|
|
 |
|
 |
| |
| Adware |
| Any software application that has the ability to display advertisements on your computer. Some adware may track your Web surfing habits. These advertisements may be displayed in many forms, including, but not limited to, pop-up, pop-under, and banner advertisements. Adware may slow your Web browser's performance. Worst case scenario: Some adware may have the ability to download third party software programs on your computer without your knowledge or consent. |
 |
| Application Attack |
| These DoS attacks that involve exploiting an application
vulnerability causing the target program to crash or restart the system.
Kazaa and Morpheus have a known flaw that will allow an attacker to consume all
available bandwidth without being logged. |
|
| Backdoor |
| A hole in the security of a system deliberately left in place by designers or maintainers. The motivation for such holes is not always sinister; some operating systems, for example, come out of the box with privileged accounts intended for use by field service technicians or the vendor's maintenance programmers.
Historically, backdoors have often lurked in systems longer than anyone expected or planned, and a few have become widely known.
|
|
| Bang Path |
| n. An old-style UUCP electronic-mail address naming a sequence of hosts through which a message must pass to get from some assumed-reachable location to the addressee (a "source route"). So called because each hop is signified by a bang sign (exclamation mark). Thus, for example, the path ...!bigsite!foovax!barbox!me directs people to route their mail to computer bigsite (presumably a well-known location accessible to everybody) and from there through the computer foovax to the account of user me on barbox.
Before auto routing mailers became commonplace, people often published compound bang addresses using the { } convention to give paths from several big computers, in the hope that one's correspondent might be able to get mail to one of them reliably. e.g. ...!seismo, ut-sally, ihnp4!rice!beta!gamma!me. Bang paths of 8 to 10 hops were not uncommon in 1981. Late-night dial-up UUCP links would cause week-long transmission times. Bang paths were often selected by both transmission time and reliability, as messages would often get lost.
|
|
| Bitnet |
| n. Everybody's least favorite piece of the network - until AOL happened. The BITNET hosts were a collection of IBM dinosaurs and VAXen (the latter with lobotomized comm hardware) that communicate using 80-character EBCDIC card images; thus, they tend to mangle the headers and text of third-party traffic from the rest of the ASCII/RFC-822 world with annoying regularity. By 1995 it had, much to everyone's relief, been obsolesced and absorbed into the Internet. Unfortunately, around this time we also got AOL. |
|
| Command Line |
| n. Commands that a user types in, in order to run an application |
|
| Cracker |
| n. An individual who attempts to gain unauthorized access to a computer system. These individuals are often malicious and have many means at their disposal for breaking into a system. The term was coined ca. 1985 by hackers in defense against journalistic misuse of "hacker".
Use of this neologism reflects a strong revulsion against the theft and vandalism perpetrated by cracking rings. The neologism "cracker" in this sense may have been influenced not so much by the term "safe-cracker" as by the non-jargon term "cracker", which in Middle English meant an obnoxious person (e.g., "What cracker is this same that deafs our ears / With this abundance of superfluous breath?" -- Shakespeare's King John, Act II, Scene I) and in modern colloquial American English survives as a barely gentler synonym for "white trash".
While it is expected that any real hacker will have done some playful cracking and knows many of the basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate practical reasons.
Contrary to widespread myth, cracking does not usually involve some mysterious leap of hackerly brilliance, but rather persistence and the dogged repetition of a handful of fairly well-known tricks that exploit common weaknesses in the security of target systems. Accordingly, most crackers are only mediocre hackers.
Thus, there is far less overlap between hackerdom and crackerdom than the mundane reader misled by sensationalistic journalism might expect. Crackers tend to gather in small, tight-knit, very secretive groups that have little overlap with the huge, open hacker poly-culture; though crackers often like to describe themselves as hackers, most true hackers consider them a separate and lower form of life, little better than virus writers. Ethical considerations aside, hackers figure that anyone who can't imagine a more interesting way to play with their computers than breaking into someone else's has to be pretty lame. |
|
| Cracking |
| n. The act of breaking into a computer system; what a cracker does. Contrary to widespread myth, this does not usually involve some mysterious leap of hackerly brilliance, but rather persistence and the dogged repetition of a handful of fairly well-known tricks that exploit common weaknesses in the security of target systems. Accordingly, most crackers are only mediocre hackers.
|
|
| Denial of Service (DoS) |
| Attacks are designed to deplete the
resources of a target computer system in an attempt to take a node off line by crashing or
overloading it. Distributed Denial of Service (DDoS) is a DoS attack that is engaged by
many different locations. The most common DDoS attacks are instigated through viruses
or zombie machines. There are many reasons that DoS attacks are executed, and most of
them are out of malicious intent. DoS attacks are almost impossible to prevent if you are
singled out as a target. It's difficult to distinguish the difference between a legitimate
packet and one used for a DoS attack. |
|
| DNS - Domain Name Server |
| Short for Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 198.105.232.4. |
|
| Drive-by Download |
| A drive-by download is a program that a website surreptitiously plants on your Windows PC when you load its pages. Most often without your knowledge or consent. |
|
| Fraggle Attack |
| This types of DoS attack is the same as a smurf attack except using UDP
instead if TCP. By sending an UDP echo (ping) traffic to IP broadcast addresses, the
systems on the network will all respond to the spoofed address and affect the target
system. This is a simple rewrite of the Smurf code. |
|
| FTP |
| n. A communications protocol governing the transfer of files from one computer to another over a network. |
|
| Great Worm |
| n. The 1988 Internet worm perpetrated by RTM. This is a play on Tolkien, in the fantasy history of his Middle Earth books, there were dragons powerful enough to lay waste to entire regions; two of these (Scatha and Glaurung) were known as "the Great Worms". This usage expresses the connotation that the RTM crack was a sort of devastating watershed event in hacker history; certainly it did more to make non-hackers nervous about the Internet than anything before or since. |
|
| Hack Value |
| n. Often adduced as the reason or motivation for expending effort toward a seemingly useless goal, the point being that the accomplished goal is a hack. |
|
| Hacker |
| n. [originally, someone who makes furniture with an axe]
1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
3. A person capable of appreciating hack value.
4. A person who is good at programming quickly.
5. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
6. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker. |
|
| Hacker Ethic |
| n. 1. The belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise by writing open-source and facilitating access to information and to computing resources wherever possible.
2. The belief that system-cracking for fun and exploration is ethically OK as long as the cracker commits no theft, vandalism, or breach of confidentiality.
Both of these normative ethical principles are widely, but by no means universally, accepted among hackers. Most hackers subscribe to the hacker ethic in sense 1, and many act on it by writing and giving away open-source software. A few go further and assert that all information should be free and any proprietary control of it is bad; this is the philosophy behind the GNU project.
Sense 2 is more controversial: some people consider the act of cracking itself to be unethical, like breaking and entering. But the belief that `ethical' cracking excludes destruction at least moderates the behavior of people who see themselves as ?benign? crackers. On this view, it may be one of the highest forms of hackerly courtesy to (a) break into a system, and then (b) explain to the sysop, preferably by email from a superuser account, exactly how it was done and how the hole can be plugged -- acting as an unpaid (and unsolicited) tiger team.
The most reliable manifestation of either version of the hacker ethic is that almost all hackers are actively willing to share technical tricks, software, and (where possible) computing resources with other hackers. Huge cooperative networks such as Usenet, FidoNet and Internet can function without central control because of this trait; they both rely on and reinforce a sense of community that may be hackerdom's most valuable intangible asset.
|
|
| HTML |
| n. A markup language used to structure text and multimedia documents and to set up hypertext links between documents, used extensively on the World Wide Web. |
|
| HTTP or http |
| n. HyperText Transfer Protocol, a protocol used to request and transmit files, especially webpages and webpage components, over the Internet or other computer network. |
|
| Internet |
| n. The Internet is the largest internet (with a small "i") in the world. It is a three level hierarchy composed of backbone networks, mid-level networks, and stub networks. These include commercial (.com or .co), university (.ac or .edu) and other research networks (.org, .net) and military (.mil) networks and span many different physical networks around the world with various protocols, chiefly the Internet Protocol.
Until the advent of the World-Wide Web in 1990, the Internet was almost entirely unknown outside universities and corporate research departments and was accessed mostly via command line interfaces such as telnet and FTP. Since then it has grown to become an almost-ubiquitous aspect of modern information systems, becoming highly commercial and a widely accepted medium for all sort of customer relations such as advertising, brand building, and online sales and services. Its original spirit of cooperation and freedom have, to a great extent, survived this explosive transformation with the result that the vast majority of information available on the Internet is free of charge.
While the web (primarily in the form of HTML and HTTP) is the best known aspect of the Internet, there are many other protocols in use, supporting applications such as electronic mail, Usenet, chat, remote login, and file transfer. |
|
| Keylogger |
| Good: Keystroke logging is a diagnostic used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems. Such systems are also highly useful for law enforcement and espionage ? for instance, providing a means to obtain passwords or encryption keys and thus bypassing other security measures.
Bad: A computer program that captures the keystrokes of a computer user and stores them. Modern keyloggers can store additional information, such as images of the user?s screen. Most malicious keyloggers send this data to a third party remotely (such as via email).
|
|
| Larval Stage |
| n. Describes a period of monomaniacal concentration on coding apparently passed through by all fledgling hackers. Common symptoms include the perpetration of more than one 36-hour hacking run in a given week; neglect of all other activities including usual basics like food, sleep, and personal hygiene; and a chronic case of advanced bleary-eye. Can last from 6 months to 2 years, the apparent median being around 18 months. A few so afflicted never resume a more `normal' life, but the ordeal seems to be necessary to produce really wizardly (as opposed to merely competent) programmers. |
|
| Logic Bomb |
| n : a delayed action computer virus; a set of instructions surreptitiously inserted into a program that are designed to execute (or `explode') if a particular condition is satisfied; when exploded it may delete or corrupt data, or print a spurious message, or have other harmful effects. |
|
| Malware |
| Short for malicious software, software designed specifically to damage or
disrupt a system, such as a virus or a Trojan horse. |
|
| Mockingbird |
| Software that intercepts communications (especially login transactions) between users and hosts and provides system-like responses to the users while saving their responses (especially account IDs and passwords). A special case of Trojan Horse. |
|
| Operating System |
Called the OS, it is the software that makes your computer run. Here is a short list of operating
systems:
- DOS
- Windows 3.1, 95, 98, 2000, ME, XP, NT
- Linux Gentoo, Redhat, Xwindows
- Mac OSX:
|
|
| PEBCAK |
| Problem Exists Between Chair And Keyboard |
|
| Phage |
| A program that modifies other programs or databases in unauthorized ways; especially one that propagates a virus or Trojan horse. The analogy, of course, is with phage viruses in biology. |
|
| Phishing |
| "Phishing" is a kind of credit and debit card fraud. By pretending to email from a bank or similar site, scammers "fish" for account numbers, passwords, Social Security numbers, etc. They trick consumers into divulging sensitive information so that unlawful charges can be made on the consumers' accounts. |
|
| Phreaking |
| 1. The art and science of cracking the telephone network so as, for example, to make free long-distance calls.
2. Sending out emails that appear to be from valid companies, mostly financial institutions, stating that something is wrong with your account and that you need to login in to fix it. The email provides links to what appear to be valid sites with a login. When you try to login, you get an error message, and they now have your information.
If you get one of these emails, DO NOT CLICK THE LINK PROVIDED, instead, navigate to the page the way you normally do and report it.
|
|
| Ping of Death |
| An attacker sends illegitimate ICMP (ping) packets larger than 65,536
bytes to a system with the intention of crashing it. These attacks have been outdated since
the days of NT4 and Win95. |
|
| Rootkit |
| A rootkit is used to maintain remote access to a system. Often the software is used to hide a backdoor on a computer that lets crackers enter surreptitiously. Typically, it arrives in a Trojan horse or via malicious Web download. Some adware makers also use rootkits to cover up their software.
|
|
| Samurai |
| A hacker who hires out for legal cracking jobs, snooping for factions in corporate political fights, lawyers pursuing privacy-rights and First Amendment cases, and other parties with legitimate reasons to need an electronic locksmith. They claim to adhere to a rigid ethic of loyalty to their employers and to disdain the vandalism and theft practiced by criminal crackers as beneath them and contrary to the hacker ethic. |
|
| Script Kiddie |
| A person, normally someone who is not technologically sophisticated,
who randomly seeks out a specific weakness over the Internet in order to gain root access
to a system without really understanding what it is s/he is exploiting because the
weakness was discovered by someone else. A script kiddie is not looking to target specific
information or a specific company but rather uses knowledge of a vulnerability to scan
the entire Internet for a victim that possesses that vulnerability. |
|
| Script Monkey |
| First level of Tech Support at any given company. So called because they sit in front of a computer, searching a database using keywords from your conversation to look up possible solutions to your problem. They have little or no knowledge of how to actually fix a computer, they just read the script that is on the screen.
They typically have heavy foreign accents. |
|
| Smurf Attack |
| Smurf and Fraggle DoS attacks are the easiest to prevent. A perpetrator sends a
large number of ICMP echo (ping) traffic at IP broadcast addresses, using a fake source
address. The ?source? or spoofed address will be flooded with simultaneous replies. |
|
| Spod |
| A lower form of life found on chat systems. The spod has few friends in RL and uses chat instead, finding communication easier and preferable over the net. He has all the negative traits of the computer geek without having any interest in computers per se. A true spod will start any conversation with "Are you male or female?" (and follow it up with "Got any good numbers/IDs/passwords?") and will not talk to someone physically present in the same terminal room until they log onto a computer and enter chat. |
|
| Spoofing |
| Falsifying an Internet address (know as spoofing) is the method an attacker
uses to fake an IP address. This is used to reroute traffic to a target network node or used
to deceive a server into identifying the attacker as a legitimate node. When most of us
think of this approach of hacking, we think of someone in another city essentially
becoming you. The way TCP/IP is designed, the only way a criminal hacker or cracker
can take over your Internet identity in this fashion is to blind spoof. This means that the
impostor knows exactly what responses to send to a port, but will not get the
corresponding response since the traffic is routed to the original system. |
|
| Spyware |
| Software that transmits information back to a third party without notifying the user. It is also commonly referred to as malware, trackware, hijackware, scumware, snoopware or thiefware. Some privacy advocates also call legitimate access control, filtering, Internet monitoring, password recovery, security or surveillance software "spyware" because it could be used without notifying the user. |
|
| SYN Flood |
| Attackers send a series of SYN requests to a target (victim). The target
sends a SYN ACK in response and waits for an ACK to come back to complete the
session set up. Instead of responding with an ACK, the attacker responds with another
SYN to open up a new connection. This causes the connection queues and memory buffer
to fill up, thereby denying service to legitimate TCP users. |
|
| Teardrop |
| Otherwise known as an IP fragmentation attack, this DoS attack targets
systems that are running Windows NT 4.0, Win95 , Linux up to 2.0.32. Like the Ping of
Death, the Teardrop is no longer effective. |
|
| Telnet |
| n. The Internet standard protocol for remote login. Runs on top of TCP/IP. Unix BSD networking software includes a program, telnet, which uses the protocol and acts as a terminal emulator for the remote login session.
2. The US nationwide network into which one dials to access CompuServe. |
|
| Trojan Horse |
| A malicious, security-breaking program that is disguised as something benign, such as a web browser toolbar, game, or screensaver. A Trojan horse is similar to a back door. |
|
| Usenet |
| n. From ?Users' Network?: A distributed bulletin board system supported mainly by Unix machines. Originally implemented in 1979 at Duke University, it has swiftly grown to become international in scope and is now probably the largest decentralized information utility in existence.
By 1994, the year the Internet hit the mainstream, the original UUCP transport for Usenet was fading out of use, almost all Usenet connections were over Internet links. A lot of newbies and journalists began to refer to "Internet newsgroups" as though Usenet was and always had been just another Internet service. This ignorance greatly annoys experienced Usenetters. |
|
| Virus |
| n. A program or piece of code written by a cracker that "infects" one or more other programs by embedding a copy of itself in them, so that they become Trojan horses. When these programs are executed, the embedded virus is executed too, thus propagating the "infection". This normally happens invisibly to the user.
Unlike a worm, a virus cannot infect other computers without assistance. It is propagated by vectors such as humans trading programs and ?funny videos? and ?check out this website? etc. with their friends. The virus may do nothing but propagate itself and then allow the program to run normally. Usually, however, after propagating silently for a while, it starts doing things like opening Internet Explorer windows, etc. Some Viruses written by particularly antisocial crackers may do irreversible damage, like deleting files.
All computer viruses are man made. |
|
| World-Wide Web |
| n. An Internet client-server hypertext distributed information retrieval system which originated from the CERN High-Energy Physics laboratories in Geneva, Switzerland.
On the WWW everything (documents, menus, indices) is represented to the user as a hypertext object in HTML format. Hypertext links refer to other documents by their URLs. These can refer to local or remote resources accessible via FTP, Gopher, Telnet or news, as well as those available via the http protocol used to transfer hypertext documents. The client program (known as a browser), e.g. IE, Firefox, Mosaic, Netscape Navigator, runs on the user's computer and provides two basic navigation operations: to follow a link or to send a query to a server. A variety of client and server software is freely available. Most clients and servers also support "forms" which allow the user to enter arbitrary text as well as selecting options from customizable menus and on/off switches. Following the widespread availability of web browsers and servers, many companies from about 1995 realized they could use the same software and protocols on their own private internal TCP/IP networks giving rise to the term "intranet". |
|
| Worm |
| (From "Tapeworm" in John Brunner's novel "The Shockwave Rider", via XEROX PARC) A program that propagates itself over a network, reproducing itself as it goes. Compare virus. Nowadays the term has negative connotations, as it is assumed that only crackers write worms. |
|
| Xerox Parc |
| Xerox Corporation's Palo Alto Research Center.
For more than a decade, from the early 1970s into the mid-1980s, PARC yielded an astonishing volume of ground-breaking hardware and software innovations. The modern mice, windows, and icons (WIMP) style of software interface was invented there. So was the laser printer and the local-area network; and PARC's series of D machines anticipated the powerful personal computers of the 1980s by a decade. Sadly, the prophets at PARC were without honor in their own company, so much so that it became a standard joke to describe PARC as a place that specialized in developing brilliant ideas for everyone else.
|
|
|
 |
|
 |
|
| |
| |
