Shoulder surfing attack что это
shoulder surfing
поиск с подглядыванием
Угроза безопасности, которая собирает информацию в местах с интенсивной деятельностью путем наблюдения за нажатием клавиш, чтения с экрана подвижного терминала или прослушивания звуков, исходящих от подвижного терминала (МСЭ-Т Х.1121).
[http://www.iks-media.ru/glossary/index.html?glossid=2400324]
Тематики
Смотреть что такое «shoulder surfing» в других словарях:
shoulder surfing — noun (informal) The practice of looking over the shoulder of a person who is entering a personal security code • • • Main Entry: ↑shoulder * * * ˈshoulder surfing 8 [shoulder surfing] noun … Useful english dictionary
Shoulder surfing — may refer to one of two things:* Shoulder surfing (computer security) * Shoulder surfing (surfing) … Wikipedia
shoulder surfing — pp. Stealing a computer password or access code by peeking over a person s shoulder while they type in the characters. shoulder surf v. shoulder surfer n. Example Citations: Telephone companies say they put a dent in this shoulder surfing by… … New words
shoulder surfing — The practice of looking over somebody s shoulder when they are using a computer, cash dispenser or other electronic device, in order to obtain personal information (identification, account number, password, etc.) is called shoulder surfing … English Idioms & idiomatic expressions
shoulder surfing — noun a) the use of direct observation, such as looking over someones shoulder at an ATM, in order to obtain information b) a technique in surfing requiring less skill See Also: shoulder surf, shoulder surfer … Wiktionary
shoulder surfing — /ˈʃoʊldə sɜfɪŋ/ (say shohlduh serfing) noun the practice of looking over someone s shoulder to see the PIN that they key into an ATM … Australian-English dictionary
Shoulder surfing (computer security) — In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone s shoulder, to get information. Shoulder surfing is particularly effective in crowded places because it s relatively easy to… … Wikipedia
Shoulder surfing (surfing) — In surfing, shoulder surfing refers to shoulder hopping. Shoulder hoppers do not take off on the critical part of the wave where there is a need for a high level of skill, but take off further down the line. They are often regarded as annoying by … Wikipedia
Surfing — This article is about stand up ocean surfing. For other uses, see Surfing (disambiguation). A surfer performing a late drop … Wikipedia
shoulder surfer — noun Someone who engages in shoulder surfing … Wiktionary
shoulder surf — verb To engage in shoulder surfing … Wiktionary
What is Shoulder Surfing? Tips to Prevent Shoulder Surfing Password Attacks
There are many different ways of stealing a password. You might think that all of them require technical knowledge or, at best, a computer that’s connected to the Internet. That’s not strictly true. With one technique, all you need to do to steal some pretty important information is a keen eye and a victim that isn’t paying attention.
Shoulder surfing, as you might have guessed already, is the name of this technique, and it comes from the fact that in its most basic form, it involves literally peering over the victim’s shoulder in order to obtain a password or another piece of sensitive data. There are other variations of the attack. Determined miscreants can steal passwords and other data from a significant distance as well with the help of binoculars or expensive filming equipment, for example, and in an especially James Bond-ish variant, the bad guys even make use of eye tracking technology to guess what your password is by examining which buttons on the on-screen keyboard you look at.
But how likely are you to be hit by a shoulder surfing attack exactly?
Every single person has their threat model, and this threat model is comprised of many different factors such as the person’s job, their financial status, and whether or not there are other people who want to harm them. The likelihood of being targeted by a shoulder surfing attack is largely dependent on your threat model. Let’s see some examples.
You may have heard of a certain Edward Snowden, a computer specialist that used to work for the NSA. Several years ago, he blew the proverbial whistle and embarrassed a few governments, which is why he currently resides in Russia. Many people in black suits would like to bring him back to the USA, and they wouldn’t mind having all his passwords as well. In other words, Mr. Snowden is very likely to be targeted by shoulder surfing attacks which is why, we can imagine that he doesn’t use public transport a lot. And when he was interviewed for a documentary called Citizenfour, he covered his head and laptop with a blanket when he entered his password, ensuring that nobody will see what he’s typing or looking at.
At the other end of the scale, you have Muriel – a 69-year old pensioner who has an old computer she hasn’t turned on in a while and a feature phone on a prepaid plan. It’s fair to say that she’s the last person the government would set up surveillance on, and even shoulder surfers looking for random victims won’t be that interested in her.
In all probability, your threat model sits somewhere in the middle between Edward Snowden and Muriel. Being an active internet user and having a PIN-protected bank card means that criminals can profit from your sensitive data, but at the same time, you are unlikely to be the target of large-scale operation carried out by people who refer to their colleagues by codenames. This means that while you probably don’t need a blanket every time you fire up your laptop, being wary of the danger is a good call.
What can you do to protect yourself from shoulder surfing attacks?
For a successful shoulder surfing attack, you need a small space with a lot of people crammed into it. The commuter trains and buses are an obvious choice and so is a queue at an ATM, but it can be basically any public place. It’s sometimes easier said than done, but you should be aware of your surroundings when there are many eyeballs around you.
Avoid entering your credit card details and filling out checkout pages when you’re in a public place, even if that means missing out on some tasty discounts. And if you absolutely must log in to your Facebook account while you’re on the train, take the time to look around and ensure that your fellow commuters aren’t overly curious. Using a strong password also helps because even if they see it, the crooks will have a hard time remembering it, and since most password managers enter passwords automatically, the attack will stop pretty much dead in its tracks if you use one.
It should be more common sense than wisdom, but when you’re at the ATM, cover your PIN while you’re entering it and try not to forget your card at the machine. In other words, be a bit more vigilant. After all, it’s your money that’s on the line.
Shoulder surfing isn’t the most widespread attack, especially when it comes to targeting regular users. The rewards you get from compromising random commuters on the train could be negligible, and at the same time, the risks of getting caught are not insignificant. With so many people having their smartphones seemingly glued to their hands, however, pulling off a successful attack doesn’t seem too hard. That’s why, regardless of whether you’re on your way to work or at an airport terminal, you need to keep your wits about you.
shoulder surfing
1 shoulder surfing
поиск с подглядыванием
Угроза безопасности, которая собирает информацию в местах с интенсивной деятельностью путем наблюдения за нажатием клавиш, чтения с экрана подвижного терминала или прослушивания звуков, исходящих от подвижного терминала (МСЭ-Т Х.1121).
[ http://www.iks-media.ru/glossary/index.html?glossid=2400324]
Тематики
2 shoulder surfing
См. также в других словарях:
shoulder surfing — noun (informal) The practice of looking over the shoulder of a person who is entering a personal security code • • • Main Entry: ↑shoulder * * * ˈshoulder surfing 8 [shoulder surfing] noun … Useful english dictionary
Shoulder surfing — may refer to one of two things:* Shoulder surfing (computer security) * Shoulder surfing (surfing) … Wikipedia
shoulder surfing — pp. Stealing a computer password or access code by peeking over a person s shoulder while they type in the characters. shoulder surf v. shoulder surfer n. Example Citations: Telephone companies say they put a dent in this shoulder surfing by… … New words
shoulder surfing — The practice of looking over somebody s shoulder when they are using a computer, cash dispenser or other electronic device, in order to obtain personal information (identification, account number, password, etc.) is called shoulder surfing … English Idioms & idiomatic expressions
shoulder surfing — noun a) the use of direct observation, such as looking over someones shoulder at an ATM, in order to obtain information b) a technique in surfing requiring less skill See Also: shoulder surf, shoulder surfer … Wiktionary
shoulder surfing — /ˈʃoʊldə sɜfɪŋ/ (say shohlduh serfing) noun the practice of looking over someone s shoulder to see the PIN that they key into an ATM … Australian-English dictionary
Shoulder surfing (computer security) — In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone s shoulder, to get information. Shoulder surfing is particularly effective in crowded places because it s relatively easy to… … Wikipedia
Shoulder surfing (surfing) — In surfing, shoulder surfing refers to shoulder hopping. Shoulder hoppers do not take off on the critical part of the wave where there is a need for a high level of skill, but take off further down the line. They are often regarded as annoying by … Wikipedia
Surfing — This article is about stand up ocean surfing. For other uses, see Surfing (disambiguation). A surfer performing a late drop … Wikipedia
shoulder surfer — noun Someone who engages in shoulder surfing … Wiktionary
shoulder surf — verb To engage in shoulder surfing … Wiktionary
Shoulder Surfing Attack
When it comes to data protection from threat actors, namely, in a cybersecurity context, we tend to think in terms of technology. Having a strong IDS (intrusion detection system), a properly configured firewall, up-to-date servers, and other defensive measures all are important in Information Security.
What often gets overlooked, however, are the other (namely physical) attack vectors. From social engineering attacks to bypassing security ID checks by following employees into a building, the physical security component is just as vital in protecting data.
What is Shoulder Surfing Attack
One of the oldest and most effective methods of breaching security is shoulder surfing. It is a relatively simple concept. A threat actor, or perhaps a penetration tester hired by an organization, will seek to gain information that they can use to harm a target through this method. The original iteration of this attack was peering over someone’s shoulder when they were logging into their account, viewing the keystrokes, and logging the password entered. Another common variation was looking at sticky notes that employees wrote their passwords on. The sticky notes were usually placed on their monitor and were easily read by a malicious individual.
How has Shoulder Surfing Evolved?
The attacks began mostly in offices during the 90s dotcom boom, and while these methods are still a threat, shoulder surfing has many more tactics available in the 21st Century. Much of this has to do with how the threat landscape has opened up. With the advent of smartphones, tablets, and other IoT (Internet of Things) devices, the possibilities for attacking are endless. So many individuals log into sensitive accounts in public with no awareness of how this can be used against them. From their social media accounts to mobile banking applications, shoulder surfing is more lucrative for cybercriminals than ever before.
Defending against Shoulder Surfing
Nowadays, to defend against shoulder surfing attacks, one must be cognizant of their environment at all times. Threat actors don’t just shoulder surf by standing behind you at an ATM, but also use video cameras, binoculars, and other image magnification methods. To mount a proper defense against shoulder surfing, try the following methods.
Learn more about DDoS
Privacy Overview
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
| Cookie | Duration | Description |
|---|---|---|
| __stripe_mid | 1 year | This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server. |
| __stripe_sid | 30 minutes | This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server. |
| Affiliate ID | 3 months | Affiliate ID cookie |
| cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category «Analytics». |
| cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category «Functional». |
| cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category «Other. |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category «Necessary». |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category «Performance». |
| Data 1 | 3 months | |
| Data 2 | 3 months | Data 2 |
| JSESSIONID | session | Used by sites written in JSP. General purpose platform session cookies that are used to maintain users’ state across page requests. |
| PHPSESSID | session | This cookie is native to PHP applications. The cookie is used to store and identify a users’ unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed. |
| woocommerce_cart_hash | session | This cookie is set by WooCommerce. The cookie helps WooCommerce determine when cart contents/data changes. |
| XSRF-TOKEN | session | The cookie is set by Wix website building platform on Wix website. The cookie is used for security purposes. |
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
| Cookie | Duration | Description |
|---|---|---|
| __lc_cid | 2 years | This is an essential cookie for the website live chat box to function properly. |
| __lc_cst | 2 years | This cookie is used for the website live chat box to function properly. |
| __lc2_cid | 2 years | This cookie is used to enable the website live chat-box function. It is used to reconnect the customer with the last agent with whom the customer had chatted. |
| __lc2_cst | 2 years | This cookie is necessary to enable the website live chat-box function. It is used to distinguish different users using live chat at different times that is to reconnect the last agent with whom the customer had chatted. |
| __oauth_redirect_detector | This cookie is used to recognize the visitors using live chat at different times inorder to optimize the chat-box functionality. | |
| Affiliate ID | 3 months | Affiliate ID cookie |
| Data 1 | 3 months | |
| Data 2 | 3 months | Data 2 |
| pll_language | 1 year | This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page. |
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Shoulder surfing attack что это
Shoulder surfing can lead to financial wipeout—yours.
What is shoulder surfing? Shoulder surfing occurs when someone watches over your shoulder to nab valuable information such as your password, ATM PIN, or credit card number, as you key it into an electronic device. When the snoop uses your information for financial gain, the activity becomes identity theft.
In this article, you’ll learn how shoulder surfers manage to steal information. You’ll also get tips on how to help keep yourself from becoming a victim.
Examples of shoulder surfing
That person in line standing behind you—you probably didn’t notice if it was a man or a woman—happened to be a shoulder surfer. As you bolted for the bus, your ATM left a message on screen for you: “Would you like to make another transaction?”
What happened? That person who was next in line hit the key “yes,” entered your PIN number and stole your money.
It’s easy to fall victim to shoulder surfing. Often, it happens when you’re distracted or in a rush. There’s a good chance you might be in a crowded, public place.
And guess what? A thief engaging in this low-tech crime might not even have to peer over your shoulder. Binoculars or a cell phone video camera—or even a keen ear—can capture information needed to pierce your finances.
Here are three other ways shoulder surfers might strike:
7 tips to help prevent shoulder surfing
Shoulder surfers prowl the borders of your personal space. Their goal is to notice without being noticed. Here’s how to help thwart them:
Practice smart habits and you can help prevent shoulder surfing from happening and leading to financial loss. Shoulder surfing is a dangerous sport, if you’re the victim.
Get LifeLock Identity Theft Protection 30 DAYS FREE*
Criminals can open new accounts, get payday loans, and even file tax returns in your name. There was a victim of identity theft every 3 seconds in 2019°, so don’t wait to get identity theft protection.
Start your protection now. It only takes minutes to enroll.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Start your protection,
enroll in minutes.
The LifeLock Brand is part of NortonLifeLock Inc. LifeLock identity theft protection is not available in all countries.