Difference between revisions of "Identity Pathology"
From MgmtWiki
(→Problems) |
(→Problems) |
||
| Line 12: | Line 12: | ||
**User private data, including credentials used in authentication. | **User private data, including credentials used in authentication. | ||
**Data of the user's contacts data. | **Data of the user's contacts data. | ||
| − | **Interception of legitimate user connections to valuable resources. | + | **Interception of legitimate user connections to valuable resources, including elevation of priviledge. |
* Attacks on the transmission of user private data. | * Attacks on the transmission of user private data. | ||
**Interception of legitimate user connections to valuable resources. | **Interception of legitimate user connections to valuable resources. | ||
* Spoofing attacks. | * Spoofing attacks. | ||
| + | **Using data acquired by social engineering. | ||
* Misuse of user private data. | * Misuse of user private data. | ||
| + | **Releasing data to others. | ||
| + | **Data breaches. | ||
==Solutions== | ==Solutions== | ||
Revision as of 10:17, 20 June 2018
Full Title or Meme
A list of various ways in which identity information can be misused or misappropriated on the internet.
Context
User private data is required for release of web resources. Minimizing the amount of data released or its misuse after release is the object of this effort to collect a list of the various attacks and their mitigations.
Problems
- Attacks at the user device or user agent.
- User private data, including credentials used in authentication.
- Data of the user's contacts data.
- Interception of legitimate user connections to valuable resources, including elevation of priviledge.
- Attacks on the transmission of user private data.
- Interception of legitimate user connections to valuable resources.
- Spoofing attacks.
- Using data acquired by social engineering.
- Misuse of user private data.
- Releasing data to others.
- Data breaches.
