Ponder This

https://internet.com/website-building/how-to-add-a-captcha-to-your-website/

1. Clickjacking

If the attacker requires extra interaction from the user to load malware, this will be accomplished through an attack called "clickjacking."

"The purpose of this attack is to open the target website in an invisible frame and get the user to click somewhere in the frame when they don't even know they're clicking in that website,"

A common example is offering a bogus pop-up window made to look like a legitimate plug-in update or antivirus alert, such as a Microsoft Security Essentials window that says you have a few viruses and should push a button to clean them. "The pop-up itself is not harmful, but if you click the button, you open the gate to infect your machine,"

"One accidental 'allow' click is all it takes to start the ball rolling," Brandt explains. "Once the malicious Java applet is running, it takes only seconds for the malware payload – a Windows application – to arrive, execute and do its dirty work."

1. Watering Hole Attacks

It's easy these days for attackers to use exploit kits to break into legitimate sites and implant drive-by-download attacks. With "watering hole attacks" they're taking that technique further. The idea is that, just as a lion waits by a watering hole visited by the prey it would like to eat, an attacker plants malware at news or networking sites that he knows his targets are likely to visit. For example, employees of an accounting firm are likely to visit an accounting association website.

PASTEBIN

Sometimes attackers will wait patiently for months to spring their traps, says David Ulevitch, CEO of OpenDNS, a DNS and security service provider. "Criminals will conduct reconnaissance on their targets to gather information about their interests, devices and apps, and even physically survey their browsing habits at cafes or airports," he says. "If they don't succeed immediately, they will keep trying until they do, which may take months."

1. (Google) Malvertising

Online advertising that contains embedded malware or links to malicious websites, otherwise known as malvertising, is among the most common high-volume, Web-based attacks assaulting online machines today, according to researchers with OpenDNS.

"That's because hundreds of thousands of websites allow the same third-party network to put ads on their sites," says Ulevitch. So if one third-party network is compromised, it can affect thousands of sites.

https://www.darkreading.com/risk/10-web-based-attacks-targeting-your-end-users/d/d-id/1140224

>>6467441

ReCAPTCHA

ReCAPTCHA is probably the most widely used and recognised. It was acquired by Google in 2009, and Google now uses it to assist with the automatic digitization of text books, and of the automatic recognition of real life street signs and names. It is a CAPTCHA code system that presents two words to be deciphered. When a user deciphers the two words or numbers, the result are sent back to Google to help digitize books and street signs for Google’s other projects.

No CAPTCHA reCAPTCHA

The most recent update to ReCAPTCHA attempts to minimize the number of times that a CAPTCHA is actually displayed to the user. This is acheived by analyzing browser behaviour of the user, and presenting a difficult CAPTCHA if the system thinks it’s a bot. Otherwise a simple checkbox is shown.

https://internet.com/website-building/how-to-add-a-captcha-to-your-website/

>>6467422

Shalom, ani Pepe.

Hello, my name is Pepe.