| Oracle® Adaptive Access Manager Reference Guide Release 10g (10.1.4.5) Part Number E12054-03 |
|
|
View PDF |
| Oracle® Adaptive Access Manager Reference Guide Release 10g (10.1.4.5) Part Number E12054-03 |
|
|
View PDF |
In today's online environment, real-time fraud detection and multifactor online authentication security have become necessities.
Consumers are wary of sophisticated online attacks
Industry and Government continue to raise the bar with regulations
This chapter contains a list of definitions that are prevalent in today's fraud related discussions. These definitions are extracted from Wikipedia (http://www.wikipedia.org/).
(In Alphabetical Order)
Internet bots, also known as web robots, WWW robots or simply bots, are software applications that run automated tasks over the internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human editor alone. The largest use of bots is in web spidering, in which an automated script fetches, analyses and files information from web servers at many times the speed of a human. Each server can have a file called robots.txt, containing rules for the spidering of that server that the bot is supposed to obey.
Carding is a term used for a process to verify the validity of stolen card data. The thief presents the card information on a website that has real-time transaction processing. If the card is processed successfully, the thief knows that the card is still good. The specific item purchased is immaterial, and the thief does not need to purchase an actual product; a Web site subscription or charitable donation would be sufficient. The purchase is usually for a small monetary amount, both to avoid using the card's credit limit, and also to avoid attracting the bank's attention. A website known to be susceptible to carding is known as a cardable website.
Click fraud is a type of internet crime that occurs in pay per click online advertising when a person, automated script, or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ad's link. Click fraud is the subject of some controversy and increasing litigation due to the advertising networks being a key beneficiary of the fraud.
Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. These categories are not exclusive and many activities can be characterized as falling in one or more category. Additionally, although the terms computer crime or cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, these terms are also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used to facilitate the illicit activity.
Keystroke logging (often called keylogging) is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Such systems are also highly useful for law enforcement and espionage-for instance, providing a means to obtain passwords or encryption keys and thus bypassing other security measures. However, keyloggers are widely available on the Internet and can be used by private parties to spy on the computer usage of others.
Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a portmanteau of the words "malicious" and "software". The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
In cryptography, a man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. The MITM attack can work against public-key cryptography and is also particularly applicable to the original Diffie-Hellman key exchange protocol, when used without authentication.
How Oracle Adaptive Access Manager protects against MITM attacks:
Oracle Adaptive Access Manager incrementally secure credentials or sensitive data, even on a compromised computer and/or Internet connection. The Adaptive Strong Authenticator Virtual Authentication devices do not require the end user to enter the data nor send the sensitive data in raw form. This eliminates the opportunity for Trojans, keyloggers, screen scrapers, and man-in-the-middle attacks to steal the data. Data is secured as it is entered on a user's machine and as it is transmitted over the wire.
Adaptive Strong Authenticator uses the following encryption methods to prevent man-in-the-middle attacks and keyloggers from sniffing out a user's keystrokes:
An encryption method that foils mouse click loggers by "jittering" our device image for each new session
A method for randomizing the file size of our device image for each new session, to foil automated image-based dictionary attack
Randomization of measurable properties (size, position, checksum, relative values etc.) in each session to protect against software-based automated OCR (image capture) attacks
An OTP-like encryption method which ensures data corresponding behind the image (for example numeric data on a PinPad) is randomized every time it is transmitted to the server to secure data over the wire. This is referred to as "data encryption"
A second encryption method which ensures the entire virtual authentication device image is recompiled, in unique fashion, on the server, for each session to protect against software-based automated OCR (image capture) based attacks. This is referred to as "checksum encryption"
For example, a one-time-password-like unique mapping is created and stored in the server prior to the Virtual Authentication Device (i.e. KeyPad, PinPad, etc.) rendering on the user's browser. When a user enters the credentials using the device, the credentials are decoded once it reaches the server. This pre-generated unique mapping is then used to decode the credentials.
Only Adaptive Strong Authenticator has a way to enter sensitive data over the Web, without hardware, device or downloads, in a manner that attackers cannot easily decipher, either as it is being entered on a user's machine, or as it is being transmitted over the wire. In addition, each virtual authentication device contains a security feature of the time stamp (freshness) to protect against images being re-used for fraud.
Pharming (pronounced farming) is a cracker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real addresses - they are the "signposts" of the Internet. Compromised DNS servers are sometimes referred to as "poisoned". The term pharming is a word play on farming and phishing. The term phishing refers to social engineering attacks to obtain access credentials such as user names and passwords. In recent years both pharming and phishing have been used to steal identity information. Pharming has become of major concern to businesses hosting ecommerce and online banking websites. Sophisticated measures known as anti-pharming are required to protect against this serious threat. Antivirus software and spyware removal software cannot protect against pharming.
In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay and Pay Pal are two of the most targeted companies, and online banks are also common targets. Phishing is typically carried out by email or instant messaging, and often directs users to give details at a website, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.
The term Session Hijacking refers to the exploitation of a valid computer session - sometimes also called a session key - to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer.
Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant, and can be as simple as photocopying of receipts. More imaginative routes are possible; an episode of The Sopranos showed how a compromised magnetic stripe reader could store account information for later use. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. The skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4 digit Card Security Code which is not present on the magnetic strip. Many instances of skimming have been reported where the perpetrator has put a device over the card slot of a public cash machine (Automated teller machine), which reads the magnetic strip as the user unknowingly passes their card through it. These devices are often used in conjunction with a pinhole camera to read the user's PIN at the same time.
Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.
Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.
In the context of computer software, a Trojan horse is a program that installs malicious software while under the guise of doing something else. Though not limited in their payload, Trojan horses are more notorious for installing backdoor programs which allow unauthorized non permissible remote access to the victim's machine by unwanted parties - normally with malicious intentions. Unlike a computer virus, a Trojan horse does not propagate by inserting its code into other computer files. The term is derived from the classical myth of the Trojan Horse. Like the mythical Trojan Horse, the malicious code is hidden in a computer program or other computer file which may appear to be useful, interesting, or at the very least harmless to an unsuspecting user. When this computer program or file is executed by the unsuspecting user, the malicious code is also executed resulting in the set up or installation of the malicious Trojan horse program. (See Social engineering.)
A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. The original may modify the copies or the copies may modify themselves, as occurs in a metamorphic virus. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable medium such as a floppy disk, CD, USB drive or by the Internet. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with computer worms and Trojan horses. A worm can spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a file that appears harmless until executed.
Wire transfer networks such as the international SWIFT interbank fund transfer system are tempting as targets as a transfer, once made, is difficult or impossible to reverse. As these networks are used by banks to settle accounts with each other, rapid or overnight wire transfer of large amounts of money are commonplace; while banks have put checks and balances in place, there is the risk that insiders may attempt to use fraudulent or forged documents which claim to request a bank depositor's money be wired to another bank, often an offshore account in some distant foreign country.
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms always harm the network (if only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted computer.
|
 Copyright © 2008, 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
