cut-and-paste attack
Home > Security Definitions - Cut-and-paste attack
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

cut-and-paste attack

Show me everything on Enterprise Data Governance

DEFINITION - A cut-and-paste attack is an assault on the integrity of a security system in which the attacker substitutes a section of ciphertext (encrypted text) with a different section that looks like (but is not the same as) the one removed. The substituted section appears to decrypt normally, along with the authentic sections, but results in plaintext (unencrypted text) that serves a particular purpose for the attacker. Essentially, the attacker cuts one or more sections from the ciphertext and reassembles these sections so that the decrypted data will result in coherent but invalid information. Cut-and-paste is a type of message modification attack: the attacker removes a message from network traffic, alters it, and reinserts it. This is called an active attack, because it involves an attempts to change information; in comparison, a passive attack, such as password sniffing, seeks information but does not itself modify the valid information, although it may be used in conjunction with an active form of attack for various purposes.

When the data modified in the attack involves critical enterprise or personal information, the cut-and-paste attack can pose a serious threat to security. A typical use for a cut-and-paste attack is the modification of information on a customer order form for the purchase of goods or services over the Web. The attacker modifies the form so that the victim's credit card number is sent to the vendor but other information - such as the attacker's chosen delivery address and the type or quantity of goods ordered - is "pasted" into the form which the customer's valid information has been "cut". The apparently unaltered form, assembled from a "cut-and-pasted" combination of valid and invalid data, is submitted to the vendor.

Learn more about Enterprise Data Governance
Quiz: Data loss prevention: Take this five-question quiz to test your knowledge of Rich Mogull's data loss prevention material.
Quiz:: E-discovery and security in the enterprise: Take this five-question quiz to evaluate your knowledge of the e-discovery material presented in this Data Protection Security School lesson.
The Craft of System Security: In this excerpt from, The Craft of System Security, authors Sean Smith and John Marchesini explain how an adversary can extract 'erased' data from a device.
Information Security Governance Guide: This guide provides an introduction to what information security governance and a security program are, and examines how to deploy security policies within any environment.
Business continuity planning standards and guidelines: An excerpt from Chapter 1: Contingency and Continuity Planning of "Business Continuity and Disaster Recovery for InfoSec Managers," by John W. Rittinghouse and James F. Ransome.

LAST UPDATED: 04 Jun 2007

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- The Sixth USENIX Security Symposium provides information about "Problem Areas for the IP Security Protocols."





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
Creating an enterprise data protection framework
By creating a data protection plan, security professionals are able to ensure valuable data remains under control and make more effective use of the...
Analyst DLP study finds maturity, ranks top DLP vendors
A Burton Group study identified the leaders in the data leakage prevention market and found some enterprises deploying the technology to educate end...
Voltage, RSA spar over tokenization, data protection
Voltage cites performance issues and the creation of a repository of cardholder data an attractive target for attackers. RSA calls Voltage's claims...

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
data masking  (SearchSecurity.com)
Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as...
data splitting  (SearchSecurity.com)




Get More cut-and-paste attack Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts