![[ t ]](/images/structural/icon_twitter.gif){kind=icon}
Jan
24
User-Specific DOS Attacks
How Much Security is Needed?: This is a really interesting thought.
If you have a system that locks out a user after too many incorrect logins, then it becomes easy for a malicious user to deny access to your users by simply attempting to log in as them.
You could wreak some havoc with a script that just pelted a site with failed login attempts. You could effectively disable a user — call it a user-specific DOS attack. It would take some log review and some coding or firewall hacking to stop the script, and a lot of sites wouldn’t have the wherewithal to do it.
by Deane
January 24, 2004 9:26 PM
Comments are Closed
Thanks to all who participated.
- Why Laptops are More than the Sum of Their Specs by yongho kim, 8 hours, 58 minutes ago
- Why Ad Blocking Kinda Sucks by Deane, 23 hours, 18 minutes ago
- Why Ad Blocking Kinda Sucks by Dave, 1 day, 3 hours ago
- Nation Shudders At Large Block Of Uninterrupted Text by Anonymous, 1 day, 4 hours ago
- Nation Shudders At Large Block Of Uninterrupted Text by Anonymous, 1 day, 4 hours ago
- Show 5 more »
- The Principle of Least Astonishment by Deane in 2009
- SkySails Maiden Voyage a Success by Deane in 2008
- Sony Computers Sans Crapware by Deane in 2008
- Windows Vista Delayed by Deane in 2006
- Wikipedia Bounties by Deane in 2006
- Show 7 more »