Precision hacking – a new term for business logic abuse?
We’ve been having a lot of discussions lately about one term that describes when people use the legitimate function of websites to perpetrate bad behavior. Sometimes the bad behavior can be fraud and sometimes it is just a nuisance.
An example of the nuisance type of bad behavior is the Time “Most Influential People” poll being hacked. Paul Lamere called this exploit “precision hacking”. But I’m worried that using the word “hack” is too technical for the business folks to take seriously. It also puts these types of flaws squarely in the security space when often these are more risk management issues.
Jeremiah Grossman has called this business logic abuse - the abuse of the legitimate business logic of a website. I like the term since it makes sense logically, but I worry that you have to think about it for a while before you understand what it is implying. This can also be called business logic flaws.
What would be really great is to come up with a term like “Phishing” – something that has no real meaning, but that everyone will come to associate with these types of attacks.
Here are some suggestions for possible terms to represent when someone uses the legitimate pages of a website to perpetrate bad behavior. Let me know if you have opinions or if you have other suggestions.
- business logic abuse
- business logic flaws
- business logic exploits
- precision hacking
- swizzling
- e-cheating
- cheeting
- others?
6 Comments »
Leave a comment
About
Silver Tail is leading the fight against business logic abuse with 3rd generation fraud prevention.
Hackers are no longer high school kids trying to one-up their friends or criminals trying to just break-in to sites. Instead, today’s sophisticated hacker is organized crime, strategically targeting websites, stealing billions of dollars from companies and their customers. Vendors providing web application security and intrusion prevention have forced hackers to become much more innovative in their means of attacking websites. These hackers now target the legitimate business logic of websites to perpetrate their fraud, including hijack threats, velocity attacks and gaming schemes. Silver Tail is using the deep domain expertise of its team to provide software that combat business logic abuse in real-time.
Silver Tail was founded by a team of fraud prevention experts who built anti-fraud and anti-phishing tools at eBay and PayPal. Through their experience and proprietary algorithms, they have built a system that is scalable, minimizes false positive rates, and is extremely flexible to adapt to changing attack vectors.
Feedburner
RSS Feed
-
Archives
- December 2009 (5)
- November 2009 (7)
- October 2009 (8)
- September 2009 (7)
- August 2009 (8)
- July 2009 (7)
- June 2009 (6)
- May 2009 (6)
- April 2009 (14)
- March 2009 (8)
- February 2009 (5)
- January 2009 (8)
-
Categories
- behavior analysis
- business logic abuse
- Business Logic Flaw
- Business Process Abuse
- Compliance
- Cost of fraud
- Data Loss
- Detection
- education
- Fraud
- Gaming
- General
- information security
- Investigation
- Man-in-the-Browser
- Online Fraud
- Payment
- Phishing
- Prevention
- risk management
- Social engineering
- Social Networks
- Trust
- Uncategorized
- web logic abuse
- Zeus
-
RSS
Entries RSS
Comments RSS
how ’bout:
EBuL (Exploiting Business Logic) (think red-bull with an E)
Bula (Business Logic Abuse) (think Buhler, pronounced funny)
Now we’ve got those creative juices flowing! I like Bula.
Any other suggestions?
So, using a little script we get the following list:
“Business Logic Abuse”:
BLA
BLAb
BLAbu
BLoA
BLoAb
BLoAbu
BLogA
BLogAb
BLogAbu
BuLA
BuLAb
BuLAbu
BuLoA
BuLoAb
BuLoAbu
BuLogA
BuLogAb
BuLogAbu
BusLA
BusLAb
BusLAbu
BusLoA
BusLoAb
BusLoAbu
BusLogA
BusLogAb
BusLogAbu
“Exploiting Business Logic”:
EBL
EBLo
EBLog
EBuL
EBuLo
EBuLog
EBusL
EBusLo
EBusLog
ExBL
ExBLo
ExBLog
ExBuL
ExBuLo
ExBuLog
ExBusL
ExBusLo
ExBusLog
ExpBL
ExpBLo
ExpBLog
ExpBuL
ExpBuLo
ExpBuLog
ExpBusL
ExpBusLo
ExpBusLog
How about BLEMISHing:
Business Logic Exploitation, Misuse, Impairment, Subjugation and Hacking
Blemishing! Similar to Phishing, and yet refreshingly different! Nice!
How about Business Data Corrosion “BuDaC”