While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place.
What Web browser-based security vulnerability was exploited to compromise the user?


admin - 2017-07-05
A. Cross-Site Request Forgery
B. Cross-Site Scripting
C. Clickjacking
D. Web form input validation
Correct Answer: A
Explanation/Reference:
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.
Example and characteristics If an attacker is able to find a reproducible link that executes a specific action on the target page while the victim is being logged in there, he is able to embed such link on a page he controls and trick the victim into opening it. The attack carrier link may be placed in a location that the victim is likely to visit while logged into the target site (e.g. a discussion forum), sent in a HTML email body or attachment.
Incorrect Answers:
C: Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. It is a browser security issue that is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the users knowledge, such as clicking on a button that appears to perform another function. References:
https://en.wikipedia.org/wiki/Cross-site_request_forgery

By: Anonymous - Post:

http://mewkid.net/order-amoxicillin/ - Buy Amoxicillin Online Buy Amoxicillin msv.fnvv.examsshare.com.rlh.hu http://mewkid.net/order-amoxicillin/


By: Anonymous - Post:

http://mewkid.net/order-amoxicillin/ - Amoxicillin 500mg Capsules 18 pbv.fgfk.examsshare.com.ecu.op http://mewkid.net/order-amoxicillin/


By: Anonymous - Post:

http://mewkid.net/buy-xalanta/ - Amoxicillin Online Amoxicillin fsj.qfnx.examsshare.com.dkp.sg http://mewkid.net/buy-xalanta/


By: Anonymous - Post:

http://mewkid.net/buy-xalanta/ - Amoxicillin 500mg Capsules Amoxicillin nwa.bmwd.examsshare.com.edo.qr http://mewkid.net/buy-xalanta/


By: Anonymous - Post:

http://mewkid.net/where-is-xena/ - Amoxicillin 500 Mg Amoxicillin bba.pbvc.examsshare.com.jtr.hv http://mewkid.net/where-is-xena/


By: Anonymous - Post:

http://mewkid.net/where-is-xena/ - Amoxil Amoxicillin gxu.kybp.examsshare.com.zct.fe http://mewkid.net/where-is-xena/


By: Anonymous - Post:

http://mewkid.net/where-is-xena/ - Amoxicillin Online Amoxicillin 500mg Capsules izq.vocg.examsshare.com.ttc.qa http://mewkid.net/where-is-xena/


By: Anonymous - Post:

http://mewkid.net/where-is-xena/ - Amoxicillin Online Amoxicillin 500mg che.xdnn.examsshare.com.ioc.mj http://mewkid.net/where-is-xena/


By: Anonymous - Post:

http://mewkid.net/where-is-xena/ - Amoxicillin Online Amoxil cbt.gsrb.examsshare.com.yla.ei http://mewkid.net/where-is-xena/


By: Anonymous - Post:

http://mewkid.net/where-is-xena/ - Amoxicillin 500mg Capsules 18 ber.dpol.examsshare.com.esi.ap http://mewkid.net/where-is-xena/


By: Anonymous - Post:

http://mewkid.net/where-is-xena/ - Amoxicillin Amoxicillin Online hct.qsyn.examsshare.com.hqp.bg http://mewkid.net/where-is-xena/


By: Anonymous - Post:

http://mewkid.net/where-is-xena/ - Amoxicillin 500 Mg Amoxicillin No Prescription wjs.rgnq.examsshare.com.ggx.yk http://mewkid.net/where-is-xena/


Provide You Answer and Analysis