA Security+ Deluxe Study Guide: SY0-201. ISBN 978-0470439852. https://books.google.com/books?isbn=0470439858.

External links

IBM recommendation re possible Login spoofing

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/Login spoofing. Read more

[1] Bongsik Shin (2017). A Practical Introduction to Enterprise Network and Security Management. ISBN 978-1498787987. https://books.google.com/books?isbn=1498787983.

[2] "CSE 380 Computer Operating Systems" (ppt). University of Pennsylvania. 2 December 2003. p. 35. http://www.cis.upenn.edu/~lee/03cse380/lectures/ln22-security-v3.ppt. Retrieved 6 April 2016.

[3] Emmett Dulaney (2011). CompTIA Security+ Deluxe Study Guide: SY0-201. ISBN 978-0470439852. https://books.google.com/books?isbn=0470439858.

[1]

[2]

[3]

Anonymous

Search

Login spoofing

Namespaces

More

Page actions

Contents

Similarity to phishing

Internet

References

External links

Navigation

Navigation

Help

Translate

Wiki tools

Wiki tools

Anonymous

Search

Login spoofing

Similarity to phishing

Internet

References

External links

Navigation

Wiki tools

Page tools

Other projects

Categories