- Software defect This is the most common one will encounter. A defect can be in operating system
software or application software. Defects in the OS are typically more worrisome, but an application defect can be just as troublesome. For example, a defect in a database management system (DBMS) that allows customers’ data to be viewed by unauthorized people on the Web is just as damaging as revealing that same data through an OS defect. Examples of typical sofware defects are buffer overflows, design problems that allow access to functions that should be disallowed, allowing malformed input, allowing access to files or data that should be disallowed, and so on.
- Clear text data captured It is more true now, that the usage of wifi is a common practice. If user, password, or other data is transmitted across open networks in clear text, it can be intercepted and used. A classic example is the difference between TELNET and SSH. TELNET transmits all data including passwords and login names in clear text. Anyone on the network and have their network card in promiscuous mode, can sniff out the login information and gain access to a system. SSH uses encryption on all traffic and is more secure. The same is true when using FTP instead of SFTP.
- Weak passwords Crackable or easily guessable passwords are a common way for hackers to gain initial access to a system. Cracking passwords are much more easier with more people having access to very powerful computers than ever before; and if you can network a host of powerfull computers to crack passwords the possibiulites are great. Because of the fact that linux passwords (and commands) are case sensitive, one should take advantage of this and use both uppercase and lowercase words along with numbers punctuation marks and even spaces. And change it often, atleast once a month.
- Spoofing Spoofing occurs when an attacker pretends to be an entity and takes over communication between systems. For example, if SystemA and SystemB are communicating, the attacker could set up SystemC to use SystemB’s IP address, hostname, and so on. The hacker could then use a DoS attack to knock SystemB offline and take over the “conversation” with SystemA.
- Carelessness Carelessness is a human error that hackers exploit to gain access to a system that is exposed through negligence or stupidity. Two classic examples are using the default password and writing down a password.
- Denial of service “A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system” (from http://en.wikipedia.org/wiki/Denial_of_service). Examples are invalid packet floods, valid packet floods, and service floods such as HTTP attacks.
- Access controls restriction This condition occurs when permission to access a resource (a service, file, directory, system) is not properly restricted.
I am sure there are other types of vulnerabilities that should be taken just as seriously as the one mentioned above. However you can never be too secure. So don’t only think about conventional methods of attacks and securing your system, chances are like yourself, an attacker is also thinking out of the box to attack your system.