Forgeries (pemalsuan)
-> Fake Email
-> Fake Website
-> Fake Code, cth pdf reader fake, antivirus fake
Vulnerability:
-) Integrity Failure
Attack Details:
1. Website Defacement: mengubah konten sebuah web
2. Subtitute Content of Real Website: ubah sbagian kcl dr web, tujuan agar user ga aware
3. Fake Email Message: tujuan utk phising -> memancing org utk memberikan private data
4. Fake/Inaccurate Email Header Data: email from siapa bs diedit
5. Web Bug: adalah sbuah invisible image (1 * 1 pixel image), utk memberikan data yg diinginkan
6. Clickjacking: bikin user agree tanpa sadar
7. SQL injection: mengubah statement agar menjalankan yg user inginkan
Countermeasure:
Digital Signature
-> Properties of Digital Signature:
1. Nonrepudiation
2. Authenticity
3. Must be unforgeable, not alterable, not reusable.
*) Encryption vs Hash
Hash:
- one way function
- tujuan: biar bs tau data diubah" atau ngga
Encryption:
- two way function (encrypt -> decrypt / decrypt -> encrypt)
- tujuan: biar message ga langsung bs dibaca sama org
0 comments:
Post a Comment