Learning About Plain-Text Attacks

Hi ppl,

I hope most of you bloggers are quite infamiliar with the terms Hacking and its various strategies.I am here to explain a type of attack called Plain-text attacks which is one of the most common tools hackers can use to compromise a database or application.Hackers generally take advantage of XML’s reliance on standard
language characters and the most important fact that those characters can also have several numerical representations at different points in a system. Hackers normally
use nonstandard coding for control characters .It is mandatory for everyone to understand certain aspects about html to protect ones's system and database.

Please note XML makes use of the ISO-Latin-1 character set.This is same as character set
used by software developers over all Western European and English speaking
nations. A larger group of character sets,Unicode, supports characters used across most of the world’s major languages in addition to mathematics, logic, and simple object drawing.A
Unicode character set-maps directly to ISO-Latin-1, and both character sets provide
access to letters, numbers, punctuation—and some interesting extras such as
the characters that control the flow of information through the application and
those that indicate to the system whether input strings have been successfully
received.

Manipulating character sets requires you to bracket the numeric representation
of the character with an ampersand (&) and a semicolon (;).In both HTML and XML, characters can be passed as part of an input or message string in one of three ways.There are three ways to refer to every printable character used by XML:
1) its symbol
2) its name,
3) hexadecimal decoding.
The most common way is for the character to simply typed in—for example, the sign for “less than” is typed as <.The characters are referenced by its character name too, if the name is preceded by the symbol &. Referenced by name, then, “less than” becomes: &lt.

The third method, and the most popular method used by hackers is to launch a plain-text attack, that is referencing the character by its hexadecimal notation.XML requires that you bracket the hexadecimal representation with the characters & and ;. “Less than” then becomes: &60;

Noramlly we use ASCII numeric representations in dealing with characters not found on the standard English keyboard. Everyone knows that the only language of database and display is english only numeric representations can allow a degree of typographical control beyond the limits of the characters found on standard keyboards.

I hope the above information i provided would be very useful for you in protecting your database and system from Hackers.Please visit my blog for further such interesting topics.

0 comments: