5.   SQL Injection: It’s a code injection technique that inserts some malicious SQL statement
into  the  entry  field  and  executes  them.  In  simple  words,  we  can  say  SQL  injection  as
running my SQL statement on the target site. This technique is applied on the web-apps
and  web-pages.  It  can  reveal  all  data  from  the  database  of  the  website  to  the  attacker,
even your username and password.
6.   XSS (Cross Site Scripting): XSS vulnerabilities can also found in the web applications.
Hackers  use  this  to  intrude  some  script  to  the  webpage,  and  security  risk  varies
significantly depending on the nature of script. Various threats may be:
a.   Cookie  stealing:  Cookie  stores  user  data  in  the  browser.  Stealing  cookie  will
definitely led to data theft.
b.  Session hijacking
c.   DoS attack
7.   Spoofing:  Spoofing  is  the  process  of  falsifying  data  and  gaining  benefits  of  the  same.
Various techniques that are covered under spoofing are:
a.   Email spoofing: It includes sending mail from anonymous email.
b.  Call spoofing: It includes making fake phone calls. One can use this trick to call
you with your own number too.
c.   IP address spoofing: It involves changing the IP address of your computer.
d.  GPS  spoofing:  It  attempts  to  deceive  a  GPS  receiver  so  as  to  deliver  wrong
location.
e.   DNS spoofing: It’s a trick where data is intruded to the DNS resolver’s cache that
cause  the  name  server  to  return  an  incorrect  IP  address  which  further  leads  to
divert all traffic to the attacker’s computer or any other computer.

8.   Steganography:  It’s the process of masking  a file into other. File may be text, image,
audio or video. They are treated as normal file by the victims, but hackers unmask them
to reveal hidden data from it. Main advantage of the steganography is to transfer secret
messages. Again, steganography can be of different type:
a.   Text steganography: Hiding messages inside the texts, it is not to be confused
with cryptography.
b.  Email steganography: Similar to the text steganography, it is also used to deliver
short  messages.  Original  message  is  masked  and  a  fake  message  is  displayed
which can later be unmasked.
c.   Audio / Video steganography: Hiding data in the audio and video files
d.  Image steganography: Hiding data behind the image files
9.   Man in the Middle: When we open any webpage then the corresponding request is made
to the server, in the form of packet. MITM attack is used to capture these packets while it
travels  through  the  network.  Once  the  hacker  intrudes  into  the  packet,  he  can  easily
extract data from it.
10. Trojans  and  bombs:  These  are  the  malicious  programs  that  when  executed  performs
some action depending on the type of Trojan, which led to system harm and data theft. To
access victim’s system remotely, hackers may use trojans as backdoor, and after gaining
access hacker can perform any action including:
a.   Formatting hard disk
b.   Crashing computer
c.   Corrupting data
d.   Data theft
e.   Keylogging
f.   e-Money theft
g.   Controlling system remotely
h.   And many others…

Kamal Nayan

What is Shadow IT?
It is any hardware or software inside the organisation which hasn’t yet been approved by the IT
department of that organization, thus, information technology projects managed without the
knowledge of the IT department.
The rise in Shadow IT and its increased usage was due to desire of the employees to get direct and
instant access to any software or technology without the need to go through any corporate
channels. Recently, this has spread to the need to use their own personal technology at work (such
as BYOD).
A McAfee sponsored study brings out 6 key points on Shadow IT and its true nature.
1.   More than 80% of the surveyed respondents admitted using it.
2.   The biggest users are not the general users, but they are in fact the… IT employees!
3.   There is no clear communication or rules regarding SaaS policies.
4.   Employees do not want to put their organisation at any risk, they just want to get their work
done comfortably.
5.   Web based analytical tools, word processing/spreadsheet tools and even web conferencing
platforms are the most common types.
6.   Around a half of the surveyed individuals recognize the risks of Shadow IT but even this
sense of risk is not stopping these employees from deterring from its usage.

By 2020, 40% of the IT budget will be spent outside the IT department according to estimates. With
this widespread use to Shadow IT, the risks it brings along has become quite obvious. It can easily
become a barrier to an enterprise’s IT compliance, such as when a user is using Google Drive for
storing company data in place of the company provided cloud storage service(s). It can also impact
the experience of other employees in the organisation. Free flow of data across the organisation
may be hampered and monitoring of such data flow can become a concern.
But, even with the severity of the risks involved, it is necessary to understand that the world will not
recognize a ban of Shadow IT, if ever there is going to be one. It is here to stay, that’s for sure.
Employees will not stop bringing or using their own personal cloud services or their mobile phones
or tablets at work. The best IT organisations can hope for is to embrace Shadow IT and create
restrictions at proper junctions. After all, Shadow IT is making employees more innovative at their
work and making their jobs a little more likeable, thereby, increasing the overall productivity.

Arshad Ahmed
IIIT Allahabad,
MBA-IT/Semester: 04, IMB2013023