1. A common way to classify attacks is whether they are done remotely by a hacker from across the Internet, or whether they are done locally by a user who already has privileges on the system. The important difference is that a "remote" attack can be launched by any of the hundreds of the of millions of people on the Internet at any time without first logging on. Point: A hacker may need to use a combination of remote and local exploits in order to gain control over a system. More and more services are running within sandboxes in order to limit the "spread of the infection". A local exploit may be needed in order to break out of the sandbox. Key point: The most common remote exploits are buffer overflow and other unchecked input attacks. They are either done against public services (such as HTTP and FTP) or during the logon of protected services (such as POP and IMAP). From Hacking-Lexicon