* Click Fraud – The attackers abuse the underlying business model where companies pay per click. At the peak of college rivalry to gain lingerie fame, MIT servers actually crashed the computers with the influx of votes nominating their university. Students from various universities wrote scripts to nominate their school.
Instead, the poll turned into an episode of revenge of the nerds. Victoria’s Secret, the lingerie company, held an open poll for customers to vote for their favorite college to appear on the collegiate line. Consider this old – yet very representative – example from 2008. * Poll Skewing – In this case, BLBs are engaged to vote for a particular option. Ultimately, this gives the other bidders no time to outbid the sniper. * Auction Sniping – Here, the BLBs monitors a timed online auction and places a winning bid at the last possible moment. The BLBs then send out multiple frequent requests in order to receive front positions in the queue. These ticketing applications serve visitors on a first-come first serve basis.
* Queue Jumping – Most commonly we see business logic attacks launched against online ticket providers where high profile concert tickets are being offered. A business logic bot may then attempt to reserve all seats rendering the seats unavailable for potential customers. * Denial of Service – For example, an online ticketing service may hold reserved seats for ten minutes before actually timing out if a purchase is not made. There’s no better way to illustrate the attacks than by providing a few examples: Mainly performed by business logic bots (BLBs), these types of attacks can perform a variety of attacks. They’re stealthy because they don’t come as malformed requests and they contain legitimate values. The person may not have known it, but my neighbor performed a real-world business logic attack.īusiness logic attacks abuse the functionality of a program-as opposed to an application vulnerability. It was not illegal, just one that defeated the logic of the system. One day, a neighbor took a scrap of metal and placed it in front of the sensor so the light would stay green. This caused heavy congestion every morning for cars coming out of the lot. The problem? There was a huge delay as cars needed to approach the sensor before it turned green, and once the car passed, it would immediately go back to red. When a car approached the traffic light, a sensor would trigger the lights, which in turn allowed the cars coming out of the driveway to receive the right of way. It was put in place to control cars exiting a parking lot and the heavy traffic on the main street. In my old neighborhood there used to be a “smart” traffic light system. Business Logic Attacks – Stealthly, and Often Hard to Call Illegal, These Fraudulent Attacks Can Cost Organizations Big Money
0 kommentar(er)
