Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
Tomaszz2019-02-15 17:46:04
Information Security
Tomaszz, 2019-02-15 17:46:04

How real is such a network attack?

(If it is possible, of course)
If modern programs support the ability to install over the Network, then how realistic is the scenario when attackers, who listen in advance to traffic, inject malicious code / files during such installation of the program by the user? That is, is it possible to launch a Trojan on a user's machine with full access to its network traffic?
And the second question, also related to network security. What could be the reason that after installing the program and rebooting (or just rebooting), you have to re-enter the password to connect to Wi-Fi, although the first time you connected, you clearly checked the box to save the password and auto-connect? And the fact that I chose this particular option "Connect automatically" can be seen from the fact that after the OS starts, there is a connection to this Wi-Fi point, but the connection does not occur (no error is displayed). If you click on Wi-Fi, it just shows the password input window along with the "Connect automatically" option, that is, as if for the first time.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
V
Vladimir Dubrovin, 2019-02-15
@z3apa3a

More than real, the first examples of a similar attack can be attributed to the year 99
https://en.wikipedia.org/wiki/Happy99
This is a worm that analyzed network traffic and clung to sent letters.

Report
A
athacker, 2019-02-16
@athacker

Attacks of this kind are not just real, they occur periodically "in the fields." There is not quite a substitution of traffic in the response, there is rather a substitution of your server with a file pre-assembled for a specific victim. That is, the victim believes that he is downloading updates to 1C from the 1C site, but in fact (by changing the DNS response, for example), he is downloading a binary from a completely different site, and this binary, in addition to 1C updates, also contains "some functionality" , which implements the tasks of the attacker.
Or even more interesting - they are introduced into the developer's infrastructure, and add "their version" of the update binary either to the update server, or even to the source code repository, this very "certain functionality". And when the package is being built, then from a completely legal update server, clients will receive slightly modified updates. See the story of MeDoc and the Petya ransomware. Scientifically, such an attack is called a "supply chain attack".

Similar questions
D
dm2015-05-29 13:19:38
The name of the Cyrillic font in the picture? 6Reply
L
lakemiller2019-05-09 08:00:20
Is mobile hotspot secure and how can it be secure? 1Reply
S
squidw2016-12-11 22:47:45
Distribution of access rights for administrators of different levels? 2Reply
L
Lucky_mak2016-12-15 23:13:30
Is it possible to encrypt GPT disks in AHCI with W.10 on board using Veracrypt 1.19 so as not to break anything? 0Reply
X
Xymis2021-01-16 00:38:21
How to design the cryptosystem of the next venture? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question