Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Protected information:
- Privacy and normal functioning of university resources.
- Attacker: an experienced person or group having access to computing power, the NAME/FINGER
- university system, and the university building.
- . (OR) Disrupting the university's functioning
- 1. (OR) Gaining access to university's internal resources and/or information.
- 1.1 (OR) Stealing credentials
- 1.1.1 (OR) Getting login information from other system users
- by contacting them using the emails provided by the protocol
- 1.1.1.1 (OR) Gaining information about target professor
- by introducing oneself as the target and sending emails asking other
- professors for help logging in
- 1.1.1.1.1 (OR) Spoofing source email address to ask
- others for information
- 1.1.1.1.2 (OR) Registering a similar email with target's name
- 1.1.1.1.3 (OR) Creating a social network page with target's name
- 1.1.1.1.4 (OR) Gaining more information from other users of the system
- 1.1.1.2 (OR) Assuming the identity of someone
- trustworthy and contacting other professors to ask for information
- 1.1.1.2 (OR) Assuming the identity of target's family member
- 1.1.1.3 (OR) Assuming the identity of target's boss
- 1.1.1.4 (OR) Assuming the identity of a security engineer
- 1.1.1.5 (OR) Assuming the identity of a police officer
- 1.1.1.3 (OR) Sending infected pages or software to users' emails
- 1.1.1.3.1 (OR) Sending a trojan in email attachment disguised as research paper
- 1.1.1.3.2 (OR) Sending a trojan in email attachment disguised as
- student assignment
- 1.1.1.3.3 (OR) Sending a link to a phishing website
- 1.1.1.3.3.1 (OR) Sending a link to a phishing website looking identical
- to the university security system
- 1.1.1.3.3.2 (OR) Sending a link to a phishing website looking identical
- to a popular social network
- 1.1.2 (OR) Physically coming to university and stealing
- credentials information
- 1.1.2.1 (AND) Stealing target's hardware or written down on a piece of paer
- login and password
- 1.1.2.1.1 (OR) Knowing where each person's office is
- 1.1.2.1.2 (OR) Gaining information about when the office is
- unattended
- 1.1.2.1.2.1 (OR) Overhearing target's conversation
- 1.1.2.1.2.2 (OR) Installing a microphone to eavesdrop on the
- target
- 1.1.2.1.2.3 (OR) Gaining information from messages left in the
- name/finger system
- 1.1.2.2 (OR) Assuming an identity of someone
- trustworthy to gain access to the target's computer
- 1.1.2.2.1 (OR) Assuming an identity of a student seeking help and stealng
- credentials
- 1.1.2.2.1.1 (OR) copying personal ssh keys to enable later access
- 1.1.2.2.1.2 (OR) copying password manager data
- 1.1.2.2.1.3 (OR) copying a trojan
- 1.1.2.2.2 (OR) Assuming an identity of a security engineer needing
- to perform some checks
- 1.1.2.2.2.1 (OR) copying personal ssh keys to enable later access
- 1.1.2.2.2.2 (OR) copying password manager data
- 1.1.2.2.2.3 (OR) copying a trojan
- 1.1.2.3 (OR) Persuading the target to give their information away
- 1.2.3.1 (OR) Assuming an identity of a student needing computing resources
- 1.1.2.4 (OR) Drugging the target to make them give their information away
- 1.1.3 (OR) Utilizing software security holes to steal
- users' credentials
- 1.1.3.1 (OR) Utilizing elinks security holes
- 1.1.3.1 (OR) Eavesdroping on unencrypted connection
- 1.1.3.2 (OR) Substituting the login page with a fake page with
- fake certificate
- 1.1.3.3 (OR) Planting a malign code into a page to infect target's
- computer and steals data
- 1.1.3.2 (OR) Utilizing NAME/FINGER security holes
- 1.1.3.2.1 (OR) Injecting malign code into the request
- 1.1.4 (OR) Blackmailing a sytem user to provide login information
- 1.1.4.1 (OR) Finding sensitive information about one of the user
- 1.1.4.1.1 (OR) Using the publicly available contact information
- to gain more information
- 1.1.4.1.1.1 (OR) Scraping messages to stalk on the users
- 1.1.4.1.1.2 (OR) Assuming a trustworthy identity to contact users
- for personal information about other users
- 1.1.4.1.1.2.1 (OR) Assuming an identity of a family member
- 1.1.4.1.1.2.2 (OR) Assuming an identity of a colleague
- 1.1.4.1.1.2.3 (OR) Assuming an identity of a policeman
- 1.1.4.1.1.3 (OR) Stalking the target
- 1.1.4.1.1.3.1 (OR) Planting a microphone
- 1.1.4.1.1.3.2 (OR) Overhearing sensitive informations
- by constantly being close to the target's office
- 1.1.4.1.1.3.3 (OR) Following the target
- 1.1.4.2 (OR) Copying all the information and blackmailing the administrator by
- saying that this information will be leaked and thus does not comply to GDPR
- 1.1.5 (OR) Physically attacking the user to force them to give the information away
- 1.1.5.1 (AND) Finding a moment when the target is alone and vulnerable
- 1.1.5.1.1 (OR) Using the information provided about the last login to detect
- when the target stayed at work too late
- 1.1.5.1.2 (OR) Using the messages to find possible information about the
- person's plans to find out if they'll be vulnerable
- 1.1.5.1.3 (OR) Stalking the person and waiting until they're vulnerable
- 1.1.5.2 (AND) Getting help from accomplices
- 1.1.6 (OR) Injecting malign code
- 1.1.6.1 (OR) Injecting malign code into newly purchased machines
- 1.6.1.1 (OR) Injecting trojans into the preinstalled system
- 1.6.1.2 (OR) Injecting viruses into the preinstalled system
- 1.1.6.2 (OR) Injecting malign code into any newly bought software
- for the university
- 1.1.6.2.1 (OR) Injecting trojans into new software
- 1.1.6.2.2 (OR) Injecting viruses into new software
- 1.2 (OR) Bruteforcing the user credentials
- 1.2.1 (OR) Bruteforcing the university internal system login page using the
- name and email address
- 1.2.2 (OR) Bruteforcing public social networks account using the name and email address
- 2. (OR) Disrupting the work of the university
- 2.1 (OR) Disrupting the work of the computer system
- 2.1.1 (AND) Launching a DDOS attack against the university
- 2.1.1.1 (OR) Getting many machines to attack a public endpoint of NAME/FINGER
- 2.1.2 (OR) Injecting malign code into the system that uses up the resources
- 2.1.2.1 (OR) Injecting a bitcoin runner
- 2.1.2.2 (OR) Injecting DDOS attack software
- 2.1.3 (OR) Sabotaging any newly purchased hardware
- 2.1.3.1 (OR) Stealing the new machines from storage
- 2.1.3.2 (OR) Assume a university employee's identity to intercept shipping
- 2.1.3.3 (OR) Replacing machines' parts with cheaper alternatives
- 2.1.3.4 (OR) Assuming an identity of a hardware supplier to give infected
- hardware to the university
- 2.1.4 (OR) Sabotaging NAME/Finger protocol by spoofing packets and sending
- fake information about the users
- 2.2.2.4 (OR) Placing embarrasing information in the system,
- 2.2.2.5 (OR) Placing misleading information in the system,
- 2.2 (OR) Disrupting the work of the students and professors
- 2.2.1 (OR) Hiring people to come to the university and bug professors all the time
- 2.2.2 (OR) Constantly sending professors unrelated emails making them unable to
- work
- 2.2.3 (OR) Constantly sending professors post packages making them unable to work
- 2.2.4 (OR) Spreading false rumours about the university personnel
- 2.3.5 (OR) Agitating professors to strike against the university
- 2.3.6 (OR) Giving away their information to advertisers and spammers
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement