Advertisement
Guest User

Untitled

a guest
Dec 20th, 2018
118
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.32 KB | None | 0 0
  1. Protected information:
  2. Privacy and normal functioning of university resources.
  3.  
  4. Attacker: an experienced person or group having access to computing power, the NAME/FINGER
  5. university system, and the university building.
  6.  
  7. . (OR) Disrupting the university's functioning
  8. 1. (OR) Gaining access to university's internal resources and/or information.
  9. 1.1 (OR) Stealing credentials
  10. 1.1.1 (OR) Getting login information from other system users
  11. by contacting them using the emails provided by the protocol
  12. 1.1.1.1 (OR) Gaining information about target professor
  13. by introducing oneself as the target and sending emails asking other
  14. professors for help logging in
  15. 1.1.1.1.1 (OR) Spoofing source email address to ask
  16. others for information
  17. 1.1.1.1.2 (OR) Registering a similar email with target's name
  18. 1.1.1.1.3 (OR) Creating a social network page with target's name
  19. 1.1.1.1.4 (OR) Gaining more information from other users of the system
  20.  
  21. 1.1.1.2 (OR) Assuming the identity of someone
  22. trustworthy and contacting other professors to ask for information
  23. 1.1.1.2 (OR) Assuming the identity of target's family member
  24. 1.1.1.3 (OR) Assuming the identity of target's boss
  25. 1.1.1.4 (OR) Assuming the identity of a security engineer
  26. 1.1.1.5 (OR) Assuming the identity of a police officer
  27.  
  28. 1.1.1.3 (OR) Sending infected pages or software to users' emails
  29. 1.1.1.3.1 (OR) Sending a trojan in email attachment disguised as research paper
  30. 1.1.1.3.2 (OR) Sending a trojan in email attachment disguised as
  31. student assignment
  32.  
  33. 1.1.1.3.3 (OR) Sending a link to a phishing website
  34. 1.1.1.3.3.1 (OR) Sending a link to a phishing website looking identical
  35. to the university security system
  36.  
  37. 1.1.1.3.3.2 (OR) Sending a link to a phishing website looking identical
  38. to a popular social network
  39.  
  40. 1.1.2 (OR) Physically coming to university and stealing
  41. credentials information
  42. 1.1.2.1 (AND) Stealing target's hardware or written down on a piece of paer
  43. login and password
  44. 1.1.2.1.1 (OR) Knowing where each person's office is
  45. 1.1.2.1.2 (OR) Gaining information about when the office is
  46. unattended
  47. 1.1.2.1.2.1 (OR) Overhearing target's conversation
  48. 1.1.2.1.2.2 (OR) Installing a microphone to eavesdrop on the
  49. target
  50. 1.1.2.1.2.3 (OR) Gaining information from messages left in the
  51. name/finger system
  52.  
  53. 1.1.2.2 (OR) Assuming an identity of someone
  54. trustworthy to gain access to the target's computer
  55. 1.1.2.2.1 (OR) Assuming an identity of a student seeking help and stealng
  56. credentials
  57. 1.1.2.2.1.1 (OR) copying personal ssh keys to enable later access
  58. 1.1.2.2.1.2 (OR) copying password manager data
  59. 1.1.2.2.1.3 (OR) copying a trojan
  60.  
  61. 1.1.2.2.2 (OR) Assuming an identity of a security engineer needing
  62. to perform some checks
  63. 1.1.2.2.2.1 (OR) copying personal ssh keys to enable later access
  64. 1.1.2.2.2.2 (OR) copying password manager data
  65. 1.1.2.2.2.3 (OR) copying a trojan
  66.  
  67. 1.1.2.3 (OR) Persuading the target to give their information away
  68. 1.2.3.1 (OR) Assuming an identity of a student needing computing resources
  69. 1.1.2.4 (OR) Drugging the target to make them give their information away
  70.  
  71. 1.1.3 (OR) Utilizing software security holes to steal
  72. users' credentials
  73. 1.1.3.1 (OR) Utilizing elinks security holes
  74. 1.1.3.1 (OR) Eavesdroping on unencrypted connection
  75. 1.1.3.2 (OR) Substituting the login page with a fake page with
  76. fake certificate
  77. 1.1.3.3 (OR) Planting a malign code into a page to infect target's
  78. computer and steals data
  79. 1.1.3.2 (OR) Utilizing NAME/FINGER security holes
  80. 1.1.3.2.1 (OR) Injecting malign code into the request
  81.  
  82. 1.1.4 (OR) Blackmailing a sytem user to provide login information
  83. 1.1.4.1 (OR) Finding sensitive information about one of the user
  84. 1.1.4.1.1 (OR) Using the publicly available contact information
  85. to gain more information
  86. 1.1.4.1.1.1 (OR) Scraping messages to stalk on the users
  87.  
  88. 1.1.4.1.1.2 (OR) Assuming a trustworthy identity to contact users
  89. for personal information about other users
  90. 1.1.4.1.1.2.1 (OR) Assuming an identity of a family member
  91. 1.1.4.1.1.2.2 (OR) Assuming an identity of a colleague
  92. 1.1.4.1.1.2.3 (OR) Assuming an identity of a policeman
  93.  
  94. 1.1.4.1.1.3 (OR) Stalking the target
  95. 1.1.4.1.1.3.1 (OR) Planting a microphone
  96. 1.1.4.1.1.3.2 (OR) Overhearing sensitive informations
  97. by constantly being close to the target's office
  98. 1.1.4.1.1.3.3 (OR) Following the target
  99.  
  100. 1.1.4.2 (OR) Copying all the information and blackmailing the administrator by
  101. saying that this information will be leaked and thus does not comply to GDPR
  102.  
  103. 1.1.5 (OR) Physically attacking the user to force them to give the information away
  104. 1.1.5.1 (AND) Finding a moment when the target is alone and vulnerable
  105. 1.1.5.1.1 (OR) Using the information provided about the last login to detect
  106. when the target stayed at work too late
  107. 1.1.5.1.2 (OR) Using the messages to find possible information about the
  108. person's plans to find out if they'll be vulnerable
  109. 1.1.5.1.3 (OR) Stalking the person and waiting until they're vulnerable
  110. 1.1.5.2 (AND) Getting help from accomplices
  111.  
  112. 1.1.6 (OR) Injecting malign code
  113. 1.1.6.1 (OR) Injecting malign code into newly purchased machines
  114. 1.6.1.1 (OR) Injecting trojans into the preinstalled system
  115. 1.6.1.2 (OR) Injecting viruses into the preinstalled system
  116. 1.1.6.2 (OR) Injecting malign code into any newly bought software
  117. for the university
  118. 1.1.6.2.1 (OR) Injecting trojans into new software
  119. 1.1.6.2.2 (OR) Injecting viruses into new software
  120.  
  121. 1.2 (OR) Bruteforcing the user credentials
  122. 1.2.1 (OR) Bruteforcing the university internal system login page using the
  123. name and email address
  124. 1.2.2 (OR) Bruteforcing public social networks account using the name and email address
  125.  
  126. 2. (OR) Disrupting the work of the university
  127. 2.1 (OR) Disrupting the work of the computer system
  128. 2.1.1 (AND) Launching a DDOS attack against the university
  129. 2.1.1.1 (OR) Getting many machines to attack a public endpoint of NAME/FINGER
  130.  
  131. 2.1.2 (OR) Injecting malign code into the system that uses up the resources
  132. 2.1.2.1 (OR) Injecting a bitcoin runner
  133. 2.1.2.2 (OR) Injecting DDOS attack software
  134.  
  135. 2.1.3 (OR) Sabotaging any newly purchased hardware
  136. 2.1.3.1 (OR) Stealing the new machines from storage
  137. 2.1.3.2 (OR) Assume a university employee's identity to intercept shipping
  138. 2.1.3.3 (OR) Replacing machines' parts with cheaper alternatives
  139. 2.1.3.4 (OR) Assuming an identity of a hardware supplier to give infected
  140. hardware to the university
  141.  
  142. 2.1.4 (OR) Sabotaging NAME/Finger protocol by spoofing packets and sending
  143. fake information about the users
  144. 2.2.2.4 (OR) Placing embarrasing information in the system,
  145. 2.2.2.5 (OR) Placing misleading information in the system,
  146.  
  147. 2.2 (OR) Disrupting the work of the students and professors
  148. 2.2.1 (OR) Hiring people to come to the university and bug professors all the time
  149. 2.2.2 (OR) Constantly sending professors unrelated emails making them unable to
  150. work
  151. 2.2.3 (OR) Constantly sending professors post packages making them unable to work
  152. 2.2.4 (OR) Spreading false rumours about the university personnel
  153. 2.3.5 (OR) Agitating professors to strike against the university
  154. 2.3.6 (OR) Giving away their information to advertisers and spammers
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement