|
|
|
|
|
|
|
|
|
Pass the hash
Глоссарий терминов по социальной инженерии и информационной безопасности |
Many users erroneously believe that hashed passwords stored in their internet browser cannot be used in attacks. in reality, however, attackers can use what are known as “hash dumping tools” which collect hashed passwords from a target (windows) system. these can then be stored in the local authority subsystem service, which dupes the windows system into thinking the attacker is an authenticated user.
|
|
Authenticated, английский
|
Personally identifiable information (pii), английский
Any information, such as date of birth, credit card details, home address, driving license information etc., can be classified as pii. there is a thriving black market for pii on the so-called “dark web”, which can be used for identity theft and fraud.
Out of band (oob) authentication, английский
The use of a separate communication channel, such as an email, telephone, or in-person request, to verify the veracity of a request. this is considered to be a type of two-factor authentication. many high-profile phishing and cyber-attacks on organisations might have been averted if employees had been trained to use oob authentication.
|
|
|
|
|
|
|