1.) GIFAR:
Graphics Interchange Format Java Archives (GIFAR) was a malware that lets attacker piggy back victim’s HTTP cookies. This attack had been done by four persons namely John Heasman, Rob Carter, Nathan McFeters, and Billy Rios. We are placing it at top because it was very widespread due to use of GIF (image file) and JAR (Java Archive). In this attack, GIF or JAR file executes a malicious code on the users’ side. This attack was not able to execute automatically, but users need to be logged in on the website hosting the image.
2.) Google Gears Cross-Origin Model Exploit:
This hacking attack was done by Yair Yamit and it was related to abusing the Google Gears loader’s tendency in order to disregard a Gears workers file header as it loads it. Google Gear is a browser extension that lets developers create richer and responsive web application. In this attack, attacker create a text file that has malicious gear commands.
4.) Clickjacking:
This attack was discovered by Robert Hansen and Jeremiah Grossman. They Demonstrated that stealing the “clicks” away from users via link redirects or streaming videos is possible care of an arbitrary JavaScript code. This attack was mostly used against Facebook and Twitter to gain likes and followers.
4.) The Safari Bomber:
This attack had been discovered by Nitesh Dhanjani. He revealed that a rogue website has the capability to “carpet bomb” a user’s Windows desktop or Mac OS X’s downloads directory with malicious codes using the Safari browser.
5.) Opera Exploitation:
This attack had been done by Stefano Di Paola. He demonstrated that exploitation of opera mostly revolves around stealing history, creating a botnet, or redirecting users to a hacker-controlled rogue website.
6.) HTML 5 Abuse:
This attack was discovered by Alberto Trivero. He demonstrated that structured client-side storage technology of HTML 5 is very, very vulnerable to an assortment of creative and not-so-creative hacker techniques all aimed at stealing stored data from a target’s computer.
7.) Flash Parameter Injection:
This attack was discovered by Adi Sharabani, Ayal Yogev, and Yuval Baror. They produced that a presentation showcasing just how a cyber attack could use the Flash parameter to load malicious movies and attack a Flash-based system even after the vulnerability is patched. You can read more about this attack here.
Graphics Interchange Format Java Archives (GIFAR) was a malware that lets attacker piggy back victim’s HTTP cookies. This attack had been done by four persons namely John Heasman, Rob Carter, Nathan McFeters, and Billy Rios. We are placing it at top because it was very widespread due to use of GIF (image file) and JAR (Java Archive). In this attack, GIF or JAR file executes a malicious code on the users’ side. This attack was not able to execute automatically, but users need to be logged in on the website hosting the image.
2.) Google Gears Cross-Origin Model Exploit:
This hacking attack was done by Yair Yamit and it was related to abusing the Google Gears loader’s tendency in order to disregard a Gears workers file header as it loads it. Google Gear is a browser extension that lets developers create richer and responsive web application. In this attack, attacker create a text file that has malicious gear commands.
4.) Clickjacking:
This attack was discovered by Robert Hansen and Jeremiah Grossman. They Demonstrated that stealing the “clicks” away from users via link redirects or streaming videos is possible care of an arbitrary JavaScript code. This attack was mostly used against Facebook and Twitter to gain likes and followers.
4.) The Safari Bomber:
This attack had been discovered by Nitesh Dhanjani. He revealed that a rogue website has the capability to “carpet bomb” a user’s Windows desktop or Mac OS X’s downloads directory with malicious codes using the Safari browser.
5.) Opera Exploitation:
This attack had been done by Stefano Di Paola. He demonstrated that exploitation of opera mostly revolves around stealing history, creating a botnet, or redirecting users to a hacker-controlled rogue website.
6.) HTML 5 Abuse:
This attack was discovered by Alberto Trivero. He demonstrated that structured client-side storage technology of HTML 5 is very, very vulnerable to an assortment of creative and not-so-creative hacker techniques all aimed at stealing stored data from a target’s computer.
7.) Flash Parameter Injection:
This attack was discovered by Adi Sharabani, Ayal Yogev, and Yuval Baror. They produced that a presentation showcasing just how a cyber attack could use the Flash parameter to load malicious movies and attack a Flash-based system even after the vulnerability is patched. You can read more about this attack here.
Out Of Topic Show Konversi KodeHide Konversi Kode Show EmoticonHide Emoticon