Login spoofing

Login spoofing

Login spoofing is a technique used to obtain a user's password. The user is presented with an ordinary looking login prompt for username and password, which is actually a malicious program, usually called a Trojan horse under the control of the attacker. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security.

To prevent this, some operating systems require a special key combination (called a Secure attention key) to be entered before a login screen is presented, for example Control-Alt-Delete. Users should be instructed to report login prompts that appear without having pressed this secure attention key. Only the kernel, which is the part of the operating system that interacts directly with the hardware, can detect whether the secure attention key has been pressed, so it cannot be intercepted by third party programs, unless the kernel itself has been compromised.

Login spoofing can be considered a form of social engineering.

imilarity to phishing

Whereas the concept of phishing usually involves a scam in which victims respond to unsolicited e-mails that are either identical or similar in appearance to a familiar site which they may have prior affiliation with, login spoofing usually is indicative of a much more heinous form of vandalism or attack in that the attacker has already gained access to the victim computer to at least some degree.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Login — In computer security, login (logging or signing in) is the process by which individual access to a computer system is controlled by identification of the user using credentials provided by the user. A user can log in to a system to obtain access …   Wikipedia

  • Spoofing attack — In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. Man in the middle attack and internet… …   Wikipedia

  • Referer spoofing — In computer security, referer spoofing or ref tar spoofing is the sending of incorrect referer information along with an HTTP request, sometimes with the aim of gaining unauthorized access to a web site. It can also be used because of privacy… …   Wikipedia

  • Password cracking — is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. The purpose of password cracking might be to help a user recover a… …   Wikipedia

  • Trusted path — A trusted path is simply some mechanism that provides confidence that the user is communicating with what the user intended to communicate with, ensuring that attackers can t intercept or modify whatever information is being communicated.As such… …   Wikipedia

  • Control-Alt-Delete — This article is about the keyboard combination. For a list of keyboard shortcuts, see Table of keyboard shortcuts. For other uses, see Control Alt Delete (disambiguation). The keys Control Alt Delete highlighted on a QWERTY keyboard. Control Alt… …   Wikipedia

  • Secure attention key — The secure attention key (SAK) is a special key combination to be entered before a login screen is presented. Examples are Control Alt Delete for Windows NT based systems (called Secure Attention Sequence), Control Alt Pause or the SysRq K… …   Wikipedia

  • Phishing — In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic… …   Wikipedia

  • Cisco NAC Appliance — Cisco NAC Appliance, formerly Cisco Clean Access (CCA), is a network admission control (NAC) system developed by Cisco Systems designed to produce a secure and clean network environment the NAC appliance is however still referred to as Cisco… …   Wikipedia

  • Comparison of privilege authorization features — A number of computer operating systems employ security features to help prevent malicious software from gaining sufficient privileges to compromise the computer system. Operating systems lacking such features, such as DOS, Windows implementations …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”