Revolution Against Cyber Thefts

Elevation of Privilege, in a nutshell, is the act of gaining access to information, data, or code that otherwise not allowed under the current user’s privilege.   Every user account has a set of access right assigned to fit the account holder’s function.   Traditionally, user privileges are divided into groups like administrative, operation, and view only.   Each user is assigned to one or more groups and has the privileges assigned to the groups.   In a more sophisticated system, users in the same groups can have different access rights.   There are two types of privilege elevations, vertical privilege elevation, and horizontal privilege elevation.    Vertical privilege elevation is when a user gains the privileges of another user whose access right is higher than himself or herself.   An example of this is the sudo command in Debian Linux systems.   Normal user can perform superuser operation when added to the sudo list....

When thinking of denial of service (DoS) attack, we probably think of a scenario where a computer overloads a target machine by sending so many requests.  That immediately leads us to another scenario where one source controls more than one computers to send messages to a single target.  That scenario is called a distributed denial of service (DDoS) attack.  In 2017, SecurityWeek.com reported a case that hackers gained control over thousands of IP security cameras (Kovacs).   Those cameras became zombie devices and were controlled by the hackers to engage DDoS attack.   These scenarios are just two of the many ways to do a DoS attack.  The purpose of DoS is to make the data unavailable to the authorized users.  DoS can target data, information, storage, software, computing process, communication, protocol, and many others. Data normally goes through three stages during operation.   It starts from user input, transition into memory, a...

(inzeed.files.wordpress.com)   When protocols like Telnet, FTP, HTTP were introduced, people were not aware of how insecure they are.  Many people thought that the data is secured by the authentication (basic authentication) mechanism.  That was how I thought until eavesdropping and man in the middle attacks came into play.  However, Information Disclosure is not just about communication.  It also expands to things that we do in everyday life. When you see an executive of a company drives a car with the karate sticker on their car, you may think it just a sticker and there is not anything special about it.   However, to some other people, it is a good piece of information.   If it were a social engineer who tries to get information about the company where the executive works, the little sticker can be very beneficial.   From the sticker, the social engineer can find out about the martial art school, their schedule, the executive’s prac...