LIVE GST Certification Course by CA Arun Chhajer begins 27th April. Register Now!!

Isca ch 3 spoofing

Amol (Accounting) (432 Points)

05 August 2018

Can anyone please explain meaning of follo. lines from SM : A penetrator makes user think that he/she is interacting with OS. eg. A penetrator duplicates login procedures, captures user's password, attempts for system crash and makes the user login again.

Reply
Follow
Share

5 Replies

nishad goliwadekar (77 Points)
Replied 05 August 2018

This is real life example I had come across a few years back. Relate this, with the definition you sent.

Once there was this offer going on for buying mobiles at ridiculous prices, like Rs.1.

The website name they used was, say Flipkart.

So when you open this link it takes you to the page where you can see this offer. Then all you had to do is add the item to the cart and checkout. But then it asked you to log in to your account.

Innocently enough any user will use his genuine account id and password (after all you're getting a brand new phone for Rs. 1)

And once a user logs in to it.. Some ridiculous message is displayed and its then that you realise all this was just a fraud link.

In this case,
Either they got your genuine id password or they got enough information about you, things like name, address and phone number.

Hope this helps.

Amol (Accounting) (432 Points)
Replied 05 August 2018

Yes.Thanks. I get it. But what I am not understanding is the meaning of last two lines viz.attempts for system crash and makes the user login again.

Lakshmi Venugopal (Chartered Accountant) (136 Points)
Replied 05 August 2018

As in the above situation, once the user gives in necessary login details, the system will crash, say it will give messages like website cannot be loaded and please enter the details again or something like that. ie. user won't be able to complete the task but the penetrater gets all valid details.

Amol (Accounting) (432 Points)
Replied 05 August 2018

Then Why will it make or ask the user to login again?

Lakshmi Venugopal (Chartered Accountant) (136 Points)
Replied 06 August 2018

It merely means that the penetrater uses a similar interface to prompt the user to enter his details. Once the penetrater gets all details, the link will become crash or useless. User won't be able to login again or how many times he tries to login bcoz the said link is not genuine.