medium
Single Answer
0A hacker recently violated the integrity of data in Fotis's company by modifying a file using a precise timing attack. The attacker waited until Fotis verified the integrity of a file's contents using a hash value and then modified the file between the time that Fotis verified the integrity and read the contents of the file. What type of attack took place?
Answer Options
A
Social engineering
B
TOCTOU
C
Data diddling
D
Parameter checking
Correct Answer: B
Explanation
In a time of check to time of use (TOCTOU) attack, the attacker exploits the difference in time between when a security control is verified and the data protected by the control is actually used.