Sam: Welcome to The Sound of Science. I’m Sam from STEM Outreach.
Jessica: And I’m Jessica from NIU Division of Information Technology. We’ve already talked about databases storing your information as hashes to make it more secure. Today we’ll talk about how an attacker can get ahold of those hashes in the first place.
Sam: There are all kinds of attacks a malicious person can conduct to break into secure systems. We only have time to get into a few, and we’re going to keep it to the basics without over-simplifying too much. First up, let’s talk about attacks on databases.
Jessica: Databases are digital storage facilities; they hold your hashed and salted information. If a database has an easily accessible method of entry, like a website, they can run a structured query language injection, or SQL injection. They input malicious code into areas like search bars or login fields. The database looks at that injection and thinks it’s a valid input, but it ends up opening itself for attack.
Sam: Unless you own or manage a database, there’s not much you personally can do to prevent attacks on databases, so let’s talk about attacks on individuals. I can almost assure you that you’ve seen phishing attacks.
Jessica: Phishing attacks are when attackers send messages to try to convince you they are a trusted source and that they need you to give them your information. This includes those phone calls asking you to verify yourself.
Sam: We’re almost out of time, so we want to cover one more called man-in-the-middle attacks. This one hits particularly close to home for me because I’m a victim myself. I was connected to a secure wifi connection in Ukraine last Christmas and decided to watch some Netflix. At least, I thought it was secure. A week later, I got some emails saying there were new logins in Russia and Czech Republic.
Jessica: Man-in-the-middle attacks occur when an attacker takes over a wifi access point. They become a filter for all the information and traffic that goes through it. When Sam entered his username and password into Netflix, all of that was open for reading. If he had decided to use his credit card or log into his bank, they would have those too.
Sam: Keep securely listening to our experts each week! This has been the Sound of Science on WNIJ
Jessica: Where you learn something new every day.