When attempting to break into a wireless network, attackers often need to gather multiple authentication attempts which can take time. In this video, Mike Chapple explains how attackers can speed up this process by tricking wireless clients into reauthenticating via disassociation attacks. This technique may also be used to conduct a wireless denial of service attack.
- [Narrator] Clickjacking attacks are a form of cross-site request forgery. In a clickjacking attack, the attacker uses specialized HTML content to hide elements of a webpage behind other page elements. For example, an attacker might create a simple webpage like this, that shows a user some interesting content, and invites them to join a free mailing list. To join the list, they simply enter their email address and click the subscribe button. Unbeknownst to the user, there's another invisible link lurking behind the subscribe button.
That link might go directly to the follow link for a business's Twitter account. If the user happens to be already logged in to Twitter, the clickjacking effort results in a successful cross-site request forgery attack. And the user follows the business on Twitter, building that company's Twitter following. Cursorjacking is a specialized form of clickjacking where the attacker either hides the user's cursor, or puts a fake cursor on the screen to make the user think that they are pointing at one element of a page when they are actually clicking somewhere else.
It can be difficult to detect clickjacking attacks, but there are some security tools that make it easier. For example, the Noscript extension for Firefox includes a technology called Clear Click that analyzes webpages before a user clicks on them, and makes sure that the page displayed to the user doesn't contain any visually hidden elements. If the page contains suspicious content, Noscript warns the user that a clickjacking attack might be underway.
Clickjacking attacks are a dangerous form of cross-site request forgery that may be used for building social media followings, stealing money, and obtaining sensitive personal information.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities
Skill Level Beginner
IT Security Foundations: Core Conceptswith Lisa Bock1h 13m Beginner
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
2. Understanding Attackers
3. Understanding Attack Types
4. Wireless Attacks
5. Application Attacks
6. Social Engineering Attacks
7. Vulnerability Scanning and Penetration Testing
8. Impact of Vulnerabilities
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.