HOME

TheInfoList



Click Here for Items Related To - Login spoofing
OR:
Login spoofing on:   [Wikipedia]   [Google]   [Amazon]

Login spoofings are techniques used to steal a user's
password A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...
. The user is presented with an ordinary looking
login In computer security, logging in (or logging on, signing in, or signing on) is the process by which an individual gains access to a computer system or program by identifying and authenticating themselves. Typically, user credential ...
prompt for username and password, which is actually a malicious program (usually called a
Trojan horse In Greek mythology, the Trojan Horse () was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer, Homer's ''Iliad'', with the poem ending ...
) under the control of the
attacker {{For, the term "attacker" in computer security, Hacker (computer security), Adversary (cryptography), Adversary (online algorithm) In some team sports, an attacker is a specific type of player, usually involved in aggressive play. Heavy attacker ...
. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security. To prevent this, some
operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...
s require a special key combination (called a secure attention key) to be entered before a login screen is presented, for example
Control-Alt-Delete Control-Alt-Delete (often abbreviated to Ctrl+Alt+Del and sometimes called the "three-finger salute" or "Security Keys") is a computer keyboard command on IBM PC compatible computers, invoked by pressing the Delete key while holding the Control ...
. Users should be instructed to report login prompts that appear without having pressed this secure attention sequence. Only the kernel, which is the part of the operating system that interacts directly with the hardware, can detect whether the secure attention key has been pressed, so it cannot be intercepted by third party programs (unless the kernel itself has been compromised).


Similarity to phishing

While similar to login spoofing,
phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
usually involves a scam in which victims respond to unsolicited e-mails that are either identical or similar in appearance to a familiar site which they may have prior affiliation with. Login spoofing usually is indicative of a much more heinous form of vandalism or attack in which case the attacker has already gained access to the victim computer to at least some degree.


Internet

Internet-based login spoofing can be caused by * compromised sites * typosquatting


References


External links


IBM recommendation re possible Login spoofing
{{DEFAULTSORT:Login Spoofing Computer security exploits