• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

Error Message Reasoning

Error messages are a part of every computer user's life. They have become so prevalent that they're much like car alarms that are often ignored. However, attackers pay particular attention to these error messages because they often give away more information than was intended. By carefully reasoning the error messages an application returns, attackers might be able to compromise a system and gain access to sensitive information.

Case Study 9-9

Midge was trying to sign up for a new Web-based email account. She had tried midge, midge1, and mwilliams but in each case, the Web site indicated that the user ID was already taken. Finally, she was successful with midge_williams and was able to proceed.

Midge was just trying to sign up for an account, but an attacker would have learned that midge, midge1, and mwilliams were valid user accounts. He could have used that information to attempt to break into those accounts. Luckily for them, Midge was interested only in her own email.



PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint