cut-and-paste attack

When the data modified in the attack involves critical enterprise or personal information, the cut-and-paste attack can pose a serious threat to security. A typical use for a cut-and-paste attack is the modification of information on a customer order form for the purchase of goods or services over the Web. The attacker modifies the form so that the victim's credit card number is sent to the vendor but other information - such as the attacker's chosen delivery address and the type or quantity of goods ordered - is "pasted" into the form which the customer's valid information has been "cut". The apparently unaltered form, assembled from a "cut-and-pasted" combination of valid and invalid data, is submitted to the vendor.

Read more about cut-and-paste attack: - The Sixth USENIX Security Symposium provides information about "Problem Areas for the IP Security Protocols." - SearchSecurity.com offers Best Web Links to information about "Data Protection."

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Tumbleweed merger seen as a negative for email security customers Email security vendor Tumbleweed will merge with Axway, in a deal that one analyst calls a death knell for the vendor. Secure messaging complications result in limited protection The market is hindered by multiple standards and deployment options, analyst says. Information security book excerpts and reviews Visit the Information Security Bookshelf for book reviews and free chapter downloads.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary asymmetric cryptography  (SearchSecurity.com) Asymmetric cryptography is cryptography in which a pair of keys is used to encrypt and decrypt a message so that it arrives securely. Initially, a... cryptographic checksum  (SearchSecurity.com)