Abstract
Although the advance of ICT serves convenient lives, the adverse effect lies behind. Attacks such as spreading malicious code and luring users to fake websites via SMS or E-mail using social engineering have often occurred. Phishing, pharming, and smishing are getting diversified recently. The authentication of most websites is processed by simply using ID and password is the reason why the attack methods have been changing. Internet users are vulnerable in the process of authentication because they set and use an identical ID and similar password on different websites. This study discusses the length-related password vulnerability and introduces the method with which a hacker lures Internet users and seizes the users’ ID and password as well as password generation pattern. The paper also suggests that an additional and improved process is necessary to prevent various attacks like seizing account by the attacker.
References
Mun, Hyung-Jin, Ju, Youngkwan, Yoo, Jinho: Multiple authentication system for privacy protection and efficient user authentication. Int. J. Adv. Comput. Technol. 5(13), 251–256 (2013)
Lee, A.: Authentication scheme for smart learning system in the cloud computing environment. J. Comput. Virol. Hack. Techn. 11(3), 149–155 (2015)
Li, L., Helenius, M.: Usability evaluation of anti-phishing toolbars. J. Comput. Virol. 3(2), 163–184 (2007)
Abbasi, A.: Enhancing predictive analytics for anti-phishing by exploiting website genre information. J. Manag. Inf. Syst. 31(4) (2015)
Brody, R.G., Mulig, E., Kimball, V.: Phishing, pharming and identity theft. J. Acad. Acc. Financ. Stud. 11, 43–56 (2007)
Kang, A., Lee, J., Kang, W., Barolli, L., Park, Jonghyuk: Security considerations for smart phone smishing attacks. Adv. Comput. Sci. Appl. Lect. Notes Electr. Eng. 279, 467–473 (2014)
Nicomette, V., Kaâniche, M., Alata, E., Herrb, M.: Set-up and deployment of a high-interaction honeypot: experiment and lessons learned. J. Comput. Virol. 7(2), 143–157 (2011)
Joshi, R.C., Sardana, A.: Honeypots: a new paradigm to information security. CRC Press, New York (2011)
Marechal, S.: Advances in password cracking. J. Comput. Virol. 4(1), 73–81 (2008)
Sprengers, M., Batina, L.: Speeding up GPU-based password cracking, SHARCS 2012, Washington D.C. (2012)
Goodin, D.: 25-GPU cluster cracks every standard Windows password in 6 hours. http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/
Google, Sign in with your Google Account. https://www.google.com/accounts/recovery. Accessed 3 Mar 2016
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mun, HJ., Han, KH. Blackhole attack: user identity and password seize attack using honeypot. J Comput Virol Hack Tech 12, 185–190 (2016). https://doi.org/10.1007/s11416-016-0270-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-016-0270-6