Login spoofing
Encyclopedia
Login spoofings are techniques used to steal a user's password
. The user is presented with an ordinary looking login
prompt for username and password, which is actually a malicious program, usually called a Trojan horse
under the control of the attacker. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security.
To prevent this, some operating system
s require a special key combination (called a Secure attention key
) to be entered before a login screen is presented, for example Control-Alt-Delete
. Users should be instructed to report login prompts that appear without having pressed this secure attention key
. Only the kernel
, which is the part of the operating system that interacts directly with the hardware, can detect whether the secure attention key has been pressed, so it cannot be intercepted by third party programs (unless the kernel itself has been compromised.)
Login spoofing can be considered a form of social engineering.
usually involves a scam in which victims respond to unsolicited e-mails that are either identical or similar in appearance to a familiar site which they may have prior affiliation with, login spoofing usually is indicative of a much more heinous form of vandalism or attack in that the attacker has already gained access to the victim computer to at least some degree.
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
. The user is presented with an ordinary looking login
Logging (computer security)
In computer security, a login or logon is the process by which individual access to a computer system is controlled by identifying and authentifying the user referring to credentials presented by the user.A user can log in to a system to obtain access and can then log out or log off In computer...
prompt for username and password, which is actually a malicious program, usually called a Trojan horse
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
under the control of the attacker. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security.
To prevent this, some operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s require a special key combination (called a Secure attention key
Secure attention key
A secure attention key is a special key or key combination to be pressed on a computer keyboard before a login screen must be trusted by a user. The operating system kernel, which interacts directly with the hardware, is able to detect whether the secure attention key has been pressed...
) to be entered before a login screen is presented, for example Control-Alt-Delete
Control-Alt-Delete
Control-Alt-Delete is a computer keyboard command on IBM PC compatible systems that can be used to reboot the computer, and summon the task manager or Windows Security in more recent versions of the Microsoft Windows operating system...
. Users should be instructed to report login prompts that appear without having pressed this secure attention key
Secure attention key
A secure attention key is a special key or key combination to be pressed on a computer keyboard before a login screen must be trusted by a user. The operating system kernel, which interacts directly with the hardware, is able to detect whether the secure attention key has been pressed...
. Only the kernel
Kernel (computing)
In computing, the kernel is the main component of most computer operating systems; it is a bridge between applications and the actual data processing done at the hardware level. The kernel's responsibilities include managing the system's resources...
, which is the part of the operating system that interacts directly with the hardware, can detect whether the secure attention key has been pressed, so it cannot be intercepted by third party programs (unless the kernel itself has been compromised.)
Login spoofing can be considered a form of social engineering.
Similarity to phishing
Whereas the concept of phishingPhishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
usually involves a scam in which victims respond to unsolicited e-mails that are either identical or similar in appearance to a familiar site which they may have prior affiliation with, login spoofing usually is indicative of a much more heinous form of vandalism or attack in that the attacker has already gained access to the victim computer to at least some degree.