Definitions Edit

Information leakage is

[t]he intentional or unintentional release of information to an untrusted environment."[1]
[w]hen a web site reveals sensitive data, such as developer comments or error messages, which aids an attacker in exploiting the system.[2]

Overview Edit

General Edit

"This threat is differentiated from data breaches, as it merely concerns technical or organisational information that might be interesting for threat agents in order to perform reconnaissance and delivery of their attacks; as opposed to data breach which is result of a successful attack targeting customers' data."[3]

Smart grid Edit

"Attacks of this type target various smart grid components and their main aim is to acquire private sensitive information (energy consumption, credit cards, session data, access control data)."[4]

References Edit

  1. NIST Special Publication 800-53, App. B, Glossary.
  2. The Web Security Glossary (full-text).
  3. ENISA Threat Landscape 2013–Overview of Current and Emerging Cyber-Threats, at 29 (citations omitted).
  4. Threat Landscape and Good Practice Guide for Internet Infrastructure, at 11.

See also Edit