Logic/time bomb

2012-12-20T04:21:59Z

Andy Giannini: adding some content

{{Template:Threat}}

<br>
[[Category:OWASP ASDR Project]]

Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''

==Description==

A logic bomb is a piece of malicious code that executes when specific trigger conditions are met. A typical example would be a program that monitors a company's payroll system, and attacks the company if a specific employee is terminated. A time bomb is a type of logic bomb that uses a date and time as its trigger condition. They are differentiated from software "easter eggs" by their malicious nature.

==Risk Factors==
A logic bomb can affect any systems that were accessible to the attacker. Depending on the motivation of the attacker, the bomb itself could modify payroll systems, steal corporate databases, or crash critical infrastructure.

* [[Computer Viruses]] occasionally use logic bombs as their payloads. This allows the virus time to spread before alerting infected users with its attack.
* [[internal software developer | Internal developers]] or [[Contractors | IT contractors]] are the typical threat agents capable of delivering logic bombs.

==Examples==

===Medco Health Solutions===
: A unix systems administrator recieved 30 months in federal prison for inserting a logic bomb in Medco Health Solutions servers. [http://www.pcworld.com/article/137479/article.html link]

===Fannie Mae===
: An IT contractor for Fannie Mae inserted a time bomb to attack corporate servers. [http://www.fbi.gov/baltimore/press-releases/2010/ba100410a.htm link]

===Siberian Pipeline Sabotage===
: It is alleged (and disputed) that a 1982 explosion of a Soviet natural gas pipeline was caused by a logic bomb. [http://www.nytimes.com/2004/02/02/opinion/the-farewell-dossier.html link]

==Related [[Attacks]]==

* [[Computer Viruses]]

==Related [[Vulnerabilities]]==

TBD

==References==

* [http://en.wikipedia.org/wiki/Logic_bomb Wikipedia]
* [http://computer.howstuffworks.com/logic-bomb.htm HowStuffWorks]

__NOTOC__

[[Category:Embedded Malicious Code]]

Competitors

2012-12-10T03:10:48Z

Andy Giannini: reworded "risk factor" and "examples" sections

<br>
[[Category:OWASP ASDR Project]]

== Description ==
Competition is an interaction between individuals from the same species or different species (Human, animal or vegetal) who dispute something. This dispute may be for food, for territory, for light, for employment, for female, for male and so on. So the competition is an incentive for self-improvement, it is necessary to overcome the expectations to win it.
The competition can be destructive, when the individual/group/organism seeks to benefit by damaging/eliminating competing or cooperative, when there is improvement of their level by the manner through peaceful exchange and without violating other people.

== Risk Factors ==
Competitors can attempt to discover your new product and introduce it to the market before you. They can also attempt to gain access to proprietary trade secrets or acquire client database information.

== Examples ==
=== Destructive Competition ===
: In 2007, the McLaren Mercedes Formula One championship team was implicated in a spying scandal that plagued the sport for the remainder of the season. In response, they were fined $100 million and excluded from the constructor’s title.

=== Cooperative Competition ===
: If two companies are competing for business but exchange some information about the market, they can improve their products to increase their sales.

==Related [[Attacks]]==
TBD

==Related [[Vulnerabilities]]==
TBD

== References ==
* [http://en.wikipedia.org/wiki/Competition Wikipedia]
* [http://sports.espn.go.com/nfl/news/story?id=3018338 ESPN]

[[Category: Threat Agent]]

OWASP - User contributions [en]

Logic/time bomb

Competitors