 - A vandal is an executable file, usually an applet or an ActiveX control, associated with a Web page that is designed to be harmful, malicious, or at the very least inconvenient to the user. Since such applets or little application programs can be embedded in any HTML file, they can also arrive as an e-mail attachment or automatically as the result of being pushed to the user. Vandals can be viewed as viruses that can arrive over the Internet stuck to a Web page. Vandals are sometimes referred to as "hostile applets."
Vandals can be harmful in two general ways:
- They can get access to sensitive information within the computer system where they execute, such as passwords and encryption keys.
- They can cause loss or denial of service within the local computer system. For example, they can flood the system with data so that it runs out of memory, or they can slow down Internet connections.
The best way to protect yourself against a hostile applet is to know who you are downloading a Web page from or who has sent you an HTML page as an e-mail attachment. Major corporate Web sites or major Web publishers are unlikely to be the source of a vandal (but it can happen). One recent scam in late 1997 involved a pornography site that invited the downloading of a page whose ActiveX control reconnected the user to the Web through an expensive international phone number. In another incident, a group of German crackers demonstrated an ActiveX control that could transfer funds from one bank account to another without having to enter a user identification number.
 |
Learn more about Web Application Security |
| Web Application Attacks Learning Guide: This guide explains how Web application attacks occur, identifies Web application attacks, and provides Web application security tools and tactics to protect against them. |
| Information security book excerpts and reviews: Visit the Information Security Bookshelf for book reviews and free chapter downloads. |
| Quiz: Could you detect an application attack?: Test your application security awareness, review common application attacks and learn how to improve application layer logging to detect and protect against these attacks. |
| Web Application Attacks Learning Guide: This guide explains how Web application attacks occur, identifies Web application attacks, and provides Web application security tools and tactics to protect against them. |
| State-based attacks: Session management: This excerpt reviews session management techniques developers can use to protect against session hijacking and other Web application attacks. |
| Content Spoofing: This excerpt from "Preventing Web Attacks with Apache" explains how content spoofing attacks exploit vulnerabilities and how to use Apache to protect against them. |
| CONTRIBUTORS: |
Yuval Nesher |
| LAST UPDATED: |
26 Jul 2001
|
 |
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
|
More resources from around the web:
|
|
Show me everything on 
