hijacking

Another form of hijacking is browser hijacking, in which a user is taken to a different site than the one the user requested. There are two different types of domain name system (DNS) hijacking. In one, the attacker gains access to DNS records on a server and modifies them so that requests for the genuine Web page will be redirected elsewhere - usually to a fake page that the attacker has created. This gives the impression to the viewer that the Web site has been compromised, when in fact, only a server has been. In February 2000, an attacker hijacked RSA Security's Web site by gaining access to a DNS server that was not controlled by RSA. By modifying DNS records, the attacker diverted requests to a spoof Web site. It appeared to users that an attacker had gained access to the actual RSA Web site data and changed it - a serious problem for a security enterprise. This type of hijacking is difficult to prevent, because administrators control only their own DNS records, and have no control over upstream DNS servers. In the second type of DNS hijack, the attacker spoofs valid e-mail accounts and floods the inboxes of the technical and administrative contacts. This type of attack can be prevented by using authentication for InterNIC records.

In another type of Web site hijack, the perpetrator simply registers a domain name similar enough to a legitimate one that users are likely to type it, either by mistaking the actual name or through a typo. This type of hijack is currently being employed to send many unwary users to a pornographic site instead of the site they requested.

Learn more about PKI and Digital Certificates

	Identity and Access Management Services, Systems and Technologies: This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan.
Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures: In an excerpt from Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures, authors Peter Thermos and Ari Takanen discuss the strengths and weaknesses of SRTP.
Secure user authentication: Regulations, implementation and methods: Learn about the FFIEC's mandate, how to choose the right authentication option for diverse user communities and how to implement an authentication strategy.
XML Security Learning Guide: Securing XML is an essential element in keeping Web services secure. This SearchSecurity.com Learning Guide is a compilation of resources that review different types of XML security standards and ...
Spy vs. Spy: Excerpt from Chapter 6 of Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day.
Best practices in Internet security: The Access Certificates for Electronic Services Program: The Access Certificates for Electronic Services Program (ACES) brings multiple PKI service providers together into an interoperable public key infrastructure (PKI) for use by government entitites and ...

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - Angelfire.com offers "Something Old, Something New: DNS Hijacking." - Hijacking is mentioned in a paper on "Internet Security." - SearchSecurity.com provides links to more about hijacking and other forms of network intrusion.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Best Authentication Products Readers vote on the best digital identity verification products, services, and management systems, including PKI, hardware and software tokens, smart... DoD urges less network anonymity, more PKI use At Black Hat USA 2009, DoD CISO Robert Lentz says more technology is needed to protect both private and government networks from cybercriminals. Researchers to demonstrate new EV SSL man-in-the-middle hacks Security researchers Alexander Sotirov and Mike Zusman will demonstrate new offline man-in-the-middle hacks against extended validation SSL...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary authentication server  (SearchSecurity.com) An authentication server is an application that facilitates authentication of an entity that attempts to access a network...(Continued) Certificate Revocation List  (SearchSecurity.com)