Hacking 148
See Also: Cracking; Eavesdrop; Privacy; Privacy Laws.
Further Reading: Ishai,Y. Sahai, A. and Wagner, D. Private Circuits: Securing Hardware
Against Probing Attacks. [Online, 2004.] University of California at Berkeley Computer Science
Department Website. http://www.cs.berkeley.edu/~daw/papers/privcirc-crypto03.pdf.
Hardware Setup (general term): A set of parameters such as data rate, modem type, and
port/device used as a resource to launch a host or a remote session.
See Also: Host; Modem; Port and Port Numbers.
Hardware Vulnerabilities (general term): Generally caused by the exploitation of features having
been put into the hardware to differentiate it from the competition or to aid in the support
and maintenance of the hardware. Some exploitable features include terminals with memory that
can be reread by the computer and downloadable configuration and password protection for all
types of peripheral devices, including printers. It is the cracker’s creative misuse of these features
that can turn a “feature” into a “vulnerability.”
See Also: Exploit; Hardware Attacks Paper by Ishai, Sahai, and Wagner;Vulnerabilities of
Computers.
Further Reading: Pipkin, D.L. Halting the Hacker: A Practical Guide to Computer Security.
Upper Saddle River, NJ: Prentice Hall, 2003.
Harm to Property (legal term): Can occur in nonvirtual crimes such as vandalism as well as in
virtual crimes such as Web page defacement.
See Also: Harm.
Hash, One-Way (general term):The output or end result value of data that has been processed
by an algorithm, transforming messages, text, or binary data into a fixed string of numbers for
security or data-management purposes.“One-way” suggests that it is almost impossible to figure
out the original text or data from the numerical string.A one-way hash function is typically used
for digital signature creation, which in turn identifies and authenticates the sender of a digital
message or ensures the integrity of the binary data.
On March 11, 2005, news stories reported that a month earlier, three Chinese cryptologists
discovered how to crack a U.S. government–approved information security system called Secure
Hash Algorithm-1, or SHA-1.The worry was that this encryption is prevalently used within the
U.S. government, including the U.S. intelligence community and the Pentagon. SHA-1 is commonly
used to verify the integrity of digital media and to ensure that secure email has not been
altered during transmission.
See Also: Algorithm;Text.
Further Reading: Gertz, B. and Scarborough, R. Inside the Ring. [Online, March 11, 2005.]
News World Communications, Inc. Website. http://washingtontimes.com/national/20050311-
123922-9537r.htm; Jupitermedia Corporation.One-way Hash Function. [Online, January 8, 2002.]
Jupitermedia Corporation Website. http://www.webopedia.com/TERM/O/one-way_hash_
function.htm.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) (legal term):
Focused on health protection for United States employees in a number of ways, with the Centers
149 Health Insurance Portability and Accountability Act of 1996 (HIPAA)
for Medicare and Medicaid Services (CMS) having the responsibility to implement various unrelated
provisions of HIPAA.
Title I of HIPAA maintains that health insurance coverage for individuals and their families
will carry on when they transfer or lose employment, and Title II requires the Department of
Health and Human Services to develop and maintain national standards for e-transactions in
health care.Title II also speaks to the security and privacy of health data.
The developers of HIPAA felt that such standards would improve the efficiency and effectiveness
of the U.S. health care system by encouraging the secure and private handling of
electronic data. For information security purposes, HIPAA requires a double-entry or doublecheck
of data entered by personnel.
With a deadline of April 21, 2005, all U.S. health care organizations had to meet the new
HIPAA Security Rule regulations by taking extra measures to secure protected health information.
The final version of the Security Rule was published on April 21, 2003.
See Also: Accountability; Privacy; Privacy Laws; Security.
Further Reading: Centers for Medicaid and Medicare Services. The Health Insurance
Portability and Accountability Act of 1996 (HIPAA). [Online, October 16, 2002.] Centers for
Medicaid and Medicare Services Website. http://www.cms.hhs.gov/hipaa/; Consul. Consul
Insight and HIPAA. [Online, August 30, 2004.] Consul Website. http://searchSecurity.com/r/
0,,38262,00.htm?track+NL-358&ad=506624&CONSUL.
Helsingius, Johan (person; 1962– ): During the mid-1990s, hackers around the world were
arrested for their exploits, and the media took every opportunity to color them as criminals.
One of the highly publicized cases was that of Johan Helsingius (a.k.a. Julf), a Finnish hacker
who ran the most subscribed anonymous remailer, penet.fi, on a run-of-the-mill 486 computer
with a 200-megatbyte hard drive. In July 1995, his premises were raided by the police after
the Church of Scientology filed a complaint that a penet.fi customer was posting the Church’s
“secrets” on the Internet. The Finnish court eventually ruled that Helsingius must reveal the
customer’s email address. In contrast to most hackers, Johan did not have a moniker and did
not post himself anonymously on the Web.
On May 20, 2005, Johan’s Web page was down.A note on this Web page pointed to the cracking
efforts of spammers and virus writers: http://www.julf.com/.
See Also: Anonymity; Anonymous Remailer; Electronic Mail or Email; Exploit; Hacker;
Internet; Moniker.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Hexadecimal (general term): Refers to the base 16 numbering system, consisting of 16 unique
symbols—the numbers from 0 through 9 and the letters from A to F.This system is useful because
it represents every byte (that is, 8 bits) as two consecutive hexadecimal digits, which are easier for
people to read than binary numbers.For example, 15 is represented as “F” in the hexadecimal numbering
system. To translate a hexadecimal value to a binary one, an individual turns every
hexadecimal digit into its 4-bit binary counterpart, such that hexadecimal numbers have either a
0x prefix or an h suffix. For example, the hexadecimal number 0x3F7A translates into this binary
number: 0011 1111 0111 1010.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) 150
See Also: Bit and Bit Challenge.
Further Reading: Jupitermedia Corporation. Hexadecimal. [Online, March 31, 2003.]
Jupitermedia Corporation Website. http://www.webopedia.com/TERM/H/hexadecimal.html.
Hijacking (general term):The cutting off of an authenticated, authorized connection between
a sender and a receiver.Through hijacking, an attacker can take over the connection,“killing” the
information sent by the original sender and sending “attack data” instead.
See Also: Exploit.
Himanen, Pekka (person; 1974– ): A University of Helsinki philosophy professor and previously
a hacker. Himanen coauthored The Hacker Ethic and the Spirit of the New Economy, published
in 2001, with Manuel Castells, a sociology professor at the University of California, and Linus
Torvalds, the man behind Linux.The book advocated viewing a hacker primarily as an enthusiastic
programmer—and not as some dangerous criminal—who shares his or her work with
others. Pekka Himanen’s Web page can be found at http://www.pekkahimanen.org/.
See Also: Linux;Torvalds, Linus.
Hoffman,Abbie and Bell, Al Team (general term): In the 1970s, the publishing partner of Al
Bell,Yippie guru Abbie Hoffman, amended the title of The Youth International Party Line newsletter
to TAP, or Technical Assistance Program.The premise behind the newsletter was that phreaking
did not hurt anyone because telephone calls emanated from an unlimited reservoir. At the time,
hackers voraciously absorbed the rather technical articles found in TAP—which encompassed
such “hot” topics as explosives formulas, electronic sabotage blueprints, credit card fraud, and so
on. Peculiar forms of Computer Underground writing were started in this newsletter, such as
spelling the word “freak” as “phreak,” substituting “z” for “s,” and substituting “0” (zero) for “O”
(the letter). These trends within the hacker community continue. The last editor of TAP was
phreaker Cheshire Catalyst.
See Also: Cheshire Catalyst and TAP; Phreaking;TAP.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Homeland Security Act of 2002 (legal term): Brought by U.S. Representative Richard
Armey, R-TX, to the Standing Committee in the House on July 10, 2002. Amendments were
made by the Committee on Homeland Security on July 24, 2002.The legislation was passed by
the House and Senate as of November 25, 2002 and was signed by President George W. Bush as
Public Law 107-296 to establish the Department of Homeland Security.
See Also: Department of Homeland Security (DHS).
Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet.
[Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/
legislation/107th/wiretaps/.
Homeland Security Information Sharing Act of 2002 (legal term): In 2002, U.S. Senator
Saxby Chambliss, R-GA, and U.S. Representative Jane Harman, D-CA, suggested that the
United States should have a Homeland Security Information Sharing Act to assist in sharing with
state and local authorities homeland security information by federal intelligence agencies. The
Act would also have the President direct the coordination of various intelligence agencies.The
151 Homeland Security Information Sharing Act of 2002
Act was referred to the Committee on Intelligence and to the Committee on the Judiciary on
April 25, 2002. It was sent to the Subcommittee on Crime,Terrorism, and Homeland Security
on May 6, 2002, and on June 13, 2002, it was reported with changes by the House Judiciary.
Finally, on June 25, 2002, it was passed by the House.
After the September 11 terrorist attacks, other nations passed similar acts for the sharing of
homeland security information by national intelligence agencies with local authorities and for
determining the criteria as to who should be considered a terrorist risk.The terrorist risk criteria
question has stirred considerable controversy, with people of Arab or Muslim backgrounds in
particular claiming unfair labeling and unfair screening and civil liberties groups arguing that bills
authorizing “watch-list” criteria do not adequately protect people’s privacy.
As did the United States, after September 11, 2001, the Canadian parliament enacted extraordinary
police and security measures, and the Canadian Security Intelligence Service (CSIS),
headed as of this writing by Jim Judd, was charged with determining terrorist risk criteria. In
March 2005, Liberal Senator Mobina Jaffer claimed that some members of identifiable groups
have had to cope with the negative impact of nondiscreet activities used by some CSIS officers.
She stated the case of a professor who was not in his office when a CSIS officer telephoned
repeatedly, leaving the message that the agency wanted to speak with him.Though these activities
led university colleagues to suspect that he was terrorist suspect, in the end the CSIS officer
apparently wanted only to have some information about Afghanistan.
In June 2006 terrorist headlines were made when the RCMP and CSIS rounded up 17
Canadian-bred terrorist suspects. Their targets allegedly included the Parliament buildings in
Ottawa, the CBC Broadcasting Centre, CSIS offices, an unspecified military installation, the
Toronto Stock Exchange, and the CN Tower in Toronto.
See Also: Department of Homeland Security (DHS); Intelligence; Privacy; Privacy Laws;
Risk;Terrorism; U.S. Intelligence Community.
Further Reading: CBC: Indepth:Toronto Bomb Plot. [Online, June 5, 2006.] CBC Website.
http://www.cbc.ca/news/background/toronto-bomb-plot/index.html; Center for Democracy
and Technology. Legislation Affecting the Internet. [Online, July 28, 2004.] Center for
Democracy and Technology Website. http://www.cdt.org/legislation/107th/wiretaps/; Sallot, J.
Building Terror-Watch System Slow Work, CSIS Chief Says. The Globe and Mail, March 8,
2005, p. A4.
Homeland Security Strategy Act of 2001 (legal term): Introduced by U.S. Representative
Ike Skelton, D-MO, on March 29, 2001, the Homeland Security Strategy Act, also known as
H.R.1292, if passed, required the President of the United States to design and implement a strategy
for providing security to the homeland. On March 29, 2001, this legislation was referred to
the Committee on the Armed Services on Transportation and Infrastructure. On April 4, 2001,
it was sent to the Transportation and Infrastructure Committee, and on April 19, 2001, it was
sent by the Judiciary Committee to the Subcommittee on Crime. On August 10, 2001, it
received unfavorable Executive Comment from the Department of Defense.The terrorist attacks
of September 11, 2001, occurred one month later.
See Also: Critical Infrastructures; Critical Networks; Department of Homeland Security
(DHS); Security; September 11, 2001;Terrorism;Terrorist Events.
Homeland Security Information Sharing Act of 2002 152
Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet.
[Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/
legislation/107th/wiretaps/.
Honeypots or Honeynets (general term): A computer or computer network set up to “pretend”
that it offers some real service, such as a Web or Email service, on the Internet.The real
purpose of a honeypot is, in fact, to lure crackers.The computer or network is closely monitored
by an expert to find out how a cracker breaks into the system and what he or she does to
compromise it. Generally, honeypots contain legal warnings in their banners advising crackers to
leave. Honeypots can also observe individuals who run botnets, a network of compromised
machines controlled remotely by crackers.
In March 2005, a new honeypot was said to be able to trap crackers using Google queries to
discover vulnerable systems. These crackers would normally use search engine queries to find
sites whose URLs contain a particular string of words or phrases indicating that the site uses vulnerable
applications.
Legal issues about whether honeypots infringe on crackers’ privacy rights have arisen in recent
years and will likely continue to emerge and be resolved in court.
See Also: Bot or Robot; Crackers; Internet; Privacy; Privacy Laws.
Further Reading: Honeypots.net. Intrusion Detection Articles, Links and Whitepapers.
Honeypot.net Website. http://www.honeypots.net/ids/links/; Penton Media Inc. Google
Hacking: No Longer a Sure Thing for Intruders. [Online, March 19, 2005.] Penton Media Inc.
Website. http://list.windowsitpro.com/t?ct1=48C6:4FB69;The Honeypot Project and Research
Alliance. Know Your Enemy:Tracking Botnets. [Online, March 13, 2005.] The Honeynet Project
Website. http://www.honeynet.org/papers/bots.
Hook (general term): An area in the message-handling mechanism of a computer system in
which an application can install a subroutine to monitor the message traffic in the system.This
application can also process certain kinds of messages before they can reach the targeted window
procedure. Hooks significantly slow down computer systems because they increase the amount
of processing that the system must perform for each message; therefore, they should be installed
only when necessary.
See Also: Message.
Further Reading: Microsoft Corporation. Hooks. [Online, 2004.] Microsoft Corporation
Website. http://msdn.microsoft.com/library/default.asp?url=/library/enus/winui/winui/
windowsuserinterface/windowing/hooks.asp; http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/winui/WinUI/WindowsUserInterface/Windowing/Hooks/AboutHooks.asp.
HOPE: See Hackers on Planet Earth.
Hopper, Grace Murray (person; 1906–1992): A Rear Admiral who wrote the computer language
Cobol and was a woman of computing fame during the 1960s. She not only was a leader
in software development concepts but also helped to catalyze the transition from early programming
techniques to the utilization of sophisticated compilers. Dr. Hopper received a number of
awards for her successes, and in 1969 she was the first recipient of the Computer Sciences Manof-
the-Year Award given by the Data Processing Management Association. She died in 1992.
153 Hopper, Grace Murray
See Also: Programming Languages C, C++, Perl, and Java.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Host (general term): A computer that permits users to communicate with other computers on a
network by providing a service. Individual users access these services through application programs
such as electronic mail (email), FTP, and telnet.
See Also: Electronic Mail or Email; FTP (File Transfer Protocol); Network;Telnet.
Further Reading: QUT Division of Technology, Information and Learning Support.
Network Glossary. [Online, July 17, 2003.] QUT Division of Technology, Information and
Learning Support Website. http://www.its.qut.edu.au/network/glossary.jsp.
Hotspots or Drive-by Hacking (general term): A location from which wireless service is
accessible. Although a number of service providers make wireless Internet access legal in such
places as airline lounges, Internet cafes, and hotel lobbies, “drive-by hacking” occurs when
crackers try to spoof mobile device credentials as they are seated in a parked car or in some
building at a “safe” distance from some targeted company.
In a move to curb drive-by hacking, in April 2003, Interlink Networks (a producer of wireless
networks access control and security software) and Bluesoft (a producer of wireless security
positioning platforms) announced a partnership.Together, they said, they would provide valueadded
security software for Wi-Fi (IEEE 802.11) networks.
Although Interlink Networks’ software secures access to both private and public wireless LAN
networks (based on the standards-based 802.1x security solution that is also compliant with the
Wi-Fi Protected Access or WPA specifications), Bluesoft’s system not only locates the mobile
device but also has authentication information.This location-based authentication software adds a
layer of wireless security by permitting companies to make sure that only authenticated users in
a designated building, or on, say, a designated university campus would be allowed access to the
network. Also, location-based policy management would be able to allow for differentiated services
in different parts of the building or on different parts of the campus. For example, Internet
access could be provided in the building’s lobby but denied in the remaining building areas.
See Also: Crackers; Internet;Wardriving and Warwalking;Wireless.
Further Reading: BWE, Inc. Interlink Networks and Bluesoft Partner to Deliver Wi-Fi
Location-Based Security Solutions. [Online, 2003.] BWE, Inc.Website. http://www.wifizonenews
.com/publications/page358-492296.asp.
HTML or HyperText Markup Language (general term):The text format for the Websites of
the World Wide Web (WWW). HTML is a language known for its ease of authoring.
See Also: Internet;World Wide Web (WWW).
Further Reading: Internet Highway, LLC. Internet Highway, LLC. Internet Terminology:
HTML. [Online, 1999.] Internet Highway, LLC Website. http://www.ihwy.com/support/
netterms.html.
HTTP (HyperText Transfer Protocol) (general term): Used to transfer WWW data over the
Internet.This is why all Website addresses begin with http://.
Hopper, Grace Murray 154
Whenever a user types a URL into the browser and presses the Enter key, his or her computer
sends an HTTP request to the correct Webserver.The Webserver, developed to handle such
requests, then sends the user the requested HTML page. Or to be entirely accurate, a Webserver
can send HTML back to a browser dynamically and not necessarily in a page. Dynamic languages,
such as PHP (PHP: Hypertext Processor), can generate HTML dynamically and not deal
with it in a page.
Some important Websites related to detecting and curbing cracking activities, cyberterrorism,
and cybercrimes include http://www.2600.com, the Website for 2600: The Hacker Quarterly;
http://www.antionline.com, the Website for Antionline (AO), a place where members share their
knowledge to help others learn to identify and mitigate security issues regarding real-world
events; and http://www.cert.org, the Website for the CERT Coordination Center (CERT/CC),
a center of Internet security expertise located at the Software Engineering Institute at Carnegie
Mellon University.
See Also: HTML (HyperText Markup Language); Internet; URL or Uniformed Resource
Locator;World Wide Web (WWW).
Further Reading: Christensson, P. 2004. SharpenedNet.com: Glossary: HTTP. [Online,
2002.] Per Christensson Website. http://www.sharpened.net/glossary/definition.php?http.
Hughes, Eric, Gilmore, John, and May, Tim Team (general team): Thinking that a need
existed for privacy in an open-information society, Eric Hughes started the Cypherpunks with
John Gilmore and Tim May. Calling themselves a wandering band of cryptographers, advocates
for privacy, and anarchists in a digital world, the Cypherpunks have a prolific email list that purportedly
synthesizes mathematical concepts with the practical issues of a cultural revolution.
See Also: Cypherpunks.
Further Reading: Wired Digital Inc. Eric Hughes. [Online, July 11, 1996.] Wired Digital
Inc.Website. http://hotwired.wired.com/talk/club/special/transcripts/96-07-11.hughes.html.
Human Factor or Social Engineering (general term):Typically, cracking activities include not
only some degree of technological prowess but also human factor skills, known as social engineering.
Simply put, even at the very basic level, a cracker needs to “social engineer” a computer
system or another human being into thinking that he or she is the system administrator or a legitimate
user.“Human factor engineering” and “social engineering,” therefore, are general terms used
to describe how crackers manipulate a social situation to gain access to a network for which they
are not authorized.This access could be permanent or temporary and could even employ as part
of the scheme an organizational “insider.” Putting on a janitor’s outfit and pretending to be allowed
access to a computer network would be one example of a low-end “human factor” or “social engineering”
technique.
See Also: Computer; Cracking; Social Engineering; Social Engineering Techniques.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
155 Human Factor or Social Engineering
IANA or Internet Assigned Numbers Authority (general term): One of the key bodies overseeing
Internet networking. IANA governs top-level domains—represented by the final part of
Web domain names, such as .com, .org, or .edu. It also governs IP address allocation and TCP
and UDP port number assignment.
See Also: Internet; IP Address;TCP/IP or Transmission Control Protocol/Internet Protocol;
User Datagram Protocol (UDP).
Further Reading: About, Inc. 2004. IANA. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-iana.htm.
ICE (Intrusion Countermeasure Electronics or IC) (general term): In the Computer
Underground (CU),“ice” is a fictional form of anti-cracker countermeasure, often depicted as a
wall of ice.The term first appeared in William Gibson’s book Neuromancer, in which he described
various means of protecting systems from intrusion. In other words, IC was a software program
on the Matrix to stop illegal access to company or government computer systems and valuable
information stores.A number of intrusion countermeasure electronics types were available, including
lethal Black IC—which could kill the intruder—and Probe IC, which hunted for system
trespassers and then shot back.
Today, real world Intrusion Detection products, such as BlackICE, are modeled after the theoretical
concepts. Nobody is killed and the shooting back—although technically illegal—targets
the attacker’s computer system.
See Also: Matrix; Probe.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; Clutton, R.
Welcome to the Simple Guide of Cyberpunk. [Online, June 24, 2001.] http://tip.net.au/
~rclutton/cdict.html.
Icebreaker (general term): A software program that cracks corporate firewalls.
See Also: Cracking; Firewall.
Further Reading: Clutton, R. Welcome to the Simple Guide of Cyberpunk. [Online,
June 24, 2001.] http://tip.net.au/~rclutton/cdict.html.
id (identity) (general term): A UNIX command that identifies the user account executing the
command—often an early command that crackers will run on the system when cracking
remotely. In short, the intruder will remotely compromise a service running under a root
account, an account set up for a special service, or a user’s account. The hope of crackers is to
achieve root access immediately. If this is not achieved, the cracker will need to run a local
exploit to elevate his or her privileges.
See Also: Remote Attacks or Exploits or Intrusions.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Identd/auth (general term): A service on UNIX that can be used to identify a TCP connection
owner.Though it was first developed to be used as an authentication mechanism, today it
is used primarily to log who does what activities.
See Also: Authentication; Log;TCP/IP or Transmission Control Protocol/Internet Protocol;
UNIX.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Identity Theft or Masquerading (legal term):The malicious theft and consequent misuse of
someone else’s identity to commit a crime. Identity theft often involves cracking into a system
to obtain personal information, such as credit card numbers, birth dates, and social insurance or
Social Security numbers of targets and then using this information in an illegal manner, such as
buying items with the stolen identity or pretending to be someone else of higher professional
status in order to gain special privileges. Identity theft is one of the fastest-growing crimes in the
United States and elsewhere around the globe.
On February 21, 2005, ChoicePoint Inc., a data warehouser having 17,000 business customers,
had its massive database of client personal information cracked. Consequently, the company said
that about 145,000 consumers across the United States may have been adversely impacted by the
breach of the company’s credentialing process. The company said that the criminals who
obtained access used stolen identities to create what seemed to be legitimate businesses wanting
ChoicePoint accounts. The cybercriminals then opened 50 accounts and received abundant
personal data on consumers, including their names, addresses, credit histories, and Social Security
numbers.
As a result of this case as well as of similar 2005 breaches at the LexisNexis Group (affecting
310,000 clients) and at the Bank of America (affecting about 1.2 million federal employees with
this charge card), Discount ShoeWarehouse (affecting about 1.2 million clients), and more than
300,000 identities stolen from universities since January 2005,U.S. politicians, including two U.S.
Senators, called for hearings and ramped-up regulations to protect consumers against identity
theft. Moreover, the U.S. states are collectively proposing more than 150 bills to regulate online
security standards, increased identity theft and fraud protection, increased data broker limitations,
increased limits on data sharing or use or sales, and better security breach notification.
On March 4, 2005,White Hat hackers surfed the Web at Seattle University with the intent of
harvesting Social Security Numbers and credit card numbers. In less than 60 minutes, they
found millions of names, birth dates, and Social Security and credit card numbers using just one
Internet search engine,Google.They warned that the use of the right kind of sophisticated search
terms could even find data deleted from company or government Websites but temporarily
cached in Google’s extraordinarily large data warehouse.The problem did not lie with Google,
they affirmed, but with companies allowing Google to enter into the public segment of their
networks (called the DMZ) and index all the data contained there. Although Google does not
need to be repaired, said the White Hats, companies and government agencies need to understand
that they are exposing themselves and their clients by posting sensitive data in public places.
See Also: Cybercrime and Cybercriminals; Social Security Number (SSN);Theft.
id (identity) 158
Further Reading: Associated Press. Data Brokerages: LexisNexis Database Hit by ID Thieves.
The Globe and Mail, March 10, 2005, p. B13; McAlearney, S. Privacy: How Much Regulation Is
Too Much? [Online, May 2, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/
originalContent/0,289142,sid14_gci1083916,00.html?track=NL-358&ad=513148; Shukovsky,
P. Good Guys Show Just How Easy It Is to Steal ID. [Online, March 5, 2005.] Seattle Post-
Intelligencer Website. http://seattlepi.newsource.com/local/214663_googlehack05.html;Weber,
H.R. Criminals Access ChoicePoint’s Information Data. The Globe and Mail, February 22, 2005,
p. B15.
IEEE 802.11 (general term): In 1977, the Institute of Electrical and Electronics Engineers,
known as the IEEE, ratified the 802.11 specification as the standard for Wireless Local Area
Networks (WLANs).The specifications originally defined 1 Mbit/s and 2 Mbit/s data transmission
rates and a set of basic signaling methods.However, those earlier data transmission rates were
too slow to support most business requirements and were ineffective in encouraging WLAN
adoption.
Therefore, in 1999 the IEEE ratified the 802.11b standard (or 802.11 High Rate), which provided
for data transmission rates up to 11 Mbit/s. In June 2003 the 802.11g standard was ratified
to allow for data transmission rates up to 54 Mbit/s.
The 802.11 specification defines a pair of devices: (1) a wireless station—typically a PC with
a wireless network interface card (known as NIC); and (2) an access point (known as AP)—
which serves as a bridge between the wired and the wireless worlds.
An AP usually has a radio, an Ethernet interface (such as IEEE 802.3), and software meeting
the 802.1d “bridging” standard.The AP serves as the wireless network’s base station so that many
wireless end stations can get access to the wired network. Wireless end stations, though they
vary, typically include 802.11 PC cards and embedded solutions in useful items such as telephone
handsets.
The 802.11 standard also defines two modes: the infrastructure mode and the ad hoc mode.
In infrastructure mode, the wireless network is made up of at least one AP connected to the
wired network infrastructure as well as a number of wireless end stations.The latter is known as
a Basic Service Set (BSS). An Extended Service Set (ESS) has two or more Basic Service Sets
forming a subnetwork. Because most large companies’WLANs need access to the wired LAN
for functional services (such as file servers, Internet links, and printers), they tend to operate in
infrastructure mode.
See Also: Internet; Local Area Network (LAN);Wireless.
Further Reading: PCTechGuide.com. Wireless Networks. [Online, December 1, 2002.]
PCTechGuide Website. http://www.pctechguide.com/29network_Wireless_networks.htm.
IIA (general term): Stands for the Institute of Internal Auditors, an international organization
based in Altamonte Springs, Florida. It was founded in 1941 and presently has more than 117,000
members worldwide. Because the organization’s mission includes education, research, and technological
guidance for the auditing profession, it is an invaluable resource for everybody involved
in computer forensic investigations.
Further Reading: The Institute of Internal Auditors. [Online,April 8, 2006.] http.theiia.org.
159 IIA
IIRC (general term): Chat room talk meaning “if I remember correctly.”
ILOVEYOU virus (general term): Hit numerous computers in 2000 when it was sent as an
attachment to an email message with the tempting text “ILOVEYOU” in the subject line.The
virus was also altered to appear in email messages with the subject line FWD: JOKE. The
ILOVEYOU virus came with the nice little message “kindly check the attached LOVELETTER
coming from me,” and if the user opened the attachment in any of these messages, the malware
was executed, sending a copy of itself to every address listed in the user’s Microsoft Outlook
address book.
The ILOVEYOU virus and many of its variants have been estimated to have targeted tens of
millions of users over the life span of these viruses, costing billions of dollars in damage and service
disruption.
See Also: Electronic Mail or Email; Malware;Virus.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002;Yale University School of
Medicine. ILOVEYOU, JOKE, and Susitikim shi vakara kavos puodokui. . .Viruses. [Online,
March 9, 2001.] Yale University School of Medicine Website. http://its.med.yale.edu/software/
patch/win/iloveyou/iloveyou.html.
IMHO (general term): Chat room talk meaning “in my humble opinion.”
Incident (general term):The U.S.Department of Homeland Security (DHS) defines a computer
security incident as a real or potential violation of an explicit or implied policy regarding
information.The DHS has five incident types, based on incident outcomes: (1) increased access
beyond authorization; (2) information disclosure; (3) information corruption; (4) Denial of
Service (DoS); and (5) resource theft.The DHS notes that actual incidents often fall into multiple
categories. For example, a Website defacement can involve increased access beyond
authorization and information corruption, and a system compromise can involve increased access
beyond authorization, information disclosure, and resource theft.
See Also: Denial of Service (DoS); Department of Homeland Security (DHS); Exploit;
Vulnerabilities of Computers.
Further Reading: U.S. Department of Homeland Security. DHS Organization. [Online,
2004.] U.S. Department of Homeland Security Website. http://www.dhs.gov/dhspublic/theme_
home1.jsp.
Incident Response (general term): How an organization handles a security incident. Events
are supposed to be tracked and resolved in as expeditious a manner as possible.
See Also: Exploit; Incident;Vulnerabilities of Computers.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Incident Response Checklist and Cycle (general term):According to the U.S. Department of
Homeland Security (DHS), the purpose of the Incident Response Checklist and Cycle (that is,
the period between when an incident is identified and when it is resolved and reported) is twofold:
to minimize damage and exposure (that is, risk mitigation) as well as to facilitate an effective recovery.
Moreover, within the risk mitigation goal, a hierarchy of priorities is suggested, arranged from
IIRC 160
higher to lower priorities and including the following: human life and safety; sensitive or missioncritical
systems and information; other systems and information; damage to systems or information;
and disruption of access or services.
The items on the checklist include a series of sequential, high-level steps grouped into three
phases: (1) Detection, Assessment, and Triage (for which the objective is to limit the risk and
damage in such a way that if the problem does escalate, investigation can proceed promptly and
with evidence intact); (2) Containment, Evidence Collection,Analysis, and Investigation; and (3)
Remediation, Recovery, and Post-Mortem. Based on this three-phase scheme, the Department
of Homeland Security’s recommended steps are as follows:
Phase 1-1. Document Everything; Phase 1-2. Contact Primary IRC (Incident Response
Capability); Phase 1-3. Preserve Evidence; Phase 1-4.Verify the Incident; Phase 1-5. Notify
Appropriate Personnel; Phase 1-6. Determine Incident Status; Phase 1-7. Assess Scope; Phase
1-8. Assess Risk; Phase 1-9. Establish Goals; Phase 1-10. Evaluate Options; Phase 1-11.
Implement Triage; Phase 1-12. Escalation and Handoff.
Phase 2-1.Verify Containment; Phase 2-2. Revisit Scope, Risk, and Goals; Phase 2-3. Collect
Evidence; Phase 2-4. Analyze Evidence; Phase 2-5. Build Hypotheses and Verify; Phase 2-6.
Intermediate Mitigation.
Phase 3-1. Finalize Analysis and Report; Phase 3-2. Archive Evidence; Phase 3-3. Implement
Remediation; Phase 3-4. Execute Recovery; Phase 3-5. Conduct Post-Mortem.
See Also: Department of Homeland Security (DHSW); Incident Response; Risk.
Further Reading: U.S. Department of Homeland Security. Incident Handling Checklists.
[Online, 2004.] U.S. Department of Homeland Security Website. http://www.fedcirc.gov/
incidentResponse/IHchecklists.html.
Incident Team (general term): A specially trained team within a business, government agency,
or institution responsible for responding quickly to cyber attacks.
See Also: Incident Response; Risk.
Inetd (general term): A UNIX daemon software program that responds to connection requests
on a defined list of ports and then starts the executable program to deliver the services associated
with those ports.This software program is sometimes known as “netd.” Inetd is a frequent target
of crack attacks because of its capability to launch arbitrary programs listed in its configuration
files under any desired user account, including root.
See Also: Attacks; UNIX;Vulnerabilities of Computers.
Further Reading: Farlex, Inc. The Free Dictionary: Inetd. [Online, 2004.] Farlex, Inc.
Website. http://computing-dictionary.thefreedictionary.com/inetd.
Infection (general term):A description for a computer system or a program is said to be infected
if a worm or virus has copied itself into some part of the system. Usually the goal of such an
infection is to propagate to other systems or programs. Infection can also cause the system or program
to expose some other unwanted behavior or secretly alter data.
See Also: Means of Infection;Virus;Worm.
161 Infection
Information Security Act (legal term): On October 16, 2002,U.S. Representative Christopher
John, D-LA, introduced a public sector bill called the Information Security Act. Its purpose was
to increase secure information sharing and communications sharing among the agencies affiliated
with the Department of Homeland Security (DHS). On October 16, 2002, the Act
was sent to the House Committee on Government Reform. It has not been passed in this form.
See Also: Department of Homeland Security (DHS); U.S. Intelligence Community.
Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet.
[Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/
legislation/107th/wiretaps/.
Information Warfare (general term): A modern kind of warfare whereby information and
attacks on information and/or on the enemy’s computer network are used as a way to wage war
against some chosen enemy.
Information warfare may include giving the enemy special information (commonly referred
to as “propaganda”) to persuade the enemy to surrender, or withholding from the enemy important
information that might result in the enemy’s resistance. Information warfare may also include
feeding “disinformation” to one’s own people, either to build support for the war effort or to
counter the effects of the enemy’s propaganda campaign. Finally, information warfare may
include designing a strategic plan for a multiple-stage attack against an adversary’s information
systems while protecting one’s own information network and capitalizing on one’s own information
“edge.”
In contrast to traditional wars fought on soil, information warfare has no front line or boundaries.
Potential battlefields can consist of any networked system that can be accessed. For this
reason, the United States and other countries are concerned about information wars focusing on
Information Technology controlling critical infrastructures targets—oil and gas pipelines, electric
power grids, nuclear power stations, and telephone switching networks, to name a few.The vulnerability
of networked systems is why security experts in the United States and elsewhere fear
an impending cyber Apocalypse.
Information warfare damage can manifest in countless ways. For example, railroad trains and
jets could be rerouted and caused to crash; stock exchanges could be cracked and then sabotaged
by “sniffers”—thereby corrupting international networks for funds transfer; and radio and television
signals could be taken over and used for “misinformation” campaigns.
Finally, recent events have confirmed that information warfare has been implemented. During
the Gulf War, for example, Dutch crackers exploited U.S. Defense Department computers and
seized troop-movement information.They then tried to offer, for a handsome price, the secret
information to the Iraqis, who turned down the offer, thinking the plot was a hoax. Moreover,
in January 1999, U.S. Air Intelligence computers were hijacked by a coordinated attack, a portion
of which appeared to be Russian driven.
See Also: Coordinated Terror Attack Crackers;; Cyber Apocalypse; Intelligence; Sniffer
Program or Packet Sniffer.
Further Reading: A&E Television Networks. Science at War: Information Warfare. [Online,
October 13, 2004.] A&E Television Networks Website. http://www.historychannel.com/
exhibits/science_war/iwar.html; GNU_FDL.[Online, 2004.] Information Warfare. GNU Free
Documentation License Website. http://www.wordiq.com/definition/Information_warfare.
Information Security Act 162
InfraGuard (general term): In an effort to create greater cooperation between the U.S. government
and the private sector in protecting information of critical infrastructures and in motivating
companies and institutions to more reliably report intrusions on their networks, after the
September 11 attacks the FBI began to offer both identity protection and important exploit
information to the private sector in exchange for information regarding cyber attacks and security
breaches. The reporting, it was said, would be done under an enhanced program called
InfraGuard. The FBI enhanced its call for cooperation from industry after the number of firms
attending Infraguard meetings (held quarterly) tripled following the terrorist attacks. It was clear,
said the FBI, that there was a greater willingness for the FBI, information systems security
experts, and business leaders to communicate more freely about the security issues they were
experiencing.
The FBI said that the threat of a major cyber attack is not fictional, for many cyber attacks
occur in industry daily. Also, every day new worms and viruses are reported by security firms
such as SANS, and therefore many more solutions must be developed by those in the information
security field to save information systems from being severely adversely impacted—or from
being shut down altogether.
Though more than 90% of enterprise security survey respondents have consistently reported
having computer security breaches with substantial financial losses within the past few years,
companies and information security experts are keen to get information about the security problems
other companies are experiencing but seem reluctant—as the CSI/FBI survey repeatedly
confirms—to report their own breaches. The reasons cited are that companies fear giving their
competitors an advantage by “owning up” to the breaches, and they worry about the bad publicity
and lack of consumer confidence that will ensue with the release of such information.
For these reasons, the FBI is now asking companies to work with consultants in InfraGuard to
prevent such breaches by sharing information. Trust seems to be the big key in advancing the
information-sharing push. The basic premise, of course, is that increased information sharing
between business enterprises and federal authorities will enhance efforts to thwart crackers. FBI
agents have noted that the situation existing today is indeed a dynamic one, for crackers and
cybercriminals continually improve, amend, and disguise their means of operating. So, the more
“eyes” there are “on the scene,” so to speak, the better the security should become.The consultants
in InfraGuard said that for the companies choosing to work with them, they will provide
up-to-the-minute technical information on how to cope with detected and reported security
breaches.
See Also: Crackers; CSI/FBI Survey; Federal Bureau of Investigation (FBI); Intrusion;
Security;Trust.
Further Reading: Bruck, M.The Key to Eradicating Viruses and Bugs. [Online, August 5,
2002.] Entrepreneur.com Inc.Website. http://www.entrepreneur.com/article/0,4621,302155,00
.html.
Infrared or Electro-Optint or Laser Intelligence (general term): Intelligence derived by
monitoring the electromagnetic spectrum from ultraviolet (0.01 micrometers) through far
infrared (1,000 micrometers).
Infrared intelligence was used for the 2004 Summer Olympics.The $312 million U.S. security
system received audio and visual images from an electronic Web having greater than 1,000
163 Infrared or Electro-Optint or Laser Intelligence
high-resolution and infrared cameras, a sensor-equipped blimp, mobile command centers, patrol
boats, and numerous vehicles. Cameras with speech-recognition software collected spoken-word
information and transcribed it into text, searching for particular word patterns.
See Also: Intelligence; Laser Intelligence (LASINT).
Further Reading: About Inc.U.S. Military: electro-optical intelligence. [Online, 2004.] About
Inc. Website. http://usmilitary.about.com/library/glossary/e/bldef02164.htm; In Brief. Security
Rings Olympics. The Globe and Mail, August 12, 2004, p. B7.
Infrared or IrDA Port (general term): An abbreviated form for Infrared Data Association
(IrDA), a group of device manufacturers who have worked on the development of a standard
device for transmitting data via infrared light waves, the IrDA port. Because of the availability of
this device, computers and printers have increasingly come with IrDA ports, enabling users to
transmit information from one device to another without using cables.
For example, if both a laptop computer and a printer have IrDA ports, a user can simply put
his or her computer in the line of sight of the printer and print a document without needing
cable to connect the two devices. IrDA ports support transmission rates similar to those of the
original parallel ports, except that there is a restriction on the IrDA ports. The devices simply
need to be close enough together, and a clear line of sight is needed between the two devices.
See Also: Computer; Port and Port Numbers.
Further Reading: Jupitermedia Corporation. What is IrDA? [Online, October 30, 2001.]
Jupitermedia Corporation Website. http://www.webopedia.com/TERM/I/IrDA.html.
Infringing Intellectual Property Rights and Copyright (legal term): Can occur online and
thus falls in the broad-based category of “cyberspace theft.” An example is copying another’s
work, such as songs, articles,movies, or software, from an online source without being authorized
to do so. In January 2000, one of the cases to make headlines in the United States was the
Internet free speech and copyright civil court case involving 2600: The Hacker Quarterly,
Universal Studios, and members of the Motion Picture Association of America. Here, legal issues
emerged around 2600’s alleged violation of the Digital Millennium Copyright Act
(DMCA) when in November 1999 the hacker publication linked to and discussed a computer
program called DeCSS, which is DVD decryption software. The complainants objected to the
publication of DeCSS because, they argued, it could be used as part of a process to infringe copyright
on DVD movies. In their defense, representatives of 2600 claimed that decryption of DVD
movies is necessary for a number of reasons, including to make “fair use” of movies. In the end,
the hacker magazine lost the case.
The social issue of infringing intellectual property rights and copyright has drawn considerable
debate from those who fight for freedom of information and from those who fight against
abuses of artists’ rights. For this reason, during the 2004 U.S. Presidential campaign, the INDUCE
Act, or Inducing Infringement of Copyright Act of 2004,was proposed by Senator Orrin Hatch
(R-UT). If passed, the Act could have killed the market for digital music devices such as Apple
iPods, which copy music from users’ computers.The INDUCE Act would have criminalized digital
music technologies because they could be viewed as inducing others to infringe copyright.
When news about the INDUCE Act surfaced, hacktivists went to work, constructing Websites
such as www.Savetheipod.com to motivate music lovers to send letters of opposition to
Infrared or Electro-Optint or Laser Intelligence 164
Congress.The electronics Industry and the Electronic Frontier Foundation (EFF) also lobbied
against it. The INDUCE Act met its demise in October 2004, but if it had passed, this
far-reaching piece of legislation could have forced electronic companies and Internet services to
get permission for each new technology developed.
See Also: Digital Millennium Copyright Act (DMCA); Electronic Frontier Foundation
(EFF); Hacker Quarterly Magazine (a.k.a. 2600).
Further Reading: Dixon, G. Proposed Act Could Have Killed Digital Music Devices. The
Globe and Mail, December 4, 2004, p. R12; Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The
Hacking of America:Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002; Schell,
B.H. and Martin, C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa
Barbara, CA:ABC-CLIO, 2004; www.Savetheipod.com. Save the ipod, Stop the INDUCE Act.
[Online, May 3, 2005.] Savetheipod.com Website. http://www.savetheipod.com/index1.php.
Initialization Vector (general term): Used in cryptography to ensure that an encryption mechanism,
such as a stream cipher or a block cipher in a streaming mode, generates a unique stream
that is independent of all other streams encrypted with the same key without reapplying
the (computationally expensive) cryptographic keying process. The Initialization Vector must
be known by the receiver and can be exchanged as part of the session setup or transmitted
independently.
Further Reading: Ferguson,N, Schneier,B. Practical Cryptography.New York,NY: John Wiley
& Sons, 2003.
Input Validation, Omitting (general term): A classic programming error leading to exploits.
Because programmers do not always verify that input data are correct, crackers can carefully create
input that compromises the system.
See Also: Crackers; Exploit;Vulnerabilities in Computers.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Insider Hacker or Cracker (general term):An employee of a company who performs exploits
within the company’s networks. Hackers are authorized to find vulnerabilities in a company’s
networks and to fix them, whereas crackers exploit the flaws without having the authorization to
do so—usually for some personal gain.
Insiders who crack the system to cause damage are often angered employees who have been
fired from their jobs and have the computer skills to cause damage.They can, for example, plant
logic bombs that do damage after the employees leave. One of the most discussed “insider”
crack attacks happened in 1996 at Omega Engineering, where an employee,Timothy Lloyd, sabotaged
the company’s network with a logic bomb. He apparently did this as an act of revenge for
being fired.That exploit cost the company $12 million in network damages and forced the eventual
layoff of about 80 employees. Because of all the money it took to recover from this incident,
Omega Engineering said it lost its lead in the marketplace.
More recently, on March 11, 2005, Kaiser Permanente notified 140 patients that an angry
former employee put on her Weblog confidential information from the firm’s electronic files.
The ex-employee, Elisa D. Cooper, calling herself the “Diva of Disgruntled,” said in her defense
165 Insider Hacker or Cracker
that the company included private patient information on its Website.All she was doing, she said,
was informing the company of its self-created problem. Under the HIPAA legislation, the Diva
of Disgruntled, if found guilty, could be made to pay $250,000 in fines and spend 10 years behind
bars for unauthorized disclosure of clients’ personal data.To date, a fine of $200,000 was imposed
on the company by California State Regulators for illegally disclosing patient’s personal information
on the Internet.The case against Cooper has not been finalized.
Another way that insiders may take revenge on a company is not to exploit the company’s
network but to send over the Internet proprietary information to competitors. One such example
was reported in 2005 when Shin-Guo Tsai, a permanent resident in the United States and
an employee of Volterra Semiconductor Corporation in San Francisco, emailed computer chip
design data from his company’s computers to a potential rival company in Taiwan.Though Tsai
announced to his employer that he was returning to Taiwan to get married, when FBI agents
appeared at his door in February 2005, he admitted that he had sent proprietary information to
CMSC, Inc., a Taiwanese start-up company involved in a business line similar to Volterra’s. If convicted
of the charges,Tsai could find himself behind bars for 10 years. He pleaded guilty and is
awaiting sentencing.
Given these incidents, it is not surprising that even back in 1998, the CSI/FBI survey findings
disclosed that the average cost of successful computer cracks by outsiders was $56,000,
whereas the average cost of malicious acts perpetrated by insiders was $2.7 million. While the
average cost has gone down to $24,000 in the 2005 CSI/FBI survey, the number of incidents has
risen sharply. Three-quarters of the surveyed organizations reported a financial loss. Insider
crackers appear to do far more damage to companies’ computers than do outsider crackers.
So what personal traits do these damage-causing insiders have? After analyzing a pool of more
than 100 cracking cases provided by computer crime investigators, prosecutors, and security specialists
over the 1997–1999 time period, researchers Eric D. Shaw, Jerrold M. Post, and Kevin G.
Ruby said that insider computer criminals tend to be:
• Troubled by family problems in their childhoods
• Introverted individuals who admit to being more comfortable solving cognitive problems
than interacting with others in the workplace
• More dependent on online interactions than on face-to-face interactions
• Ethically flexible individuals who can easily justify ethical violations
• Of the opinion that they are somehow special and thus deserving of special privileges
• Lacking in empathy and thus seeming not to reflect on the impact their behaviors have on
others or on the company
• Less likely to seek assistance from supervisors or from workplace support groups such as
Employee Assistance Programs (EAPs) when they have personal issues
See Also: Crackers; CSI/FBI Survey; Exploit; Hackers; Logic Bomb; Shaw, Eric Team.
Insider Hacker or Cracker 166
Further Reading: Ostrov, B.F. 140 Kaiser Patients’ Private Data Put Online. [Online,
March 11, 2005.] Knight Ridder Website. http://www.siliconvalley.com/mld/siliconvalley/
11110907.htm; Rogers, M. The Insider Threat: Debunking the ‘Wagon Wheel’ Approach to
Information Security. [Online, March 3, 2005.] TechTarget Website. http://searchsecurity
.techtarget.com/columnItem/0,294698,sid14_gci1064080,00.html?track=NL-358&ad=506624;
Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:Who’s Doing It,Why, and
How.Westport, CT: Quorum Books, 2002;Tanner, A. Man Charged with Passing Chip Design
Information. [Online, March 1, 2005.] Reuters Website. http://www.reuters.com/audi/
newsArticle.jhtml?type=technologyNews&storyID=7766193.
Integrity (general term): Assuring accuracy and completeness, and adequately performing to
some set of specifications.
See Also: Ethic,White Hat Hacker.
Further Reading: Pipkin, D.L. Halting the Hacker: A Practical Guide to Computer Security.
Upper Saddle River, NJ: Prentice Hall, 2003.
Intellectual Property (IP) (legal term):A legal concept that treats and protects the creative products
of the human mind as carefully as the law would treat and protect one’s physical property,
such as a home and the land that it sits on. In short, IP laws grant certain kinds of exclusive rights
to the developers of creative products such as software, games, hardware, movies, books, songs, and
so on. According to IP laws, the developers of creative products should have the first rights to the
sale and/or distribution of these products, just as an owner of a property should have the first rights
to the sale and/or distribution of his or her property.
A number of cases have been publicized in recent years regarding infringements of IP, particularly
around online song swapping and the denial of royalties to artists.An alleged crime against
IP does not always have an artistic aspect, however. For example, on February 3, 2005, Andrew
Mata, a government employee charged with cracking the Department of Social Services Website
in 1999,was cleared by a jury of any wrongdoing.Though Mata was charged with illegally entering
the computer system to upgrade his access privileges after he left the Department of Social
Services for a job in the Department of Health and Hospitals—a crime, it was argued, against
Intellectual Property—Mata said in his defense that he changed his access back to where he
thought it should have been when he moved to the Department of Health and Hospitals, though
he was supposed to have the same privilege status on both departments’ computer systems.The
jury believed Mata. He walked away from a potential five-year jail term.
See Also: Computer; Intellectual Property Rights and Copyright Infringement; Property
Paradigm in Cybercrime.
Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime:
A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004;The Associated Press. State Worker
Acquitted of Hacking Government Computer. [Online, February 3, 2005.] Tuscaloosa News
Website. http://www.tuscaloosanews.com/apps/pbcs/d11/article?AID=/20050203/APN/
502030742.
Intellectual Property Rights and Copyright Infringement (legal term): Protecting
Intellectual Property Rights (IPR) from abuse is as important for companies today as is
167 Intellectual Property Rights and Copyright Infringement
protecting computer networks from crackers. Infringement can cost millions of dollars of lost
revenues to entertainment companies and computer companies alike. For this reason, the Digital
Millennium Copyright Act (DMCA) was passed in October 1998 in the United States.This
Act’s purpose was to implement global copyright laws to deal with the Intellectual Property
Rights challenges caused by present-day digital technology.
In particular, the DMCA provided protections against technical measures that could be used
to disable or bypass the encryption devices used to protect copyright, thereby encouraging
authors of copyrighted material to place their work on the Internet in a digitalized presentation.
The DMCA penalties were to be applied to any individual who attempted to or was successful
in disabling an encryption device that protected copyrighted material. Stated simply, Intellectual
Property infringement is theft—the taking of something that does not belong to the perpetrator
of the encryption bypass and thereby depriving the true copyright owners of royalties for the
sale of their human mind products.
Reports of a case of IPR infringement surfaced on May 22, 2005. Counterfeiters in Beijing,
China, were selling illegally copied DVDs of the Star Wars: Episode III: Revenge of the Sith movie
just days after the film opened in theaters in North America.The price charged for the pirated
movies, sold from vendors wearing shoulder bags on the streets of Beijing,was a mere $3.05.The
street sales occurred despite numerous Chinese government promises to clamp down on the
thriving black market industry that movie companies have argued cost them billions of dollars
in lost revenue yearly. About 9,000 cases of piracy were brought to court in China in 2004.
See Also: Copyright; Copyright Laws; Digital Millennium Copyright Act (DMCA);
Intellectual Property (IP).
Further Reading: Associated Press. Entertainment: Counterfeiters Move Fast On Illegal Star
Wars DVD. The Globe and Mail, May 23, 2005, p. B7; Schell, B.H. and Martin, C. Contemporary
World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004.
Intelligence (general term): According to Jeffery T. Richelson in his tome The U.S. Intelligence
Community, “intelligence” is the product of an information search and analysis about some foreign
nation or about that nation’s operation areas of particular interest. In the United States, the
Central Intelligence Agency (CIA) collects overseas intelligence, whereas the Federal Bureau of
Investigation (FBI) collects domestic intelligence.Today, the collection of intelligence includes
employing hacking skills to access information stored in computer systems around the world.
Legally, the CIA cannot collect intelligence against a U.S. citizen unless the investigation began
overseas. For these kinds of cases, the CIA communicates with and shares intelligence with
the FBI.
See Also: U.S. Intelligence Community.
Further Reading: Milnet.com. MILNET: Intelligence Defined. [Online, November 4,
1997.] Milnet.com Website. http://www.milnet.com/definei.htm.
Intelligence Community (general term): See U.S. Intelligence Community.
Interactive Logon and Network Logon (general term):Modern networked operating systems,
such as Microsoft Windows, Mac OS X, and the UNIX family of operating systems, allow users
to log on to their machines locally by using them directly, or by connecting to a file server
Intellectual Property Rights and Copyright Infringement 168
remotely through a network logon. Because both logons tend to happen simultaneously after users
enter their usernames and passwords, they do not usually perceive much of a difference between
the two logons. Network logons can be disabled by administrators, thus preventing individuals
from robbing passwords and remotely taking over the machine.
See Also: Administrator; Password.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website:
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Internal Threat (general term): A threat originating inside a company, government agency, or
institution, and typically an exploit by a disgruntled employee denied promotion or informed
of employment termination. Such exploits also can be launched by an attacker who has sought
temporary employment with a target and uses social engineering skills to get on the inside.
See Also: Exploit; Insider Hacker or Cracker.
International Data Encryption Algorithm (IDEA) (general term):Developed by Xuejia Lai
and James Massey in 1992. A block cipher, IDEA operates on 64-bit blocks with a 128-bit key
and is considered to be very secure. IDEA is used by Pretty Good Privacy (PGP), a very
secure public key encryption application for MS-DOS,UNIX, and VAX/VMS. Originally written
by Philip Zimmermann, PGP was later improved by Hal Finney, Branko Lankester, and Peter
Gutmann.
See Also: Algorithm; Pretty Good Privacy (PGP); UNIX.
Further Reading: Farlex, Inc. The Free Dictionary: International Data Encryption
Algorithm. [Online, 2004.] Farlex, Inc.Website. http://computing-dictionary.thefreedictionary
.com/International%20Data%20Encryption%20Algorithm.
International Telecommunications Union (ITU) (general term):Advises suppliers on technical
recommendations for telephone and fax communication systems. Before March 1, 1993,
the ITU was known as the CCITT, or Consultative Committee for International Telephony and
Telegraphy. Every four years, the ITU, located in Geneva, Switzerland, convenes plenary sessions
with the intent of adopting new telecommunications standards and communicating with other
standards organizations to develop a global uniform standards system for communications.
See Also: Telecom.
Further Reading: Webster’s Dictionary. Definition of International Telecommunications
Union. [Online, 2004.] Webster’s Dictionary Website. http://www.webster-dictionary.org/
definition/International%20Telecommunications%20Union.
Internet (general term):A network.Today, Internet refers to a collection of networks connected
by routers. The Internet is the largest network in the world and comprises backbone networks
such as MILNET, mid-level networks, and stub networks.
The Internet had its seeds planted with ARPANET, the information-exchange platform created
for researchers in universities around the world by the U.S. Defense Advanced Research
Project Agency in 1969. The Internet’s major growth spurt occurred after Tim Berners-Lee
developed the HTTP protocol in the early 1990s, allowing users to access and link information
through a simple and intuitive user interface—the Internet browser. Technically speaking the
169 Internet
Internet is just the transportation medium over which data packets are transmitted. The World
Wide Web is one of the applications using the Internet as a base infrastructure. Because of the
overwhelming success of the World Wide Web, the term “Web” is often used to signify the
Internet as such.
At first, universities were the early adopters of the Internet, but before long tech wizards with
an entrepreneurial spirit realized that a commercial application could produce millionaires and
billionaires. By the early 2000s, there was virtually no medium- or large-sized organization without
a presence on the Internet, with the bulk having a Website and communication connectivity
with email. As of 2005, tumbling computer and Internet connectivity prices have made it possible
for the majority of households in the developed world to access the Internet through
high-bandwidth lines.
Though currently information is generally obtained on the Internet for free, the day could
arrive in the near future when the “free ride on the information highway” comes to a halt. In fact,
more and more Websites are beginning to charge for access to information content.
Developing countries around the world are also buying into the Internet craze, for technology
can assist in leveling the economic playing field. However, not all developing nations believe
that Internet use should be available to citizens of all ages. During October to December 2004,
for example, China closed more than 12,575 existing Internet cafes for allegedly permitting illegal
operations. Though the Chinese government said that it promotes active Internet use for
business and appropriate educational purposes, the communist authorities maintained that
Internet cafes can harm public morality by giving minors access to such undesirable information
as violent games and sexually explicit content. For example, the Web site www.chronicle.com,
which is a prime site for academics seeking jobs, now charges a subscription rate for access to
administrative salary data and other special interest topics.
In recent times, other morally questionable Internet practices have been challenged in the
United States as well.An “interactive Internet logon” animal-killing case surfaced in the United
States during the first week of May 2005.“Computer assisted remote hunting” is defined as the
use of a computer or any similar device, equipment, or software to remotely control the aiming
and discharge of archery equipment, a crossbow, or a firearm to hunt and kill an animal or bird.
In California, the Fish and Game Commission ordered wildlife officials to create emergency laws
to ban the practice of hunters using the Internet to shoot animals.This piece of legislation, passed
by California’s Senate in April 2005, was in response to a Texas hunter Website that intended to
let users fire at real animals using their computers. In particular, the legislation prevented the use
of computer-assisted hunting sites and banned the import or export of any animal killed using
computer-assisted hunting. Other states, such as Texas and Maine, and Congress have also then
considered passing similar bills.
See Also: Advanced Research Projects Agency Network (ARPANET); HTTP (HyperText
Transfer Protocol); Network.
Further Reading: In Brief. China Cracks Down on Public Internet. The Globe and Mail,
February 17, 2005, p. B10; Kapica, J. Cyberia. The Globe and Mail, February 17, 2005, p. B10; In
Brief. No Remote Hunting, Regulators Say. The Globe and Mail, May 5, 2005, p. B25; QUT
Division of Technology, Information and Learning Support. Network Glossary. [Online, July 17,
2004.] QUT Division of Technology, Information and Learning Support Website. http://www
.its.qut.edu.au/network/glossary.jsp.
Internet 170
Internet Browser (general term): A software application used to locate and display Web pages.
Two popular Internet browsers are Netscape Navigator and Microsoft’s Internet Explorer. Both
of these are classified as graphical browsers; they display both graphics and text. Internet browsers
can also provide sound and video.
See Also: Browser;Text.
Internet Control Message Protocol (ICMP) (general term): An extension to the Internet
Protocol (IP) permitting error messages, information messages, and test packets to be generated.
The code types and message types are shown in Figure 9-1.
Figure 9-1. The Internet Control Message Protocol (ICMP)
Typical messages are as follows:
Type 3: Destination unreachable
Code 0: Net unreachable
Code 1: Host unreachable
Code 2: Protocol unreachable
Code 4: Fragmentation needed and don’t fragment flag set
Code 5: Source route failed
Type 11:Time exceeded message
Code 0:Time to live exceeded in transit
Code 1: Fragment reassembly time exceeded
Type 5: Redirect message
Code 0: Redirect datagrams for the network
Code 1: Redirect datagrams for the host
Code 2: Redirect datagrams for the Type of Service and network
Code 3: Redirect datagrams for the Type of Service and host
Type 8 and Type 0: Echo and echo reply
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Message
Type (8 bit)
Msg. Code
Type (8 bit)
Checksum (16 bit)
Data
(if any)
171 Internet Control Message Protocol (ICMP)
Code 0: No code
Type 4: Source quench
Type 12: Parameter problem
Type 13 and 14:Timestamp request and timestamp reply
Type 15 and 16: Information request and information reply
The ICMP protocol is heavily used by crackers as a reconnaissance tool to map a target’s network.
Echo messages are sent to a computer on a network. If the host sends back an Echo Reply,
the cracker knows not only of the computer’s existence but also that it potentially can be
exploited. For this reason, network administrators have started blocking incoming “icmp data”
on their network’s firewalls.
Consequently, crackers have reacted by using other tricks. For example, an http connection to
a target is attempted, but the TimeToLive field is set so that a destination-unreachable ICMP
message will be triggered.Typically, outgoing ICMP messages are allowed by network administrators
as a legitimate function of the ICMP protocol; thus, the attempted reconnaissance
succeeds.
Redirect messages can also be used to sabotage routing tables. Correctly used Redirect messages
tell the routers that there are better paths through the network to a destination, and they
do so by announcing, “Next time you try to reach the destination, use this IP address instead.”
This feature is put to malicious use by crackers sending wrong announcements to the routers to
disrupt traffic, redirect it to a compromised machine to gather further intelligence, or to tamper
with the message before it is sent on.
See Also: Administrator; Internet Protocol (IP); Network.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; IANA: ICMP
Type Numbers, [Online, September 21, 2005.] http://www.iana.org/assignments/icmp-parameters;
QUT Division of Technology, Information and Learning Support. Network Glossary. [Online,
July 17, 2004.] QUT Division of Technology, Information and Learning Support Website.
http://www.its.qut.edu.au/network/glossary.jsp.
Internet Corporation for Assigned Names and Numbers (ICANN) (general term):
Created in 1998 by Jon Postel in response to the U.S. Department of Commerce’s call for a private
sector, nonprofit agency to be formed to administer the Internet name and address system
policy. ICANN is responsible for the management of the DNS system, the administration of the
IP address space, the management of the root servers, and the assigning of protocol parameters.
ICANN’s board consists of 19 directors and nine at-large directors having one-year terms.
See Also: Domain Name System (DNS).
Further Reading: Jupitermedia Corporation. What is ICANN? [Online, January 8, 2004.]
Jupitermedia Website. http://www.webopedia.com/TERM/I/ICANN.html.
Internet Engineering Task Force (IETF) (general term): A global network of designers,
operators, researchers, and vendors interested in the growth and development of the Internet,
Internet Control Message Protocol (ICMP) 172
including its architecture and operations.Though open to anyone with such interests, the IETF’s
technical work is conducted in work groups that are topic generated, such as routing, transport,
and security.
See Also: Internet.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Internet Fraud (legal term): Encompasses a wide range of online criminal activities that deliver
harm to the targets such as credit card fraud, online auction fraud, unsolicited email (Spam)
fraud, and online child pornography. In the United States, the Internet Fraud Complaint
Center (IFCC), a partnership between the FBI and the National White Collar Crime Center
(NW3C), was created to address Internet fraud.
See Also: Child Pornography; Federal Bureau of Investigation (FBI); Fraud; Spam; Spammers;
Spamming/Scrolling.
Further Reading: Internet Fraud Complaint Center. IFCC 2002 Internet Fraud Report.
[Online, 2003.] Internet Fraud Complaint Center Website. http://www1.ifccfbi.gov/strategy/
2002_IFCCReport.pdf.
Internet Fraud Complaint Center (IFCC) (general term):A partner of the Federal Bureau
of Investigation (FBI) and the National White Collar Crime Center (NW3C), now referred
to as the Internet Crime Complaint Center, or IC3.The IFCC’s role is to deal with Internetrelated
fraud by providing a user-friendly reporting mechanism to alert law enforcement agents
of a likely criminal or civil breach. As a service to law enforcement and regulatory bodies, the
IFCC maintains a centralized repository for Internet fraud complaints and maintains statistics
related to fraud trends.
In 2002, the IFCC referred more than 43,000 complaints of online fraud to the law enforcement
authorities, a three-fold increase over that of 2001, and the number of complaints continues
to grow annually. For example, the total dollar loss from the 2002 referred fraud cases was $54
million, an increase in total dollar loss from $17 million in 2001. In 2005, IC3 referred 97,076
complaints of crime to federal, state, and local law enforcement agencies around the U.S. for further
investigation. The majority of cases concerned fraud and resulted in financial losses for
victims.The total fraud dollar loss from all referred cases was $183.12 million with a median dollar
loss of $424.00 per incident.This total amount was up from $68 million in 2004.
See Also: Federal Bureau of Investigation (FBI) ; Fraud.
Further Reading: Internet Crime Complaint Center. IC3 2005 Internet Crime Report.
[Online, June, 20, 2006.] IC3 Web Site. http://www.ic3.gov/media/annualreport/2005_
IC3Report.pdf. Internet Fraud Complaint Center. IFCC 2002 Internet Fraud Report. [Online,
2003.] Internet Fraud Complaint Center Website. http://www1.ifccfbi.gov/strategy/2002_
IFCCReport.pdf; Internet Fraud Complaint Center.Welcome to IFCC. [Online, August 11,
2004.] Internet Fraud Complaint Center Website. http://www1.ifccfbi.gov/index.asp.
Internet Mail or Internet Message Access Protocol (IMAP) (general term): Mark Crispin
made IMAP to be a present-day alternative to the prevalently used POP3 email-retrieval protocol.
IMAP is an application-layer Internet protocol used for accessing email on a remote
173 Internet Mail or Internet Message Access Protocol (IMAP)
server from a local client. IMAP and POP3 are the two most widely used Internet protocols for
retrieving email.
IMAP’s main advantage over POP3 is that messages can remain on the server and be accessed
from more than one client (for example, a stationary office computer and a PDA) while keeping
track of which messages have already been read. Both IMAP and POP3 are supported by
modern email clients and servers.The present version of IMAP, known as IMAP version 4, revision
1 (IMAP4rev1), is defined by RFC 3501.
See Also: Email or Electronic Mail; Protocol.
Further Reading: GNU_FDL. Internet Message Access Protocol. [Online, 2004.] GNU
Free Documentation License Website. http://www.wordiq.com/definition/IMAP.
Internetwork Operating System (IOS) (general term):An operating system software that
runs on Cisco routers and switches comprising the majority of the Internet. IOS was first
developed by William Yeager at Stanford University’s Knowledge Systems Laboratory.Yeager
licensed the code to Cisco in 1987. IOS brought together a comprehensive collection of routing,
switching, internetworking, and telecommunications functionality running on top of a full
fledged multitasking operating system.
See Also: Internet; Operating System Software; Routers; Switch.
Further Reading:Triple Fiber Networks. [Online, 2006.] 3Fn Website. http://www.3fn.net/
cisco.php.
Internet Piracy (legal term): Using the Internet to illegally copy and/or distribute software,
which is an infringement of the Digital Millennium Copyright Act (or DMCA) in the
United States.
On June 11, 2003,Verizon told four of its Internet service customers that they could soon be
hearing from the Recording Industry Association of America (RIAA) regarding allegations that
they traded copyrighted music online—in violation of the DMCA and an illustration of Internet
piracy.Though Verizon challenged a subpoena requested by the RIAA to give it the identities of
the alleged violators,Verizon lost in an appeals court and was given two weeks to comply with
RIAA’s request.The subscribers were traced by the RIAA through their Internet Protocol (IP)
addresses, which led the RIAA to the users’ Internet Provider,Verizon.
See Also: Copyright; Copyright Laws; Digital Millennium Copyright Act (DMCA);
Intellectual Property (IP); Intellectual Property Rights and Copyright Infringement.
Further Reading: Graham, J. Privacy V. Internet Piracy. [Online, June 11, 2003.] Gannett
Co., Inc.Website. http://www.usatoday.com/life/music/2003-06-11-privacy_x.htm.
Internet Protocol (IP) (general term): Defined in STD 5, RFC 791, is the network layer for
the TCP/IP Protocol Suite, a packet-switching protocol that has address and control information
so that packets can be routed (see Figure 9-2). Both the Transmission Control Protocol
(TCP) and the Internet Protocol (IP) are important. IP provides connectionless, high-level datagram
delivery as well as fragmentation and datagram reassembly to support data links having
varying maximum-transmission unit (MTU) sizes.
Internet Mail or Internet Message Access Protocol (IMAP) 174
Figure 9-2. Internet Protocol (IP)
The Internet Protocol itself contains the following information:
IP Version: Either 4 for the currently used version 4 of the protocol or 6 for the forthcoming
version of the protocol.
Header Length:The number of 32-bit words in the header (or four times the number of
bytes).The header length is 20 bytes (value 5) if no IP options are set.
TypeOfService: Rarely used; designed to implement quality of service properties in
routing.
Total Length: Length of the complete packets (including header and data). Because this is
a 16-bit field, the maximum IP packet size is 65535.
IP Packet ID: Identifier for a packet. It is incremented by the sender. If packets with identical
IP Packet IDs are received, intrusion analysts assume that these packets were crafted by
a reconnaissance or attack tool and do not contain regular data.
Flags (3bit): First: Unused.
Second: DF (do not fragment), signaling that the packet must not be fragmented in transition.
Used by crackers for reconnaissance by setting it to too high a number for certain
network types, thus trying to trigger an ICMP error message.
Third: MF (more fragments), indicating whether the datagram contains more fragments to
come.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
DTS/
Type of Service
Header
Length (*4)
IP
Versions Total Length (in bytes)
IP Packet ID Fragment Offset Flags
Options (up to 40 byte)
Destination Address (32 bit)
Source Address (32 bit)
Time To Live (TTL) Embedded Protocol Opcode (16 bit)
Data
175 Internet Protocol (IP)
Fragment offset: Used to direct reassembly of a fragmented datagram. Crackers craft the
package with unexpected offsets and with overlapping fragments, trying to crash recipients’
network protocol stacks.
TimeToLive(TTL): A timer field used to track the lifetime of the datagram. Each router
decrements this field when it forwards a packet to the next router.When the field is decremented
to zero, the datagram is discarded.
Embedded Protocol: Contains information about which protocol is included in the data
portion:
1:ICMP (Internet Control Message Protocol)
4:IP (IP in IP encapsulation)
6:TCP (Transmission Control Protocol)
17:UDP (User Datagram Protocol)
41:IPv6 over IPv4
58:ICMP for version 6
89:OSPF Open Shortest Path First Routing Protocol
Header Checksum: Used for error checking of the IP header. It is calculated as a 16-bit complement
of IP header and IP options. Each router has to calculate the checksum because it has
to decrement the TTL field.
Source Address and Destination Address: IP Addresses of the sender and the intended receiver.
The IP addressing setup is critical to the effective routing of IP datagrams through the Internet
because every IP address, having specific components and following a given format, can be subdivided
and used to generate addresses for sub-networks. Each device on a TCP/IP network is
given a unique numerical address (32 bit in IP version 4) that can be divided into two parts: the
host number and the network number.The host number identifies a computer on the network
and is given by the administrator of the local network, whereas the network number identifies a
network and must be given by one of the local Internet Registries (that is,ARIN, RIPE,APNIC,
AfriNIC, or LACNIC) if the network is to be connected to the Internet. An Internet Service
Provider (ISP) can get blocks of network addresses and thereby assign address space to clients.
See Also: Internet Control Message Protocol (ICMP); TCP/IP or Transmission Control
Protocol/Internet Protocol; User Datagram Protocol (UDP).
Further Reading: QUT Division of Technology, Information and Learning Support.
Network Glossary. [Online, July 17, 2004.] QUT Division of Technology, Information and
Learning Support Website. http://www.its.qut.edu.au/network/glossary.jsp.
Internet Protocol Security (IPSec) (general term): A set of standards for ensuring that communications
delivered over the Internet Protocol (IP) networks are private as well as secure.This
Internet Protocol (IP) 176
objective is completed using cryptographic services. The Microsoft Windows XP IPSec, for
example, was developed using the standards of the Internet Engineering Task Force’s (IETF)
IPSec working group. IPSec provides secure networking via end-to-end security (that is, from
sender to receiver). In Windows XP, IPSec protects communications between LAN computers,
branch offices, domain clients and servers, extranets, and roving clients. Furthermore, the IPSec
protocol is supported on a variety of UNIX and Linux platforms.
According to the British-based National Infrastructure Security Coordination Centre
(NISCC) in a statement released in May 2005, crackers could exploit a major flaw in IPSec
framework to get the plaintext version of IPSec-protected communications with just moderate
attempts.
See Also: Cryptography or “Crypto”; Internet Engineering Task Force (IETF); Linux;
UNIX.
Further Reading: Dickinson, P. High-Severity Vulnerability in IPSec. [Online, May 10, 2005.]
Guardian Digital, Inc.Website. http://www.linuxsecurity.com/content/view/119089; Microsoft
Corporation. Internet Protocol Security Defined. [Online, 2004.] Microsoft Corporation Website:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/
sag_ipsec_ov1.mspx.
Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6) (general
term):Though the present Internet Protocol version is IPv4, with the tremendous growth of
the Internet in recent years the need has surfaced for a more robust Internet Protocol version;
the IPv4 addressing and routing mechanisms are being stretched to their limits. Moreover, IPv4
lacks the proper security and authentication techniques critical to meeting today’s business needs.
For these reasons, the Internet Protocol version 6, or IPv6, has been developed. IPv6 has not been
implemented widely.This can be attributed to two major factors; the first is that the implementation
is a major undertaking that has an effect on the whole Internet, its backbone providers,
local ISPs, and customers.The second reason, some experts believe, is a reluctance to go forward
in North America and Europe, where the pressure of shortage of the address space is much lower
than in the rapidly developing East-Asian regions.
The transition process from IPv4 to IPv6 requires considerable thought to compatibility issues
and appropriate methods for the deployment of IPv6. In a document written by Juha Lehtovirta,
a Finnish telecommunications expert with Tascomm Engineering Oy, the requirements and
techniques for satisfying such constraints are provided. Also, the transition process from the network
and application levels are delineated.
See Also: Internet; Internet Protocol (IP).
Further Reading: Estala, A. Internet Protocol Version 6 ( IPv6 ) The Next Generation.
[Online, March 9, 1999.] Geocities.com Website. http://www.geocities.com/SiliconValley/
Foothills/7626/defin.html; Lehtovirta, J.Transition from IPv4 to IPv6. [Online, 2004.] Tascomm
Engineering Oy Website. http://www.tascomm.fi/~jlv/ngtrans/; Grami,A. and Schell, B. Future
Trends in Mobile Commerce: Service Offerings, Technological Advances and Security
Challenges. Proceedings of Second Annual Conference on Privacy, Security and Trust. University of New
177 Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6)
Brunswick, New Brunswick, Canada, October 13–15, 2004. [Online, October 2004.] Privacy,
Security,Trust 2004 Website. http://www.unb.ca/pstnet/pst2004/.
Internet Relay Chat (IRC) (general term):A software tool that makes real-time conversations
online (in what is known as chat rooms) possible.Though chat rooms form an important, positive
communication link for hackers, many females and children in particular have filed
complaints to authorities about being cyberharassed or cyberstalked in them.
As one example, in Toronto, Canada, in May 2005, Canadian police infiltrated an Internet chat
room and found disturbing cyber child pornography evidence that resulted in the arrest of
Andrew Gelfand, age 19. After the police obtained a search warrant and raided the suspect’s
home, they seized his computers and reviewed the hard drives. Gelfand faced a number of
charges involving the possession and distribution of child pornography.
See Also: Chat Room; Child Pornography; Cyberhassment; Cyberstalkers and Cyberstalking.
Further Reading: Internet Highway, LLC. Internet Terminology: IRC. [Online, 1999.]
Internet Highway, LLC Website. http://www.ihwy.com/support/netterms.html; Moore, O.
Computer User Arrested in Child-Porn Sting. The Globe and Mail, May 12, 2005, p.A14; Schell,
B.H., and Lanteigne,N.M. Stalking, Harassment, and Murder in the Workplace: Guidelines for Protection
and Prevention.Westport, CT: Quorum, 2000.
Internet Service Provider (ISP) (general term): Also sometimes called an Internet Access
Provider (IAP), it is a company that provides clients access to the Internet. For a fee, clients
receive a software package, a username, a password, and an access phone number. Equipped with
a modem or ISDN device, the client can then log on to the Internet.The client can browse the
World Wide Web (WWW) or send and receive email. ISPs offer both dial-up service and highspeed
services using DSL or cable-modem technology. ISPs are connected to each other through
Network Access Points, or NAPs.
See Also: DSL; Electronic Mail or Email; Internet; Internet Usage Policy;World Wide Web
(WWW).
Further Reading: Jupitermedia Corporation. What is ISP? [Online, March 12, 2004.]
Jupitermedia Corporation Website. http://www.webopedia.com/TERM/I/ISP.html.
Internet Telephony (general term): Placing telephone calls over the Internet using protocols
such as VoIP. Internet telephony is rapidly evolving and has become a serious competitor for
conventional telephony with the advent of high-speed Internet access technologies (such as cable
and DSL).
Many traditional telephony providers are in the process of switching their internal delivery
systems to Internet telephony–based systems in order to provide these services on the same platform
as their data services (convergence).
See Also:Voice over Internet Protocol.
Internet Usage Policy (general term): Companies, government agencies, medical institutions,
and universities and colleges typically have Internet users sign a required Internet Usage Policy
form to make users accountable for their online activities. Such a form may look similar to that
shown in Figure 9-3.
Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6) 178
Figure 9-3. Typical Internet Usage Policy form
There is usually a form for the supervisor to sign (see Figure 9-4).
Figure 9-4. Typical Internet Usage Policy form for supervisors’ use
See Also: Internet;White Hat Ethic.
Further Reading: Institute of Government. Acceptable Internet Usage Policy. [Online,
2004.] Institute of Government Website. http://www.iog.unc.edu.
Intranet Site (general term):The information system internal to an organization and built with
Web-based technology. An intranet site is often referred to as a portal and has typically been
found in large companies (having 15,000 or more employees) able to afford this information
technology “luxury.”
An intranet site is actually a mini-Internet accessed through Web browsers. It is typically run
on private local area networks (LAN) rather than public Web servers. Intranet sites have a
variety of functions but most are intended to keep employees informed about a company’s
important events, distribute software or company newsletters online, and provide routine company
information online—such as policy manuals.Also, intranet sites can be accessed through the
Internet. Thus, when employees are off-site they can still access company information using a
secure login.
I have received a written copy of Company X’s Internet Acceptable Use
Policy. This employee ________ [name cited] has a legitimate workrelated
purpose for accessing the Internet. As this employee’s supervisor,
I am aware of both the responsibilities and the possible misuses of Internet
access. I acknowledge that this employee will be held accountable for
inappropriate usage of the Internet according to this company’s Internet
Acceptable Use Policy.
Supervisor Signature Date:
I have received a copy of Company X’s Internet Acceptable Use Policy. I
understand this policy’s terms and conditions and agree to follow them. I
understand that Company X’s software may record for management’s
review the Internet addresses of all the Websites I visit. I also understand
that management may maintain a record of all of my network activity
(including the sending and receiving of e-files).
I acknowledge that all e-files and e-messages sent or received by me may
be recorded and stored in an archive file for management’s review. I fully
understand that if I violate this policy, I can receive disciplinary action,
ranging from the revoking of my Internet privileges to firing. If I violate
this policy in a criminal way, I understand that I may also face criminal
charges.
Employee Signature
Employee Name (Print)
Date:
179 Intranet Site
New intranet site software made by Microsoft Corporation and Plumtree Software Inc. has
made the technology affordable even for small- and medium-sized enterprises.A number of open
source software solutions such as XOOPS (http://xoops.org) or the JBOSS (http://labs.jboss
.com/portal/jbossportal/index.html) portal are available as well.
See Also: Local Area Network (LAN).
Further Reading: Palmer, I.Workplace: It’s Not Just the Big Boys Using Intranets Any
Longer. The Globe and Mail, May 5, 2005, p. B27.
Intrusion (general term):To compromise a computer system by breaking the security of such a
system or causing it to enter into an insecure state.The act of intruding—or gaining unauthorized
access to a system—typically leaves traces that can be discovered by intrusion detection systems.
One of the goals of intruders is to remain undetected for as long as possible so that they can continue
with their malicious activity undisturbed.
Security professionals need to take steps when a system breach is suspected. First, suspicious
accounts should be disabled immediately.Then, the suspicious accounts need to be reviewed to
assess who set up the account and for what reasons. Because audit logs will indicate who created
the account, finding the time and date on which the account was created will be very useful
information. If the account is the outcome of a crack attack, the system reviewer will have a
particular time frame in which to determine whether other audit log events are “of interest.”
If the reviewer wants to determine whether a suspicious application is indeed being used by
a cracker to listen for incoming connections—a potential “back door” into the system—the
reviewer is well advised to consider using a tool such as TCPView.The TCPView tool will tell
the system reviewer what applications are using open system ports. Because crackers can put
Trojan horses in place of the netstat and Isof programs, the reviewer should scan the attacked system
from a different computer.This feat can be accomplished by using a service such as the free
insecure.org nmap port scanner.
Malware can also be triggered from the operating system’s job scheduler. A system reviewer
can see what jobs—legitimate or otherwise—are scheduled to be executed in the system by typing
AT at the command prompt.
See Also: Audit Trail; Back or Trap Door; Cracking; Exploit; Log; Malware;Vulnerabilities of
Computers.
Further Reading: Haberstetzer,V.Thwarting Hacker Techniques: Signs of a Compromised
System. [Online, March 21, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/tip/
0,289483,sid14_gci1069097,00.html?track=NL-35.
Intrusion Detection System (IDS) (general term): A security appliance or software running
on some device that tries to detect and warn of ongoing computer system cracks or attempted
cracks in real time or near-real time. Intrusion detection systems fall into three broad categories:
anomaly based, pattern based, and specification based. The first two are the most widely used
types; the last one is still in its infancy.
Anomaly-based IDSes treat all exposed behavior of systems, or the network that is unknown
to them, as a potential attack. These systems require extensive training of the IDS so that it can
distinguish good from bad traffic. Pattern-based IDSes assume that attack patterns are previously
known and therefore can be detected. Because these IDSes cannot detect new attack types, they
Intranet Site 180
require constant maintenance to incorporate new attacks. Specification-based IDSes look for states
of the system known to be undesirable, and upon detection of such a state, they report an intrusion.
Common in all systems is that intrusion-detection analysts review the logs that are generated
and other available network information (such as traffic patterns, unusual open ports, or unexpected
running processes) to look for suspected or real intrusions.This process is time consuming
and requires considerable expertise on the part of the security analysts.A trend toward more automated
Intrusion Prevention Systems that actively step in and limit systems access can be observed.
In March 2004, Hewlett-Packard Company officials said that their software engineers had
developed software that they believed could slow the spread of Internet worms and viruses.
Tentatively dubbed “Virus Throttler,” this software not only identified and alerted professionals
to suspicious network traffic but also caused some of the computer’s functions to slow down so
that the worm or virus is impeded.This capability was meant to give the professional the needed
time to remove the cyber intruder. Shortly after announcing the package, Hewlett-Packard
shelved it for several months because of insurmountable difficulties with integrating it into
Microsoft’s Windows operating systems.The difficulties were resolved.
See Also: Audit Trail; Exploit; Forensics; Intrusion; Log;Virus;Vulnerabilities of Computers;
Worm.
Further Reading: In Brief. HP Strikes at Worms. The Globe and Mail, December 2, 2004,
p. B11; Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security
Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Intrusion Prevention (general term): Because targeted crack attacks on enterprises’ networks
have been increasing in recent years, intrusion prevention is gaining greater importance for companies.
Thus, companies are tending to shift from the time-consuming process of detecting
intrusions and having security administrators react manually to them to implementing automated
mechanisms found in Intrusion Prevention Systems.
Research firm Gartner Inc. has defined three criteria for providing a useful network- and
host-based intrusion-prevention application: (1) It must not disrupt normal operations—meaning
that when it is put online, an intrusion-prevention system must not place unacceptable or unpredictable
latency into a network. A host-based intrusion-prevention system should not consume
more than 10% of a system’s resources so that network traffic and processes on the servers can
continue to run. Blocking actions must take place in real time or almost-real time, with latencies
placing in the tens of milliseconds rather than in seconds. (2) It must block exploits using more than
one algorithm—to operate at the application level as well as at the firewall-processing level. (3)
It must have the capability to ascertain “attack events” from “normal events.”
As intrusion-prevention systems continue to evolve, their capacities will also improve. They
will be better able to identify and therefore block significantly more crack attacks than today’s
intrusion-prevention systems can. Because firewalls are not 100% effective, trained analysts will
continue to have to flag and more thoroughly investigate suspicious traffic activity.
See Also: Attack; Exploit; Firewall.
Further Reading: Pescatore, J. Enterprise Security Moves Toward Intrusion Prevention.
[Online, September 25, 2003.] CXO Media. Inc.Website. http://www.csoonline.com/analyst/
report1771.html.
181 Intrusion Prevention
Intrusion Recovery (general term): Reports have consistently indicated that supposed techsavvy
firms have a long way to go in terms of implementing effective system security measures
to enable them to more effectively recover from system intrusions—known simply as intrusion
recovery. For example, a recent IBM Corporation study found that although 86% of companies
surveyed said they used firewalls, 85% said they used anti-virus software, and 74% said they used
authentication procedures, only 63% of the companies surveyed said they used encryption
software—and less than 50% said they used intrusion detection and prevention systems.
Taken as a composite, these survey statistics suggest that there is considerable opportunity for
serious data loss or data manipulation incidents to occur in companies today.
Accepting that computer system downtime equates to high revenue losses for companies, a
2002 recent survey of Fortune 1000 companies conducted by the Find/SVP consulting company
indicated that the average downtime resulting from network intrusions lasted, on average,
four hours, at an average cost of $330,000. Moreover, according to this survey, a “typical” company
experienced, on average, nine downtimes per year. The losses incurred were almost $3
million per year —not including the losses associated with a total lack of employee productivity.
The initial step in preventing unauthorized access is the deployment of intrusion-prevention
systems that actively and automatically limit access to systems. Attacks that cannot be blocked by
the prevention systems typically would be detected by intrusion-detection systems, defined as
applications that monitor operating system software and network traffic for real or probable
security breaches. If these systems fail and an attack is successfully completed, other steps need to
be in place—including having an appropriate disaster recovery plan.
By definition, a disaster recovery plan is a strategy outlining both the technical and organizational
factors related to network security. Such a plan should start with a comprehensive
assessment of the network to determine acceptable risk levels to the system. These results can
then be utilized to produce a set of security policies and procedures for assisting employees
and workgroups in case a network disruption or stoppage occurs. Moreover, decisions can also
be made by system administrators as to which particular methods and systems will be required
by the organization so that it can implement its security policies and procedures quickly and
effectively—the primary goal of intrusion recovery.
See Also: Encryption or Encipher; Firewall; Intrusion Detection System (IDS); Operating
System Software; Risk; Security.
Further Reading: Peddle, D. Identifying Vulnerabilities In Networked Systems. [Online,
June 29, 2004.] CBL Data Recovery Website. http://www.cbltech.com/article-identify.html.
IP Address (general term): An identifier required for any machine to communicate on the
Internet. The IP address looks something like this: 123.123.123.123—for numerical segments
separated by dots.Any computer is reachable through its IP address.
An IP address is divided into a part identifying a network as belonging to a university, a government
agency, or a company and another part identifying each computer in that network.The
IP address is comparable to a “nonvirtual” street address with its street name and house number.
See Also: Internet Protocol.
IP Address Spoofing (general term):A technique used by crackers to gain unauthorized access
to computers and from which newer routers and firewall arrangements can offer some protection.
Intrusion Recovery 182
IP address spoofing is accomplished when the cracker sends messages to a system with an IP
address identifying these messages as originating at a trusted host.
To spoof an IP address, a cracker must first use a combination of methods and tools to identify
the IP address of a trusted host and then change the packet headers so that it appears as
though the packets are coming from a trusted host.
See Also: Crackers; IP Address; Spoofing.
Further Reading: Jupitermedia Corporation.What is IP Spoofing? [Online,April 14, 2004.]
Jupitermedia Corporation Website. http://www.webopedia.com/TERM/I/IP_spoofing.html.
IRL (general term): Chat room talk meaning “in real life.”
ISACA (Information Systems and Control Association) (general term): Provides education,
training, and research for professionals in the areas of IT governance, security, and auditing.
It was founded in 1967 and now has more than 50,000 members worldwide in more than 60
countries.
Further Reading: ISACA Website. [Online, April 8, 2006.] http://www.isaca.org.
(ISC)2 (International Information Systems Security Certification Consortium) (general
term):A nonprofit organization created to provide an international standard for information
security practitioners. The (ISC)2 developed both the SSCP (Systems Security Certified
Professional) certification and the CISSP (Certified Information Systems Security Professional)
certification.These certifications indicate the Common Body of Knowledge (CBK) required by
information security practitioners. Because the SSCP and CISSP certifications focus on the practices,
responsibilities, and roles of information security practitioners, they are seen as being useful
for advancing practitioners’ careers and adding to their credibility.
The CISSP Certification examination has 250 questions and assesses 10 information systems
security domains relating to the CBK (such as access control systems and methodology; applications
and system development; business continuity planning; cryptography; and law, investigation,
and ethics). On top of the basic CISSP Certification, professionals in good standing can obtain
certifications in one of three concentration areas: Security Engineering, Security Architecture,
and Security Management. The corresponding certificates are, respectively, ISSEP, ISSAP, and
ISSMP.
The SSCP examination has 125 questions and assesses seven information systems security
domains relating to the CBK (such as Access Controls, Administration, Audit and
Monitoring, Cryptography, and Response and Recovery).
See Also: Access Control; Administrator; Cryptography or “Crypto”; SANS Institute.
Further Reading: Systems Security Certified Practitioner. About SSCP Certification.
[Online, 2004.] ISC2 Website. https://www.isc2.org/cgi-bin/content.cgi?category=20.
Island-hopping (general term):To crack one system and then use it as a “launching pad” for
cracking other systems. University computer systems tend to be a hotbed of compromised systems
from which crackers launch DoS attacks. Home computers attached to DSL (Digital
Subscriber Lines) and cable modems are frequently exploited by crackers and used to launch
Denial of Service (DoS) attacks.The primary reason these exploits occur is that home computers
tend to lack key security features and anti-virus software. Given the huge customer base
183 Island-hopping
of Internet Service Providers (ISPs) offering cable modems or DSL services, it is very difficult
to track the origin of such DoS exploits.
See Also: Denial of Service (DoS); DSL (Digital Subscriber Lines); Exploits; Internet Service
Provider (ISP);Vulnerabilities of Computers.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
ISO (International Organization for Standardization) (general term): A federation of the
national standards bodies that forms a nongovernmental,multinational organization. In 2005, 149
countries collaborated under the ISO umbrella.Working groups from the member countries
continue to develop standards that are adopted as national standards by the member countries.
Through the standardization effort, duplication of work is avoided and the seamless transfer of
technology is thus enabled.
ISO 17799 (general term):A detailed security standard that is organized into the following areas:
asset classification and control; business continuity planning; compliance; computer and operations
management; personnel security; physical and environmental security system access control;
security organization; security policy; and system development and maintenance.
Because ISO 17799 is very thorough, it requires a methodical and measured approach to system
security as well as access to essential tools and products.To assist firms and agencies wanting
to improve their ISO 17799 compliance status, a directory can be found at http://www
.iso17799software.com/index.htm.The latter provides links to products and tools geared to making
the compliance process less difficult and including downloadable trial versions.
See Also: Download; Risk; Security.
Further Reading: Risk Associates. ISO 17799: What is it? [Online, 2004.] Risk Associates
Website. http://www.iso17799software.com/index.htm.
ITAR (International Traffic in Arms Regulation) (general term): The United States government
controls the export and import of defense-related materials and technology through this
regulation. Many IT security-related technologies—particularly encryption technologies—fall
under ITAR and are therefore restricted from export.
Ivanov, Alexey and Gorshkov,Vasiliy Case (legal case): The real-life case of Alexey Ivanov
and Vasiliy Gorshkov was discussed at the Black Hat Security Conference in Las Vegas in July
2004. It involves two crackers who were smart enough to crack into computer systems but naïve
concerning the social engineering talents of FBI agents. Following is a summary of events in
the case.
On October 10, 2001, in Washington, a jury returned a guilty verdict against Vasiliy Gorshkov,
age 26, of Russia, on 20 counts of conspiracy, numerous computer crimes, and fraud.The targets
included Speakeasy Network (Seattle,Washington), the Nara Bank (Los Angeles, California), the
Central National Bank of Waco (Waco, Texas), and the online credit card payment company
PayPal (Palo Alto, California), among others. For these crimes, Gorshkov faced a maximum
prison term of five years on each count, resulting in a possible sentence of 100 years in prison
and a fine of $250,000 on each count.The jury sentenced him to a three-year prison term.
Island-hopping 184
Gorshkov was one of two Russians persuaded to go to the United States through an FBI sting
operation.The sting came from an investigation of Russian computer intrusions directed at these
targets. Apparently the pair used the targeted computers to steal clients’ personal financial information.
They then attempted to extort money from the targeted firms with threats to either show
the sensitive data to the public or to damage the firms’ computers.The pair also defrauded PayPal
with stolen credit card numbers used to get money to pay for computer parts ordered from U.S.
vendors.
The FBI’s sting operation was formulated to seduce the Russian criminals to arrive on U.S.
soil so that they could be caught and charged. As part of the sting, the FBI created a computer
security company named Invita.Then, pretending to be Invita personnel, during the second half
of the year 2000 the FBI agents communicated with the Russian pair by phone and email.The
pair eventually agreed to a personal meeting in Seattle, where Invita was theoretically based.
Before the FBI agents would bring the pair to the U.S., however, the team had to pass a special
test.They had to crack a test network—an exploit they successfully completed.
Gorshkov and Ivanov landed in Seattle,Washington, on November 10, 2000, to attend the prearranged
meeting at Invita.The Russian men did not know that the Invita meeting participants
were actually FBI agents. The Russians also were not aware that the meeting was recorded on
tape. During the meeting, Gorshkov and Ivanov bragged about their cracking prowess and took
responsibility for their cracking exploits. Gorshkov shrugged off any concerns about the FBI’s
catching them, maintaining that the FBI could not get the pair while they were in Russia.When
asked how they got the U.S. credit cards, Gorshkov said that he was not prepared to discuss that
issue while they were in the United States. He then suggested that such questions would better
be addressed in Russia. At the end of the Invita meeting, the two Russians were arrested and
Ivanov was sent to Connecticut to face charges for a cracking incident regarding the Online
Information Bureau of Vernon (in Connecticut).
Several days after the arrests, the FBI agents got access through the Internet to the men’s
computers in Russia.The FBI copied considerable data from their accounts and obtained a search
warrant from a U.S. judge.The data provided a wealth of cracking evidence.The pair had huge
databases of stolen credit card information: More than 56,000 credit cards’worth of information
was on their computers, as was the personal financial information of online banking clients.
The data also showed that the crackers gained unauthorized control over numerous computers,
including those of a school district in Michigan.The crackers then used those computers to
commit fraud against PayPal and other online firms.
See Also: Black Hats; Federal Bureau of Investigation (FBI); Internet.
Further Reading: U.S. Department of Justice. Russian Computer Hacker Convicted by
Jury. [Online, October 10, 2001.] U.S. Department of Justice Website: http://www.usdoj.gov/
criminal/cybercrime/gorshkovconvict.htm.
185 Ivanov, Alexey and Gorshkov, Vasiliy Case
J. Random Hacker (general term): The archetypal hacker. Although the hacker world is predominantly
male and no records of the exact numbers of both genders exist, the percentage of
women engaging in hacking and cracking activities seems to be greater than the single-digit
range typically reported for the technical professions.
In the United States, the hacker community is predominantly Caucasian, with strong pockets
of Jewish hackers on the East Coast and strong pockets of Oriental hackers on the West Coast.
Among hackers, ethnic distribution is understood to be simply a function of which groups tend
to seek and value education, particularly in cyberspace. Hackers say that prejudice—whether
gender, racial, or ethnic—is notably uncommon among them. In fact, prejudice, they affirm, tends
to be met with freezing contempt in the computer underground (CU).
Hackers’ notorious umbilical ties to Artificial Intelligence (AI) research writings and science
fiction literature may have helped them to develop a “personhood” concept that is inclusive
rather than exclusive.
Geographically, in the United States hackerdom seems to center along a Bay Area–to–Boston
axis, with about half of the hard-core hackers living within a hundred miles of Cambridge,
Massachusetts.Another hacker magnet is Berkeley, California. Other hackerdom clusters include
university towns such as ones in the Pacific Northwest, as well as Washington, D.C.; Raleigh,
North Carolina; and Princeton, New Jersey.
See Also: Artificial Intelligence (AI); Hackers.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
J/K-J/P (general term): Chat room talk meaning “just kidding/just playing.”
Java and JavaScript (general terms):Though these terms sound alike, they have different meanings.
When computer experts discuss the Java programming language, they often mention that
browsers include a type of virtual mechanism (or “sandbox”) encapsulating the Java program and
preventing it from gaining access to local machines.The theory behind Java has been that a Java
“applet” is actually content-like graphics and not full-application software. But as of 2000, all
major browsers have been found to have bugs in the Java virtual mechanisms, allowing hostile
applets to break free of the “sandbox” and gain access to other system parts. Most security experts
now browse with Java disabled on their computers, whereas other security experts encapsulate it
with many more sandboxes. Java is used as a full-fledged programming language in which many
of the server-side applications on the Internet are written.
JavaScript, on the other hand,was developed by Sun Microsystems and Netscape to be a userfriendly
complement to the Java programming language that could be added to basic HTML
pages to create considerably more interactive documents. It is little wonder, therefore, that
JavaScript is often used to create interactive Web-based forms. Most modern-day browsers,
including those from Microsoft and Netscape, have JavaScript support.
Although Java and JavaScript are different, to be able to take market advantage of the negative
marketing hype around Java, Netscape renamed its JavaScript “LiveScript.”
See Also: Browser; Programming Languages C, C++, Perl, and Java.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website:
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; www.cnet
.com. JavaScript. [Online, December 2, 2004.] www.cnet.com Website: http://www.cnet.com/
Resources/Info/Glossary/Terms/javascript.html.
Jobs, Steve (person; 1955– ): Along with Steve Wozniak, started the well-known company
Apple Computer, Inc. After studying physics, literature, and poetry at Reed College in Oregon,
Steve sold his Volkswagen minibus in 1976 for funds to start a computer company.
Jobs and Wozniak took the company public just four years later at $22 a share, and by 1984,
they reinvented the personal computer with the Macintosh. He left Apple, and from 1986
through 1997, Jobs founded and ran NeXT Software, Inc., a company that created hardware to
exploit the full potential of object-oriented technologies. Jobs then sold NeXT Software, Inc., to
Apple in 1997, at which time he again associated himself with Apple Computer, Inc.
In 1986, Steve Jobs discovered and bought an animation company called Pixar Animation
Studios.This company became the creator and producer of a number of top-grossing animated
films such as A Bug’s Life; Monsters, Inc.; Toy Story; and Toy Story 2.
Since 1997, Steve Jobs has helped Apple Computer, Inc. to create innovative products such as
iMac, iBook, iMovie, and iPod. He was also part of the team that positioned Apple to venture
onto the Internet.
See Also: Internet;Wozniak, Steve.
Further Reading: Jobs, S. “Resume.” [Online, December 1, 2003.] Steve Jobs’ Home Page
Website: http://homepage.mac.com/steve/Resume.html; Schell, B.H., Dodge, J.L., with S.S.
Moutsatsos. The Hacking of America:Who’s Doing It,Why, and How.Westport, CT: Quorum Books,
2002.
Johansen, Jon Lech (person; 1984– ):A Norwegian cracker famous for designing software that
could crack the encryption of DVDs. He resurfaced during August 2004, making media headlines
when he cracked Apple Computer, Inc.’s wireless music streaming technology and then
released on his Website a key for decoding the encryption used for the AirPort Express streaming
media device. His blog can be found at http://www.nanocrew.net/blog/.
See Also: Blog; Encryption or Encipher; Key;Wireless.
Further Reading: In Brief. Hacker Cracks Apple. The Globe and Mail,August 12, 2004, p. B7.
Jurisdiction (legal term): Jurisdiction and power accorded to judges are intimately related.
Power is constitutionally conferred on a judge to decide whether there has been a breach of law,
the causes of the breach, and the kind of prison sentence or penalty that is appropriate for such
a breach.The physical land area or geographical district within which a judge has jurisdiction is
called his or her “territory.”Thus, a judge’s power relative to the territory is called “the territorial
jurisdiction.” Judges have power only in their jurisdictions, and the decisions of judges in
upper courts preside over decisions of judges in inferior courts.
Java and JavaScript 188
Further Reading: The ’Lectric Law Library. The ’Lectric Law Library’s Lexicon On
Jurisdiction. [Online, 2004.] The ’Lectric Law Library Website: http://www.lectlaw.com/def/
j013.htm.
Just In Time (JIT) Compiler (general terms): Translates JAVA bytecode into machine language
while the bytecode is being executed.This technology ensures high execution speeds by
doing the translating into machine code while maintaining platform independency.The translation
is done “on the fly” while the program is already running. Several security issues have been
reported as a result of using the technology, particularly through the improper configuration of
the security settings of the compiler.
See Also: Java.
189 Just In Time (JIT) Compiler
Kerberos (general term):A network authentication protocol using symmetric cryptography to
provide authentication for client-server applications.The core of Kerberos architecture is the KDC
(Key Distribution Server), storing authentication information and using it to securely authenticate
users and services. Authentication is called “secure” because it does not occur in plaintext, it does
not rely on authentication by the host operating system, it does not base trust on IP addresses,
and it does not require physical security of the network hosts. For these reasons, the KDC acts as
a trusted third party in performing authentication services.
See Also: Authentication; Cryptography or “Crypto”; Host; IP Addresses; Key; Security.
Further Reading: The Tech FAQ.What is Kerberos? [Online, 2004.] The Tech Faq Website:
http://www.tech-faq.com/cryptology/kerberos.shtml.
Kernel (general term):The heart or essential component of any operating system.When computer
users say something like, “Oh no, my computer crashed!” what they are really saying is,
“Oh, no, my kernel has crashed!”The primary function of the kernel is to coordinate different
parts of the operating system—the disk drive, access to memory, the programs and processes,
input/output devices such as the mouse and the keyboard, as well as networking.
See Also: Computer.
Key (general term):The value needed to encrypt or decrypt a message. Keys can be symmetric
or asymmetric. If someone wanted to keep information secret from another, he or she could utilize
one of two strategies: either hide the fact that the information exists, or make the information
that exists unintelligible to another.
Cryptography is the act of securing information by encrypting it, and cryptanalysis is the act
of decrypting encrypted data to make a message intelligible. Cryptology is the area of mathematics
that includes both cryptography and cryptanalysis.
Modern cryptography uses algorithms, or complex mathematical equations, and secret keys to
decrypt and encrypt information. A key is a number or a string that is typically fewer than 20
characters. Symmetric keys use the same key for decryption and encryption, whereas asymmetric
keys are produced in pairs—one key encrypts the information and the other,“mirrored” key
decrypts it.Thus, someone having only one key could not figure out the other key.
A common question in security pertains to differences between 40-bit and 128-bit encryption
in Internet browsers. The easiest way to break encryption in order to read the plaintext is
simply to try all possible keys.To help indicate the relative degree of difficulty in carrying out
this task, it is important to realize that a 40-bit key has one trillion combinations. So, it would
take a lone computer many weeks to attempt all these combinations. A cracker with considerable
time on his or her hands would likely need just a few weeks to decrypt a message sent across
the Internet with a 40-bit browser.
Furthermore, every increase in key length means that the key will take double the time
to crack. For argument’s sake, if a computer needs one week to crack a 40-bit key, it will
take twice as long to break a 41-bit key—and for a 128-bit key, it will need an estimated
309,485,009,821,345,068,724,781,056 times longer to break it.
See Also: Cryptography or “Crypto”; Decryption or Decipher; Encryption or Encipher.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website:
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; Simpson, S.
Cryptography Defined/Brief History. [Online, Spring, 1997.] University of Texas Economics
Website: http://www.eco.utexas.edu/faculty/Norman/BUS.FOR/course.mat/SSim/history
.html.
Key Escrow (general term): A cryptographic key entrusted to a third party, meaning that the
key is kept “in escrow.” Normally a key would not be released to anyone but the sender or
receiver without proper authorization.The purpose behind the key escrow is to serve as a backup
if the parties with access to the cryptographic key lose the data, such as through some natural
disaster or a crack attack.
Picture this realistic scenario. Company A supplies software that Company B sells embedded
in its hardware. Company B, worried that Company A may go out of business, requests that
Company A place in escrow the source code for the software.Then, if Company A does go out
of business, Company B is still able to sell products.
The public became aware of the controversial side of key escrow at the time of the U.S. Clipper
Proposal in the early 1990s.The Clipper Proposal suggested that to prevent abuse, there should
be two separate escrow agents, each holding half of the key.The controversy began when the U.S.
government suggested in a set of proposals that there should be a broader utilization of cryptography
without intelligence officers and law enforcement agents’ abilities to read encrypted traffic
being hampered. The idea was that key escrow would allow U.S. agents, subject to certain legal
controls, to access copies of cryptographic keys protecting information exchanges.Although these
proposals were publicly stated as being voluntary in nature, they produced much protest from
citizens groups who saw key escrow not only as the first step toward placing domestic controls
on cryptography but also as a step that would undermine the constitutional freedoms given to
U.S. citizens—particularly privacy and freedom from unwarranted government intrusion into
citizens’ private lives.
Those on the other side of the debate maintained that widespread use of strong cryptographic
information protection had certain risks associated with it, such as key loss. For this reason and
particularly in times of emergency, end users needed some way of recovering the key.
The stated objective of key escrow was to find a compromise so that all parties making concessions
would get something in return. After much effort by those who stood more toward the
center, a consensus was eventually reached on the concept of key recovery.
See Also: Clipper Proposal or Capstone Project; Cryptography or “Crypto”; Privacy; Privacy
Laws; Risk.
Further Reading: Gladman, B. Key recovery—meeting the needs of users or key escrow in
disguise? [Online, 2004.] B. Gladman Website: http://www.fipr.org/publications/key-recovery
.html; Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website: http://www
.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Key Exchange (general term):The protocol used to set up a security association in the Internet
Protocol Security (IPSec) protocol suite.Although IPSec, or IKE (Internet Key Exchange), is
Key 192
an optional part of the IPv4 standard, it is a mandatory part of the new IETF IPv6 standard,
which is soon to be adopted throughout the Internet.
The IKE command can perform several functions, including activating, removing, or listing
IKE and IP Security tunnels. IKE uses a Diffie-Hellman key exchange to set up a shared secret
from which cryptographic keys are derived in a partial implementation of the so-called Oakley
protocol. Public key techniques or pre-shared secrets are used to authenticate communicating
parties.
See Also: Algorithm; Diffie-Hellman Public-Key Algorithm (DH); Internet Engineering Task
Force (IETF); Internet Protocol Security (IPSec); Internet Protocol Version 4 (IPv4) and Internet
Protocol Version 6 (IPv6).
Further Reading: Farlex, Inc. Internet Key Exchange. [Online, 2004.] Farlex, Inc.Website:
http://encyclopedia.thefreedictionary.com/Internet%20key%20exchange.
Key Recovery, User-Controlled (general term): A means of recovering cryptographic keys
when the usual means for obtaining them is unavailable. User-controlled key recovery, in particular,
means that the owner of the information being protected can choose to enable the key
without otherwise altering the cryptographic protection strength available to him or her. As
Gladman suggests, it is important to recognize that ownership of key recovery is retained by the
information owner. Ownership of key recovery is not retained by the government or the end
user.
Key recovery, particularly that which is user controlled, is a controversial topic, with arguments
from the government’s side and those from the companies’ side explained in a 2004 article
by Brian Gladman.
In a business scenario, the business-owned information is at risk. Therefore it is crucial that
key recovery decisions are made by the business and not by consumers. In contrast, in the utilization
of cryptography by private citizens, the interests of the user and the information owner
coincide; thus, the end user should have control of key recovery actions.
See Also: Cryptography or “Crypto”; Key.
Further Reading: Gladman, B. Key recovery—meeting the needs of users or key escrow in
disguise? [Online, 2004.] B. Gladman Website: http://www.fipr.org/publications/key-recovery
.html.
Keystroke Logger (general term): A hardware device or small program monitoring each keystroke
a user types on a computer’s keyboard. It is sometimes called a system monitor.
As a hardware device, a keystroke logger is a small plug serving as a connector between the
user’s keyboard and computer. Because the device resembles an ordinary keyboard plug, it is relatively
easy for someone who wants to monitor a user’s behavior—a hacker or a cracker—to
physically hide such a device. (It helps that most workstation keyboards plug into the back of the
computer.) As the user types, the hardware device collects each keystroke and saves it as text in
its own miniature storage device. Later, the person who installed the keystroke logger can return
and remove the device to access the gathered information.
A keystroke logger program does not require physical access to the user’s computer. It can be
downloaded by someone who wants to monitor activity on a particular computer, or it can be
downloaded unwittingly as spyware and executed as part of a rootkit or remote administration
(RAT) Trojan.
193 Keystroke Logger
According to reports, a crack attack on Sumitomo Mitsui Bank in March 2005, involved the
use of inexpensive keyboard logging devices. Apparently, cleaning staff or individuals posing as
cleaning staff attached the devices to computers.When the exploit was discovered, bank investigators
found some of the devices still attached to some of the PCs.To prevent such crack attacks,
many banks are now believed to permanently connect keyboards into their computers or to ban
wireless keyboards.The Sumitomo Bank—post exploit—is said to now use sophisticated software
to monitor the electrical current in computer systems to determine whether the computers have
been compromised.
A keystroke logger program for a Microsoft Windows Operating System typically consists of
two files installed in the same directory: a dynamic link library (DLL) file, which does all the
recording, and an executable file (.EXE), which installs the DLL file, triggering it to work.The
keystroke logger program records each keystroke the user types and uploads the information over
the Internet periodically to whoever installed the logger program.
Although keystroke logger programs are promoted for benign purposes, such as to let parents
keep track of their kids’ travels on the Internet, most privacy advocates argue that the potential
for abuse is so large that laws should be passed to make the unauthorized use of keystroke loggers
a criminal offense. Businesses, too, are becoming concerned about the legal ramifications of
using keystroke loggers to track employees’ computer behaviors during workdays.
See Also: Internet; Privacy; Rootkit; Spyware;Trojan.
Further Reading: TechTarget. Keystroke Logger. [Online, July 19, 2004.] TechTarget Web
Site. http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_gci962518,00.html;
Warren, P. Bank Attack Used Key-Loggers Costing Just 20 Sterling. [Online, April 21, 2005.]
vnu.net europe Website: http://www.vnunet.com/news/1162595.
Kilobyte (KB) (general term): Equal to 1,024 (or 210) bytes.
Knight,Tom and Kotok, Alan Team (general term):Two of the original hackers at MIT in
the 1960s.Then, a “hack” meant a prank of the kind that students played on their MIT faculty
or their rivals—”out of the box” fun tricks such as wrapping the entire roof of the MIT building
in tinfoil.
See Also: Good Hack.
Known-Plaintext Attack (general term): The simplest means to “brute-force” a key using a
sample of both the encrypted message and the original plaintext.A known-plaintext attack is a
cryptographic attack in which an individual has the plaintext and its encrypted version
(ciphertext), thereby allowing him or her to use both to reveal further secret information—such
as the secret key. Encrypted archived ZIP files are said to be prone to known-plaintext attacks
because using software available on the Internet, crackers are able to determine the key needed
to decrypt the archived files.
See Also: Ciphertext; Encryption or Encipher; Cryptography or “Crypto”; Plaintext.
Further Reading: GNU_FDL. Known-Plaintext Attack. [Online, 2004.] GNU Free
Documentation License Website: http://www.wordiq.com/definition/Known-plaintext_attack.
Keystroke Logger 194
L (general term): Chat room talk for “laugh.”
L0pht bulletin (general term): For decades, neophyte crackers and hackers have obtained
much of their required information from books, documents, and online mailing lists such as the
L0pht bulletin and Phrack.
One of the founding members of the L0pht Heavy Industries team responsible for producing
the L0pht bulletin was Peiter Zatko, more commonly known in the Computer Underground
as Mudge. Mudge gained notoriety in 1998 when he and other L0pht members testified before
a Senate committee that they could take down the Internet in 30 minutes.Thus, the members
argued, sound computer system security is a must in a wired (and now wireless) world. A highly
sought-after computer security consultant, Mudge not only left the security firm @stake Inc.
several years ago but also stayed away from the security industry for a while. Finally, in February
2005, Zatko decided to come back to the security field by joining BBN Technologies Inc. Zatko
had, in fact, been employed there in the 1990s. BBN Technologies Inc. is best known as the contractor
responsible for building ARPANET.
See Also: Crackers; Hackers; Newbies or Scriptkiddies; Phrack.
Further Reading: Fisher, D. Hacker ‘Mudge’ Returns to BBN. [Online, February 2, 2005.]
Ziff Davis Publishing Holdings, Inc.Website. http://www.eweek.com/article2/0,1759,1758913,00
.asp?kc=EWRSS03119TX1K0000594.
LACNIC (general term):An acronym for the Latin American and Caribbean Internet Addresses
Registry. It is one of five Internet registries serving different world regions by assigning and
administering IP addresses.
See Also: AfriNIC;ARIN; IANA; IP Address; RIPE NCC.
Lag Time (general term):The time that it takes for data to come back from a server.
See Also: Server.
LambdaMOO (general term): A sort of (at least it turned out to be) Black Hat equivalent of
the present-day popular online game Sims Online.To be more precise, LambdaMOO was a subspecies
of MUD (a multi-user dungeon) known as a MOO, an abbreviated form of “MUD,
object-oriented.”
LambdaMOO was a type of database giving users the rather realistic feeling that they were
moving through space. When users dialed into LambdaMOO, the program immediately presented
users with a short text description of one of the database’s fictional rooms in a fictional
mansion. The rooms, the things in them, and the characters were able to interact according to
rules imitating laws in the real world. In general,LambdaMOOers were allowed the positive freedom
“to create.”They could describe their characters in any way, decorate rooms, and build new
objects.
The combination of all this user activity with the physics of the database could induce an illusion
of “presence.”What the user really saw when he or she visited LambdaMOO was a form of
slow-moving text, dialogue, and stage directions that moved up the screen.
One of the controversial cases around LambdaMOO involved a cyber perpetrator by the
name of Mr. Bungle, who, with an online voodoo doll and a piece of programming code, could
spoof other players by taking over their identities and performing offensive actions against them.
The closest thing to this kind of action today would be called identity theft.Though some of
the users of LambdaMOO felt that Mr. Bungle virtually raped them—or at least cyberstalked
them—the claims could not be legally upheld because Mr. Bungle caused the users in
LambdaMOO to commit offensive actions against themselves. Mr. Bungle was not himself virtually
involved in the offensive acts.
See Also: Black Hats; Identity Theft or Masquerading; MOO; MUD.
Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime:A
Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004.
Laser Intelligence (LASINT) (general term): Is technical and geo-spatial intelligence obtained
with laser technology and is therefore a sub-category of electro-optical intelligence.
See Also: Intelligence; U.S. Intelligence Community.
Further Reading: U.S. Military: laser intelligence. [Online, 2004.] About, Inc. Website.
http://usmilitary.about.com/library/glossary/l/bldef03545.htm.
Layers of Networks (general term): The international standards organization for the Open
Systems Interconnection (or OSI) has defined the following seven layers of networks:
• Physical Layer—Defining the electrical and mechanical interfaces to the network, it determines
the upper limit of the transmission speed needed for audio and video information.
• Data Link Layer—Comprising the access protocol to the physical layer, it deals with error
correction, flow control, frame synchronization, and the transmission of data frames.
• Network Layer—Containing switches and router packets, it establishes logical associations of
remote stations and provides services such as addressing, congestion control, error handling,
internetworking, and packet sequencing.
• Transport Layer—Provides a program-to-program connection.
• Session Layer—Coordinates interactions between user application processes on different
hosts, including multi-cast (defined as one to many, multi-drop), many-to-one sessions, and
point-to-point.
• Presentation Layer—Manages abstract data structures and converts different data formats and
codes.
• Application Layer—Contains protocols such as ftp, SMTP, telnet, and email.
The TCP/IP protocol used on the Internet collapses layers 5, 6, and 7 of the above OSI Model
to a single application layer, thus forming a five-layer protocol.
LambdaMOO 196
See Also: Encapsulation;TCP/IP.
Further Reading: Tanenbaum, A. Computer Networks, 4th ed. Upper Saddle River, NJ:
Prentice Hall, 2003.
Leach (general term): A derogatory term in the warez underground community that refers to
self-serving individuals who download an abundance of information for free but never give back
to the community.
Following the passage of the Digital Millennium Copyright Act (DMCA) in 1998 and
particularly since 2004, violators of copyright law have been taken to court by the recording
industry for infringement of the Act—a form of leaching. Many of those targeted by the recording
industry included U.S. students who downloaded music from Napster and shared files with
their friends for free, depriving the recording artists of their royalties and failing to give back to
the entertainment community.The courts generally made each of the student violators pay thousands
of dollars in damages.
See Also: Digital Millennium Copyright Act (DMCA); Napster;Warez Software.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Least-privilege (general term):A security principle holding that users should be allocated the
least possible set of privileges on a computer system. For security reasons, users should be given
only the amount of privileges needed to complete their tasks.
Without question, least-privilege is a critical area in security.Accepting that organizations, university
and medical institutions, as well as government agencies have in recent years adopted
the Internet as a key means of conducting important transactions—often involving sensitive
information—one important factor these organizations and agencies have had to address is an
unprecedented demand for security measures to guarantee the confidentiality, integrity, and
availability of sensitive online information. A great place to begin building sound security measures
to protect information assets, note security experts, is to install network perimeter-based
protection with capabilities consistent with the security expectations of the organization.
See Also: Integrity; Internet; Security;Type Enforcement Technology.
Leetspeak (general term):A word that derives from the hacker elites, leetspeak not only relies on
humor and improvisation but also is a new kind of language now popular in the hacker community.
Leetspeak, generally also known as L33T speak, incorporates layers of computer
underground references—slang words such as warez (meaning pirated software), for example—
and transforms the letters in the slang words into numbers and symbols (called visual puns or
icons).
As examples, the letter E is written as a 3 and the letter A is written as a 4. Also, L is written
as a 1 and an S is written as a 5. Consistent with earlier TAP methodology, the letter O is written
as a 0. Technically speaking, leetspeak is a cipher on top of jargon: Slang words that are
incomprehensible to those outside the hacker community are further rearranged into symbols.
Other fun consists of alternating uppercase and lowercase letters and deliberately misspelling
common-usage words. For example, porn will often be written as pr0n and the as teh.
197 Leetspeak
Hacker community jokes are designed to fool not only people but also machines.The technique
called “fat-finger typing” is what spammers use to circumvent filters on email. Fat-finger
typing makes a word usually readable to a human (who can mentally adjust for errors in the typing
and “see” the word as it should be) but unreadable to a search engine. Because search engines
are not blessed with the cognitive flexibility and adaptation of humans, fat-finger typing often
lets undesirable things such as pornography ads get through software filters.
See Also: Electronic Mail or Email;TAP;Warez Software.
Further Reading: Smith, R. Virtual Culture: Hackers Devise Their Own Language
Literacies. The Globe and Mail, July 22, 2004, p. R1, R3.
Levin,Vladimir (person; 1971– ):A graduate of St. Petersburg Technology University in Russia,
mathematician Vladimir Levin supposedly masterminded the Russian cracker gang’s exploit that
tricked Citibank’s computers into relinquishing $10 million. Levin apparently used a laptop computer
in London to crack the Citibank network in order to get a list of the bank clients’
passwords. He then logged on to the network 18 times over several weeks with the intent of
transferring money to accounts his group had in the United States, Finland, the Netherlands,
Germany, and Israel. Levin was arrested at Heathrow Airport in 1995 and was sentenced to a
three-year prison term in the United States.He was also ordered to pay back more than $240,000
of the stolen money to Citibank—supposedly his share.
After this incident, Citibank began using the dynamic encryption card, an extremely tight
security system possessed by other financial institutions worldwide.
See Also: Black Hats; Cracking; Exploit; Network;Vulnerabilities of Computers.
Further Reading: Discovery Communications, Inc. Hackers: Outlaws and Angels. [Online,
2004.] Vladimir Levin. Discovery Communications, Inc. Website. http://tlc.discovery.com/
convergence/hackers/bio/bio_09.html; Flohr, U. Bank Robbers Go Electric. [Online, May 20,
2005.] CMP Media, LLC.Website. http://www.byte.com/art/9511/sec3/art11.htm.
Levy, Steven and His Books on Hackers (general term): In 1984, Steven Levy wrote the
book Hackers: Heroes of the Computer Revolution, which is held in high regard in the Computer
Underground. Levy not only discussed many important talents in the hacker world in this book
but also detailed the tenets of the Hacker’s Ethic—the foundation of hacker culture. Levy’s
more recent books include Unicorn’s Secret, Artificial Life, Insanely Great, and Crypto. He is a senior
technology editor for Newsweek magazine.
See Also: Computer Underground (CU);White Hat Ethic.
Further Reading: Levy, S. Steven Levy’s Home Page. [Online, 2004.] Steven Levy’s Website.
http://mosaic.echonyc.com/~steven/index.html.
Lightweight Directory Access Protocol (LDAP) (general term):A communication protocol
used to transport and format messages in order to access information in an X.500-like
directory.A directory able to be accessed with LDAP is known as an LDAP directory.The LDAP
Version 3 (LDAPv3) protocol has become the standard used by large firms to access user and
resource directory data.
The shortcoming of LDAPv3 is its lack of access control and back-end enterprise integration
extensions (such as replication) that are widely adopted and necessary for integrating disparate
directories and for constructing a distributed directory service. Today within most enterprises,
Leetspeak 198
meta-directories tend to resolve the issue. Endeavors are underway to address shortcomings of
LDAP, ironically by reintroducing features that were stripped out in the transition of the more
complex X.500 standard to make it more “lightweight.”
See Also: Protocol.
Link (general term):Typically used as a short form of hyperlink, which is used in Web documents
written in the HyperText Markup Language (HTML) to enable navigation from one Web
page to another by the user’s clicking the link. Links can cause concern for security experts, particularly
when the text describing the link does not correspond with its destination and is a
deliberate attempt to lure an unsuspicious user to a Website that might contain malicious code
or trick the user into revealing personal data.
See Also: HTML; HTTP.
Link Virus (general term):A computer virus that is downloaded and launched by clicking a link
embedded in a Website. The link usually seems to point to a harmless destination and is frequently
obscured so that an unwary user believes that nothing bad can happen. It is often used
in phishing or spear phishing attacks to smuggle attack code through the perimeter defenses of
an organization.
See Also: Link; Phishing;Virus.
Linux (general term): An operating system widely used on Internet servers and embraced by
large corporations as an alternative to the Microsoft operating system software. Linux was
named after a Finnish man, Linus Torvalds, who started the community development process
of this UNIX-compatible operating system. Linux is also viewed as an alternative to commercial
flavors of UNIX.
See Also: Internet; Operating System Software;Torvalds, Linus; UNIX.
LMAO (general term): Chat room talk meaning “laughing my ass off.”
Local Area Network (LAN) (general term):A computer network contained in one or more
buildings that are physically close to one another.
See Also: Computer; Network.
Local Exploit or Intrusion (general term): Requires that the cracker has access to a machine.
The cracker then runs an exploit script granting him or her administrator or root access.A number
of sites on the Internet give newbies in the Computer Underground (called scriptkiddies)
an idea of how vulnerabilities can be exploited in just a few steps. Though a number of techniques
can be used to accomplish this task, the most common are misconfiguration, poor
SUID, buffer overflows, and temp files.
See Also: Buffer Overflows; Exploit; Misconfiguration Problems; Poor SUID;Temp Files.
Further Reading: Nomad Mobile Research Center. The Hack FAQ: UNIX Local Attacks.
[Online, 2004.] Nomad Mobile Research Center Website. http://www.nmrc.org/pub/faq/
hackfaq/hackfaq-29.html.
Local Loop (general term): A logical network interface on a computer having TCP/IP networking
software. A local loop interface is used for the interprocess communication of two
199 Local Loop
processes on the same machine. Modeled within the kernel memory, it is faster than a connection
made through a real-network interface.
See Also: Network;TCP/IP or Transmission Control Protocol/Internet Protocol.
Local Loop,Wireless (WLL) (general term): Often referred to as Radio in the Loop (RITL),
Fixed-Radio Access (FRA), or Wireless Local Loop (WLL), these are systems connecting customers
to the public-switched telephone network (or PSTN). Radio signals are used as a copper
substitute to provide part or full connection between the user and the switch. This system
includes cordless access systems, fixed cellular systems, and proprietary fixed-radio access.
Today’s industry analysts predict that the worldwide WLL market will soon attract millions of
users, with considerable growth in emerging economies that reach only a very limited percentage
of their population with traditional wire-based telephone service. For example, analysts suggest
that China, India, Brazil, Russia, and Indonesia might adopt WLL technology as an efficient means
of deploying telephone service to multitudes of subscribers without having to undergo the
expense of burying tons of copper wire.
Moreover, say analysts, in developed countries WLL technology will assist in unlocking competition
in the local loop, thus enabling operators to bypass existing wire-line networks in order
to deliver telephone services and data access. So the question, say analysts, is not “will the local
loop go wireless?” but “where and when?”
See Also: Local Loop.
Further Reading: International Engineering Consortium.Wireless Local Loop. [Online,
2004.] International Engineering Consortium Website. http://www.iec.org/online/tutorials/wll/.
Log (general term): A record of actions and events occurring on a computer when a user is
active. Many components of a computer’s operating system and numerous applications generate
logs.Web servers generate traffic and usage logs in a common logfile format (CLF) that can be
used as input to a variety of statistical tools.
See Also: Computer.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Log Subsystem (general term): System administrators must analyze numerous types of log
entries not only from multitudes of sub-systems within each system but also from multitudes of
systems in order to detect system intrusions. For example, an FTP server will write an entry for
every connection it gets, the kernel will generate entries for failures of hardware (such as in a
disk drive), and a DNS server might regularly report usage statistics. Some of these log entries
might require the immediate attention of a system administrator or of someone having expertise
in a particular type. Still other entries simply need to be recorded for future reference.To deal
with these important matters, most UNIX systems have a log sub-system facility called Syslog,
implemented as a daemon program named “Syslogd.” This program listens for messages on a
socket called /dev/log.
By classifying information in the entries and in the contents of the config file (typically
/etc/syslog.conf), Syslogd routes the information—such as “print to the system console,”“mail to
a specific user,”“create entry in a logfile,”“forward to another daemon,” or “discard.” Syslogd can
also listen for information on the Syslog UDP port and on the local socket.Though Syslogd can
Local Loop 200
operate on information from the operating system, the kernel does not write to /dev/log. Instead,
another daemon (named Klogd) receives information from the kernel and forwards it to Syslogd.
Syslogd must receive a two-part classfication piece of information from each process consisting
of “facility” and “priority.” A facility/priority number is one indicating both the facility and
the priority. Facility ascertains the source—such as the kernel, the mail subsystem, or an FTP
server. Priority ascertains the importance of the contents—such as debug, informational, warning,
or critical. Except for the fact that priorities have a defined order, the real meaning of these
is determined by the system administrator.
See Also: Administrator; Daemon; Domain Name System (DNS); /etc/syslog.conf; FTP (File
Transfer Protocol); Kernel; Logfile; Socket; UNIX; User Datagram Protocol (UDP).
Further Reading: GNU Organization. Overview of Syslog. [Online, 2004.] GNU
Organization Website. http://www.gnu.org/software/libc/manual/html_node/Overview-of-
Syslog.html.
Logfiles (general term): The area on a computer system where, according to crackers,
“interesting” events are stored. Interesting events can include the logging in and logging out of
users, access to certain applications (such as mail, FTP, and Web pages), system startup, system
shutdown, and error messages. Crackers typically try to hide their tracks by altering the contents
of logfiles to delete entries caused by their malicious acts.
See Also: Computer; Crackers; Cracking; Logs; Logging In.
Logging In (general term): Gaining access to a computer system through an authentication
process.Typically, a username and a secret password are used to authenticate a user in the login
process. Increasingly, because of security concerns biometric means such as fingerprints or access
cards are being used instead of passwords.
See Also: Authentication; Fingerprinting; Password.
Logic Bomb (general term): Hidden code instructing a computer virus to perform some
potentially destructive action when specific criteria are met.
See Also: Code or Source Code; Malware;Virus.
Logon Procedures (general term): Identifying someone trying to establish a connection to a
computer. During logon procedures, two requests are made from the individual trying to gain
access: a preauthorized account (or user) name and a preset password. On a computer system used
by more than one individual, the logon procedure identifies the authorized users and the protocols
of users’ access time. These logon procedures are meant to uphold system security by
managing access to sensitive files and operations.
See Also: Access Control; Computer; Logging In.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
LOL (general term): Chat room talk meaning “laughing out loud.”
Loop Carrier System (general term): Uses programmable remote computers to integrate voice
and information communications for an efficient transmission over a fiber-optic cable. In many
ways, loop carrier systems act as circuit breaker boxes in homes.
201 Loop Carrier System
See Also: Fiber-Optic Cable; Loop Carrier System.
Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime:A
Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004.
Lotus Domino (general term): A popular commercial groupware service providing e-mail, collaboration,
and data exchanges to its registered users.
See Also: Microsoft Exchange.
lsof Tool (general term): A UNIX-specific diagnostic tool whose name means “LiSt Open
Files.” It lists all files that processes running on the computer system have opened. It also lists the
communications opened by each process. For these reasons, lsof is used by system administrators
to figure out whether all the processes running are legitimate.
See Also: Administrator; UNIX.
Further Reading: Abell, V. lsof 4.68 (Default). [Online, March 22, 2004.] Open Source
Technology Group Website. http://freshmeat.net/projects/lsof/?branch_id=6029&release_id=
127461.
Lynx (general term): A text-based Web browser that does not require a graphical user interface
to display Web pages.Although the World Wide Web becomes more and more media rich in content,
the number of purists who prefer text-only renderings of Web pages does not seem to
shrink. Often, Lynx is the only solution for displaying Web pages over low bandwidth lines and
on slow client computers.
See Also: Browser.
LZW (general term): Stands for Lempel-Ziv-Welch (Algorithm).The authors,Abraham Lempel
and Jacob Ziv, presented the algorithm in 1977 as a lossless universal algorithm for sequential data
compression. In 1984,Terry Welch improved the algorithm to its present form.
See Also: Compression.
Loop Carrier System 202
Macro (general term): A sequence of commands in an application that can be recorded or
directly programmed to repeatedly execute this sequence. Macros have access to resources such
as disks and networks on the computer. They are stored within the document format of the
application.Typical examples are macros in Office Applications such as MS Word or Excel, where
they are used extensively. Newer versions of these applications include options to turn off the
execution of macros for security reasons.
See Also: Macro Virus.
Macro Virus (general term): A computer virus that uses the macro capabilities of an application
to execute code or programming steps that are embedded in data files associated with specific
applications. Because users have learned not to execute programs from unknown sources for security
reasons, attackers have turned to using macro viruses to embed malware in innocuous data
files. Modern virus scanners detect macro viruses, as well.
See Also: Macro;Virus.
Mafiaboy (person; 1985– ): As has the United States, Canada has generated its share of spectacular
crack attacks and crackers. In February 2000, the high-profile case of Mafiaboy (his identity
was not disclosed at the time because he was a 15-year-old minor) raised Internet security concerns
in the United States, Canada, and elsewhere. In fact, say legal analysts, Mafiaboy’s computer
cracking trial had the potential to redefine “reasonable doubt” in a relatively unexplored area of
Canadian law.
What could have been a lengthy trial ended when Mafiaboy pleaded guilty on January 18,
2001, to charges that he cracked Internet servers and used them as launching pads for extremely
costly DoS attacks on several high-profile Websites, including Amazon.com, eBay, and Yahoo!.
As is typical of most young crackers facing the prospect of a long and expensive trial, Mafiaboy
admitted his part in the DoS attacks before the Youth Court of Quebec in Montreal. He pleaded
guilty to a number of counts of mischief and illegal access to a computer as well as one count of
breaching bail conditions. In September 2001, the judge hearing the case ruled that the teenager
committed a criminal act and sentenced him to eight months in a youth detention center. The
judge also ordered Mafiaboy to have one year of probation after his detention ended and fined him
$250. Nowadays, Mafiaboy writes high tech pieces for Canoe, an online news and information
company based in Toronto, Canada. One of his interesting columns, entitled “Hacking becoming
even easier,” details his strategy for the exploits that got him detention time.
See Also: Crackers; Cracking; Denial of Service (DoS); Exploit; Internet.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Magnetic Strip (general term):Though most adults have plastic credit cards or debit cards that
they use for purchasing goods and services, few likely know how the magnetic strip on the back
of the card works. The magnetic strip actually comprises very small iron-based magnetic particles
in a plastic-like film.
Each particle is a tiny bar magnet designed so that the magnetic strip can be written in either
a north pole– or a south pole–direction. (They must be one or the other.) The magnetization
can then be “read” when the user swipes the credit card through a particular machine.
To be more specific, the magnetic strip is actually split into three tracks “understood” by a
magnetic strip reader (that is, the particular machine). Each track holds a specific number of characters
with defined functions.The characters contain information about the cardholder and his
or her account, but they can be “read” only in a certain order, and they are encrypted. So, even
if someone did access the heavily guarded communication lines between banks and retailers, the
cracker would also have to determine the encrypted code before he or she could use the card’s
details to commit fraud.
Three methods are commonly used to determine that a user’s credit card is legitimate and will
pay for what he or she is charging. First is the conventional means of using a touch-tone phone
to dial in for permission. Second is a virtual terminal on the Internet.Third is the card-swiping
machine—today’s most frequently used method for purchasing goods and services in stores.
In the card-swiping method, information held on the magnetic strip is picked up by
Electronic Data Capture, or EDC.After the plastic card has been swiped, the EDC software contacts
an acquirer by dialing a stored telephone number through a modem. An acquirer is the
organization collecting credit authentication requests from retailers and providing them with a
payment guarantee.When the acquirer receives an authentication request, it checks the transaction
for validity and the magnetic strip record for important particulars. If a user’s credit card
appears to be dysfunctional at the time that an attempted purchase is made, often the problem is
that the magnetic strip has become damaged or obscured.
See Also: Encryption or Encipher; Internet.
Further Reading: Cardy, L. The Credit Card Strip: How Does It Work? [Online, 2004.]
Crystal Guides Limited Website. http://www.theanswerbank.co.uk/Article361.html.
Mail Bomb (general term): A massive amount of email that is sent to a specific person or system,
consuming the recipient’s disk space on the server or creating an overload situation for the
server, which causes it to slow down considerably or stop functioning altogether. In the past, mail
bombs have been used to punish Internet users who are netiquette violators (such as those who
spam others on the Internet).
See Also: Electronic Mail or Email; Internet; Spam; Spammers.
Further Reading:TechTarget. Mail Bomb. [Online, October 28, 2003.] TechTarget Website.
http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_gci212514,00.html.
Mail Subsystem (general term): A software package responsible for receiving, delivering, and
forwarding email.The mail transport protocol used throughout the Internet is the Simple Mail
Transfer Protocol (SMTP). Implementations of this protocol are available from different vendors
and public-domain sources.The oldest and still most popular is sendmail. Mail access from client
programs such as Outlook, Outlook Express, Eudora, and others can be handled through IMAP
and POP3.
See Also: Internet; Internet Mail or Message Access Protocol (IMAP); SMTP (Simple Mail
Transfer Protocol).
Magnetic Strip 204
Malicious Code (general term): Programs such as viruses and worms designed to exploit
weaknesses in computer software replicate and/or attach themselves to other software programs
on a computer or a network. Because they are designed to cause harm to a computer’s or a network’s
operation, viruses and worms are known as malicious code. In short, malicious code not
only propagates itself but also typically causes damage to a computer system—such as denying
access to legitimate users, altering or deleting data, or deleting complete file systems and disks.
See Also: Exploit;Virus;Worm.
Malware (general term): Comes in many forms and can be any program or source code producing
output that the computer owner does not need, want, or expect. For example, malware
can be a remote access Trojan horse that can not only open a back door to a remote computer
but also control someone’s computer or network from a remote location. Malware includes
viruses, worms,Trojan horses (that can, for example, spy on the system and display ads when the
user least expects it), and malicious active content arriving through email or Web pages visited.
These forms of malware normally run without the knowledge and permission of the user.
See Also: Back or Trap Door; Electronic Mail or Email;Trojan;Virus;Worm.
Further Reading: Spy Sweeper. Malware: Are you running malicious software? [Online,
2004.] Spy Sweeper Website. http://www.spysweeper.com/malware.html.
Man-in-the-Middle Attack (general term): An attack in which a cracker intercepts data and
replies to it, making it look as though the reply came from the intended recipient. A victim thus
attacked might expose private data—such as credit card or bank account information—that can
later be used to defraud the victim.
See Also: Attack; Crackers; Exploit; Fraud; Identity Theft or Masquerading.
Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime:A
Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004.
Markoff, John (person; 1949– ): John Markoff ’s journalistic stories about Kevin Mitnick’s
cracking exploits led to a book called Takedown. The book was written by Markoff and elite
hacker Tsutomu Shimomura after Shimomura assisted U.S. federal agents in finding Mitnick.
When Kevin Mitnick’s trial for cracking-related crimes was scheduled to begin April 20, 1999,
the “Free Kevin” supporters became angered on two fronts. First, they argued that Takedown
exaggerated Mitnick’s alleged crimes. Second, they were mad that the book was about to become
a movie produced by Miramax—furthering the negative propaganda disseminated by the media
about computer hackers. The movie also called “Takedown” was released in 2000 and was
directed by Joe Chappelle. For a fuller discussion of the case leading to Mitnick’s arrest, see The
Hacking of America: Who’s Doing It, Why, and How (p. 13–19) by Schell and Dodge with
Moutsatsos.
John Markoff is now an adjunct faculty member at Stanford University. His Web page can be
found at http://communication.stanford.edu/faculty/markoff.html.
See Also: Cracking; Exploit; Mitnick, Kevin (a.k.a. Condor); Shimomura, Tsutomu;
Vulnerabilities of Computers.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
205 Markoff, John
Mask (general term): See Nemasks.
Matrix (general term): Means many things. It is, for one, the world’s telecommunications network.
Because of its importance to the world, a number of artists have been drawn to the
concept of a matrix and have incorporated it into their creative works.Thus, The Matrix is the
name given to a book, a movie, and a computer game—all describing a virtual world of information
similar in some ways to the Internet but completely different in other ways.
“The Matrix,” upon which fiction novels, movies, and games have been based, is a computergenerated
three-dimensional world in which users can do anything because the world comprises
ICons, or IC (pronounced “ice”). IC, known more formally as Intrusion Countermeasure electronics,
are programs stopping illegal access by intruders to computers and highly sensitive
information. For example, IC might look like a bull with guns or a moose with guns, depending
on what type of IC it is and what its function is. IC comes in many forms, including Black
IC (the lethal form) and Probe IC (which searches for intruders and then fires back with some
nasty stuff intended to stop the intruder in his or her tracks). Moreover, in “The Matrix,” a node
(actually part of a host, such as a sub-system, and usually represented by a virtual landscape) might
be seen as a hole or a gas pump. If that node is destroyed, the hole might suddenly disappear, or
the gas pump might quickly explode. In this virtual world, a user will look like whatever he or
she asked the Cyberdeck to identify him or her as.What is more, users in a nonsubmersive system
cannot be hurt because the user is represented by an Icon and is not physically there.The
ICon represents a computer system, and any attacks directed at the user’s ICon can damage his
or her system.
Since 2001, the term matrix has gained a whole new meaning.The Florida police department
operated an anti-terrorism information system called the Multistate Anti-Terrorism
Information Exchange, or Matrix, to locate patterns among people and events by pooling police
records with commercial data on U.S. adults. The Justice Department provided $4 million to
broaden the Matrix program on a national basis, and the Department of Homeland Security
pledged $8 million to assist with the Matrix program expansion—so that Virginia, Maryland,
Pennsylvania, and New York could join the Matrix network.
See Also: Department of Homeland Security (DHS); Internet; Network;Telcom;Terrorism;
Terrorist-Hacker Links; The Matrix of 1999.
Further Reading: Clutton, R. The Matrix. [Online, November 26, 1999.] R. Clutton
Website. http://tip.net.au/~rclutton/matrix.html; Wilson, C. CRS Report for Congress:
Computer Attack and Cyberterrorism:Vulnerabilities and Policy Issues for Congress. [Online,
October 17, 2003.] CRS Report Website. http://www.fas.org/irp/crs/RL32114.pdf.
Mauchly, John (person; 1907–1980):The co-inventor with Presper Eckert of the first electronic
computer, the ENIAC (Electrical Numerical Integrator and Calculator). In 1935, he was a
physics professor at Ursinus College in Pennsylvania. From 1968 until his death, Mauchly was
president of Dynatrend Inc., a company he created. He was also president of Marketrend Inc.
from 1970 until his death. He received many awards for his pioneering work in computing,
including the Emanual R. Pione Award, the Harry M. Goode Memorial Award, the Philadelphia
Award, the Potts Medal, and the Scott Medal. Mauchly was elected a member for life of the
Franklin Institute, the National Academy of Engineering, and the Society for the Advancement
Mask 206
of Management. In his later years, Mauchly received advanced honorary degrees from the
University of Pennsylvania and Ursinus College.
See Also: Antonelli, Kay McNulty Mauchly; Computer.
Further Reading: O’Connor, J. and Robertson, E. John William Mauchly. [Online, October,
2003.] University of St. Andrew’s Scotland Website. Department of Computer Science Website.
http://www.gap.dcs.st-and.ac.uk/~history/Mathematicians/Mauchly.html.
Maximum Transmit Unit (MTU) or Maximum Transmission Unit (general term): A
packet-size property of physical network interfaces. For example, for Ethernet the MTU is 1500
bytes.The MTU can also be specified for higher-level protocols such as TCP/IP and set to higher
values. Furthermore, a network’s MTU has major performance implications. For example, in
Microsoft Windows, the maximum packet size for the TCP protocol is specified in the Registry.
If this value is set to too small a number, data will be fragmented into a relatively high number of
smaller packets—with an overall negative impact on performance. On the other hand, if the maximum
TCP packet size is set too high, it will exceed the physical layer’s MTU and, again, reduce
performance.The reason for reduced performance under these circumstances is that each message
on the TCP layer is split into at least two smaller ones—a process called fragmentation.
For owners of home PCs, setting an optimal TCP packet size can be a bit tricky.For LAN, leaving
the MTU setting at 1500 bytes works well with Ethernet and is considered to be a wise bet.
For communications over a dial-up connection to the Internet, the suggested MTU setting is 576
bytes. Finally, high-speed connections (including cable service, DSL, and home LANs) typically
perform better at higher values.
See Also: Ethernet; Internet; Local Area Network (LAN); Network; Packet; Registry;
TCP/IP or Transmission Control Protocol/Internet Protocol.
Further Reading: About, Inc. MTU. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-mtu.htm.
McAfee, Inc. (general term):With headquarters in California, McAfee Inc. (MFE on the New
York stock exchange) develops computer security solutions to stop network intrusions and to
protect computer systems from evolving malware (such as worms, viruses, and blended
attacks). McAfee, Inc. offers two families of products: McAfee System Protection Solutions for
securing desktops and servers, and McAfee Network Protection Solutions for protecting corporate
networks. McAfee has a wide-ranging client base, including governments, small and large
businesses, and home computer users.
See Also: Anti-Virus Software; Blended Threats; Computer; Malware;Virus;Worm.
Further Reading: McAfee, Inc. About Us. [Online, June 6, 2006.] McAfee, Inc.Website.
http://www.mcafee.com/us/about/index.html.
McAfee, John (person, 1946– ): A controversial personality and former Silicon Valley entrepreneur,
John McAfee,well-known as the developer of the McAfee anti-virus software company,
returned to the San Francisco Bay Area on April 24, 2004, for a rare appearance. McAfee was
there to headline a dynamic weekend experience—not for a computer security conference but
for one named “Journey into The Self with Two Masters—John McAfee and Yogi Amrit Desai.”
207 McAfee, John
At this event, McAfee was joined by Yogi Amrit Desai, the founder of Kripalu Yoga and the
Kripalu Center for Yoga and Health.Yogi Amrit Desai is considered to be one of the earliest pioneers
of yoga in the United States.
McAfee left Silicon Valley in the early 1990s. He currently resides in the Rocky Mountains of
Colorado, far from the fast-paced, high-tech, boom-and-bust scene of which he is considered to
be one of the pioneers. In recent years, John founded Relational Yoga and the Relational Yoga
Mandiram in Woodland Park, Colorado. He has been teaching self-discovery and breath-work
techniques for more than fifteen years. McAfee has written life-change books such as The Secrets
of the Yamas and Into the Heart of Truths.
McAfee’s high-tech career self-destructed in March 1992 when the Michelangelo virus failed to
destroy the cyber world as he had predicted. Consequently, McAfee Associates Inc. first demoted
the then Chief Executive Officer to Chief Technology Officer.The company then eliminated his
company presence entirely. Rumors place McAfee’s “golden parachute” buyout from McAfee
Associates Inc. at or near $100 million.
See Also: Anti-Virus Software.
Further Reading: PR Web. John McAfee: From High Tech to Ancient Tech-nique. [Online,
March 25, 2004.] PR Web Website. http://www.prweb.com/releases/2004/3/prweb113660.php;
Rosenberger, R. The Return of John McAfee. [Online, October 9, 2000.] Rhode Island Soft
Systems, Inc.Website. http://vmyths.com/rant.cfm?id=160&page=4.
Means of Infection (general term): The technique a virus uses to achieve its execution.
Malicious code typically tries to achieve two things: first, to propagate by infecting other systems,
programs, or data; and second, to perform some malicious activity such as deleting or altering
data, or to gather some intelligence on the attacked system. Some of the more common Means
of Infection are the following:
• Opening an infected e-mail attachment
• Exploiting a security vulnerability of the operating system or an application
• Executing programs from untrusted sources, such as those on the Internet
• Sharing infected floppy disks, memory sticks, or other forms of mobile media
• Receiving infected attachments (either programs or data) through IRC, Instant Messaging,
or file-sharing applications
• Visiting Websites containing malicious code
• Accessing systems locally with the intent to install a virus
See Also: Means of Transmission;Virus;Worm.
Means of Transmission (general term): One goal of malicious code is to propagate, meaning
that it needs to find and spread to other potential hosts (systems or programs) that it can infect.
Some of the more common Means of Transmission for malicious code are by the following:
McAfee, John 208
• Email as an attachment, using either harvested email accounts or collecting e-mail accounts
from address books of infected systems.The actual sending of the e-mail can be achieved
either by using existing mail server infrastructures or embedding the mail server in the payload
of the malicious code.
• Sharing programs infected with a Trojan horse.
• Accessing Websites embedding malware.
• Remaining in the computer memory and causing itself to be embedded in every program
that is executed.
• Infecting the boot sector of a computer’s hard disk so that the virus code is launched every
time the computer is started.
• Actively searching for data or programs on a computer’s storage device that the virus code
can embed itself in.
• Accessing shared resources such as shared file systems on file servers.
• Actively using network connections to propagate (computer worms).
See Also: Means of Infection;Virus;Worm.
Media Access Control Address (MAC Address) (general term):An identifier stored inside a
network card or similar network interface that is used to give unique addresses in the OSI model
layer 2 networks and in the physical layer of the Internet Protocol suite.The MAC Addresses,
assigned by the IEEE, are global in nature and used in a number of network technologies, including
but not limited to Ethernet,Token ring, Bluetooth, and 802.11 wireless networks.
Because the developers of Ethernet had the vision to use a 48-bit address space, there are a
potential 248 (or 281 trillion) MAC addresses. Ethernet MAC addresses are typically given as a
string of 12 hexadecimal digits. The first six digits identify the manufacturer of the card (comprising
the Organizational Unique Identifier, or OUI), and the last six digits are assigned by the
manufacturer (comprising the Burned-In Address, or BIA). The IEEE assigns the 24-bit OUI
prefixes to organizations by allocating blocks of 224 (that is, about 16 million) MAC addresses at
one time. In short, MAC addresses can be used for the authentication of computers.
MAC addresses of modern network cards can be changed to arbitrary values. Thus, mechanisms
based solely on MAC authentication are susceptible to spoofing attacks.
See Also: Authentication; Bit and Bit Challenges; Computers; Ethernet; Internet.
Further Reading: Farlex, Inc. MAC Address. [Online, May 13, 2005.] Farlex, Inc.Website.
http://encyclopedia.thefreedictionary.com/MAC%20address.
Megabyte (MB) (general term): Equal to 1024 KB or 1020 bytes.
See Also: Bit and Bit Challenge; Byte; Kilobyte.
Meinel, Carolyn (person; 1946– ): A computer security professional and engineer who has
written many articles on hacking, worms, and viruses for Scientific American and is the author of
several books, including The Happy Hacker: A Guide to Mostly Harmless Computer Hacking (2001)
209 Meinel, Carolyn
and Uberhacker! How to Break Into Computers (2000). She started the online Happy Hacker
Newsletter and has been a strong advocate of bringing women into computer security. Carolyn
wrote the piece in Appendix A of this book entitled “How do hackers break into computers?”
Her Website can be found at http://verbosity.wiw.org/issue6/meinel.html.
See Also: Computer; Security; Uberhackers.
Melissa worm (general term): In 1999, it took down much of the Internet for days, and at that
time, the world had never seen a computer virus move so fast. Melissa, a Microsoft Word–based
worm, replicated itself through email and came out of nowhere to take over computer systems
in businesses, governments, and the military.The FBI commenced the biggest Internet personhunt
ever to find Melissa’s developer. Eventually, the person suspected of creating the malware
was a New Jersey resident by the name of David L. Smith. In 2002, Smith was sentenced to 20
months of jail time, a fine of $5,000, and 100 hours of community service upon his release.
Many computer security technologies—including anti-virus software, firewalls, and mobile
code—are based on the concept of querying the user with the question,“There is a security issue
here; are you sure you want to continue?” Security professionals have long warned that this kind
of dependency is unreliable because users have to be “lucky” in answering the questions right all
the time—whereas a cracker needs to “get lucky” only a few times.
In the case of the Melissa virus, every user who spread the virus was first prompted with the
query, “This document contains macros; do you want to run them?” Inevitably, the users
answered incorrectly, that is, they answered “yes.”
See Also: Electronic Mail or Email; Federal Bureau of Investigation (FBI); Internet; Malware;
Virus;Worm.
Further Reading: Melissavirus.com. Melissa Virus. [Online, August 14, 2004.]
Melissavirus.com Website. http://www.melissavirus.com; Graham, R. Hacking Lexicon. [Online,
2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/
hacking-dict.html.
Message (general term): Recorded information or a stream of data in plain or encrypted language
put in a format specified for transmission in a telecommunication system. In the computer
field, certain object-oriented programming languages such as Smalltalk and Objective-C use
messages—actually instructions to an object—to perform particular tasks. In this context, a message
is similar to a member function. In the Objective-C runtime environment, messages can still
be forwarded even if an object does not recognize (that is, respond to) a particular message.
See Also: Programming Languages C, C++, Perl, and Java.
Further Reading: GNU Free Documentation License. Message. [Online, April 30, 2005.]
GNU Free Documentation License Website. http://en.wikipedia.org/wiki/Message.
Message Authentication Code (MAC) (general term): An ANSI standard in cryptography
for a short piece of information used to authenticate a message based on DES. A message
authentication code involves an algorithm (often a one-way hash function or a block cipher)
that accepts a secret key and a message as input; it then produces a MAC (sometimes known as
a tag). This process provides both an integrity check (by ensuring that a different MAC will
result if the message has been altered) and an authenticity check (because only the person
knowing the secret key could have produced a MAC).
Meinel, Carolyn 210
See Also: American National Standards Institute (ANSI); Authenticity; Data Encryption
Standard (DES); Hash, One-Way; Integrity.
Further Reading: GNU Free Documentation License. Message Authentication Code (MAC).
[Online, April 21, 2005.] GNU Free Documentation License Website. http://en.wikipedia.org/
wiki/Message_authentication_code.
Message Digest MD5 (general term): A checksum confirming that the information has
remained unchanged by computing a hash algorithm with the information after it is received.A
hash function is a one-way operation changing any length of information string into a shorter
one with a fixed length so that no two strings of information result in the same hash value.The
resulting hash value is then compared to the hash value sent with the information. If the two values
match, this result suggests that the information has not been changed; therefore, its integrity
may be trusted.
In August 2004, researchers reported that they found weaknesses in the prevalently utilized
encryption tools thought to be secure, including Message Digest MD5. This is a big worry
because MD5 is frequently used with digital signatures and to secure the open source Apache
Web server products. It has also been adopted for use in programs such as PGP or SSL and in
the only digital signature algorithm accepted by the U.S. government’s Digital Signature
Standard.The flaws, warned the researchers, could allow powerful computers to read or potentially
alter encrypted documents thought to be secure.
See Also: Digital Signature; Hash, One-Way; Integrity; Pretty Good Privacy (PGP); Secure
Sockets Layer (SSL).
Further Reading: In Brief. Popular Crypto Flawed. The Globe and Mail, August 12, 2004, p.
B7; Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response
Website. http://securityresponse.symantec.com/avcenter/refa.html.
Metcalfe’s Law (general term): Dr. Bob Metcalfe, inventor of Ethernet, once said that the network’s
power grows exponentially by the number of computers linked to it. According to him,
every computer added to the network not only utilizes the network as a resource but also adds
more choice and value.This is Metcalfe’s Law.
By the same token, it has been argued by security experts that the power of crack attacks
grows exponentially as more crackers from developed, developing, and third-world countries get
on the Internet, the information highway.
See Also: Ethernet; Network.
MI5 (general term): The United Kingdom’s security intelligence agency, which is based in
Thames House, London. Its Director General is Eliza Manningham-Buller.
The MI5 is responsible for protecting the country against threats to national security including
terrorism, espionage, and the proliferation of weapons of mass destruction (such as
biological warfare).This security service supports law enforcement agencies in fighting crime and
provides security advice to a range of institutions and organizations so that they are better able
to reduce their vulnerability to threats.
See Also: Terrorism.
Further Reading: Crown Copyright. MI5. [Online, 2004.] MI5 Website. http://www.mi5
.gov.uk/output/Page18.html.
211 MI5
Michelangelo virus (general term): In 1992, a virus scare centered on the Michaelangelo virus.
Up to five million computers were estimated to be targets for infection by the virus, according
to John McAfee, producer of McAfee’s virus-scan software. Millions of dollars were spent by
companies, institutions, and government agencies to prepare for this possible cyber Apocalypse—
which turned out to be no more than a minor virus scare.The virus received its name from the
day on which it was expected to strike—Michelangelo’s birthday. Because of McAfee’s obvious
error in predicting a potential cyber Apocalypse, his IT career ended. However, McAfee left with
a nice “golden parachute” from the anti-virus software company he founded.
See Also: Anti-Virus Software; Cyber Apocalypse; Malware; McAfee, John Company;Virus.
Further Reading: Colgate University Computer Science.The Virus Scare. [Online, 2004.]
Colgate University Computer Science Website. http://cs.colgate.edu/faculty/nevison.pub/
web150/virus/Helenfolder/virusscarelink.htm.
Microsoft Exchange Server (general term) Microsoft’s implementation of an Internet mail
server. It serves as a central communication platform for organizations with its calendar, meeting
scheduling, and form-handling functionality. It works best with the specialized client
program Outlook.
See Also: Electronic Mail or Email; Internet; Mail Subsystem; Server.
Middleware (general term): An application connecting two separate applications.
Middleware systems provide functionality such as distribution of components, deployment,
and transaction services that developers can integrate into their own applications without having
to worry about implementation details.
In 2006, Microsoft’s .NET architecture and various implementations of Sun Microsystems’
J2EE Standard were popular forms of middleware.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
MIME or Multipurpose Internet Mail Exchange (general term): A protocol that permits
users to send and receive files using email via the Internet. Since its inception, MIME has been
adopted in other domains as well.Web servers use MIME extensively to establish the type of data
to be served out to clients.This establishment is typically done via server-side MIME settings and
the “Content Type” field in the HTTP header, informing the Web client (browser) about the type
of data to be sent.The information about the content type allows the client to launch an appropriate
application to display the content.
See Also: Electronic Mail or Email; Internet.
Misconfiguration Problems (general term): A major cause of field problems with network
appliances, meaning that the system configuration is not perfect.This is an odd event because, in
principle, an appliance is supposed to be a simple computer system specially designed to perform
a single task, and an appliance system is supposed to be relatively easy to configure and use.
However, making appliances work well in a network in a variety of application environments
often has considerable configuration complexity. One reason for the complexity is that an appliance
in use is only part of a complex, distributed system. For example, the performance of a file
server is contingent on the performance of a distributed system.A distributed system is made up
Michelangelo virus 212
of a client system (usually an all-purpose computer system) connected to the file server through
a potentially complicated network fabric (including cables, routers, switches, patch panels, and
so on).These components commonly come from various vendors, meaning that they all need to
be configured and function well together if the file server is to function at its best. Unfortunately,
this positive outcome does not occur for a number of technical reasons, as outlined in the 2000
technical piece by G. Banga.
See Also: Computer; Network; Routers; Switch.
Further Reading: Banga, G. Misconfiguration. [Online, April 24, 2000.] Gaurav Banga
Website. http://www.usenix.org/publications/library/proceedings/usenix2000/general/full_
papers/banga/banga_html/node4.html.
MIT Tech Model Railroad Club (general term): In the 1960s, the MIT all-male computer
geeks had an incurable curiosity about how things worked in the real world and in the cyber
world. Back then, computers were huge mainframes stored in temperature-controlled, glassed-in
lairs. These slow machines were expensive hunks of metal (called PDP) that allowed computer
programmers only very limited access. Nevertheless, the Signals and Power committee of MIT’s
Tech Model Railroad Club chose the PDP-6 and PDP-10s as their favorite “tech toy.” Because
of the computer’s slow pace, the smarter programmers created what back then were called
“hacks,” or creative programming tricks, to complete their jobs faster. Sometimes their shortcuts
were more beautiful than the original programs.
See Also: Good Hack.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Mitnick, Kevin (a.k.a. Condor) (person; 1963– ): Born in 1963, he is one of the most famous
American crackers to serve time in prison. He is now a security consultant and author of security
books, including the popular The Art of Deception: Controlling the Human Element of Security.
In 2003, at the DefCon hacker convention in Las Vegas, Mitnick networked with the young
hacker community and wound up winning the Hacker Jeopardy contest. In July, 2004, Mitnick
signed books at the HOPE 5 hacker convention in New York City and at the Black Hat
Briefings and Training in Las Vegas. Mitnick is a cult figure in the Computer Underground.
Whenever he is scheduled to speak on various computer security issues at hacker conventions,
he usually draws a large crowd and much publicity.
Once on the FBI’s most-wanted criminal list and a past cyber colleague of cracker Susan
Thunder, Mitnick was imprisoned in February 1995 on charges of wire fraud and possessing
computer files stolen from Nokia, Motorola, and Sun Microsystems. His capture was detailed in
the book and movie Takedown (described in more detail in the Schell, Dodge with Moutsatsos
book The Hacking of America).
See Also: Black Hat Briefings; Cracker; Federal Bureau of Investigation (FBI); HOPE
(Hackers On Planet Earth); Security; Shimomura,Tsutomu;Thunder, Susan and Kevin Mitnick
Case.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
213 Mitnick, Kevin
Mobile Code (general term): Software that is transmitted from a host to a client (that is, another
computer) so that it can be executed, or run. A virus and a worm are two common types of
malicious mobile code. Applets that are embedded in Web sites to perform some computation
on behalf of the user (such as a stock tracker) are examples of nonmalicious mobile code.
See Also: Code or Source Code; Host; Malware;Virus;Worm.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Modem (general term):Acronym for Modulator Demodulator, which changes information from
analog form (such as that used on telephone lines) to digital form (such as that used on computers)
for computer-to-computer communications. Though modems can transmit information at
maximum rates of 56,000 bits per second (bps) or 56 kbps, limitations in the telephone system realistically
produce modem speeds at 33.6 kbps or lower in practice.Today, modems for cable and DSL
service are called digital modems, whereas those used for dial-up service are called analog modems.
This terminology is somewhat misleading because all modems actually involve analog signaling.
“Digital” relates to enhanced digital processing in the service provider’s systems and not within the
modem per se. Cable modems and DSL modems utilize broadband signaling methods to obtain
dramatically higher network speeds than traditional modems were able to obtain.
See Also: Cable Modem; DSL; Modem.
Further Reading: About, Inc. Modem. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-modem.htm.
MOO (general term): Acronym for MUD, Object-oriented.
See Also: LambdaMoo; MUD.
Moore’s Law (general term): In the late 1960s, Gordon Moore, one of the founders of Intel,
said that computer power doubles roughly every 12 to 18 months.This statement—now known
as Moore’s Law—has been amazingly accurate for more than four decades.
See Also: Computer.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Morris Worm (general term): Unleashed on November 3, 1988, it—named after its developer,
Robert Morris—crashed the Internet by exploiting bugs in several UNIX programs, including
sendmail and finger.
See Also: Exploit; Sendmail; UNIX;Virus;Worm.
Mosquito Virus (general term): Made the rounds in August 2004, forcing some cell phones
based on the Symbian operating system software to produce very expensive text messages for
its owners.The virus resided in an illegal copy of the cell-phone game “Mosquito” and was available
for free on the Internet and on peer-to-peer (P2P) networks.
See Also: Internet; Network; Operating System Software; Peer-to-Peer (P2P).
Further Reading: In Brief. Mosquito Virus Bites Phones. The Globe and Mail, August 12,
2004, p. B7.
Mobile Code 214
Moss, Jeff (a.k.a.The Dark Tangent) (person; 1970– ):A computer security professional who
is the founder and CEO of Black Hat (Security) Briefings and Training in Las Vegas, Asia, and
Europe. Moss is also a computer security book author and the organizer of DefCon. Besides
being a hacker, he is an entrepreneur with a vision for marketing computer security issues of
concern to companies, government agencies, and medical and educational institutions. He habitually
opens the Black Hat Briefings and Training in Las Vegas at the end of July in each year.
An interview with Jeff regarding Black Hat Europe 2004 can be found at this Website: http://
www.itvc.net/blackhat04/moss.asp.
See Also: Black Hat Briefings; DefCon; Hacker.
Further Reading: Black Hat, Inc. Black Hat Briefings Upcoming Conventions. [Online,
June 6, 2006.] Black Hat, Inc.Website. http://www.blackhat.com/html/bh-link/briefings.html.
MUD (general term):A multi-user dungeon scenario used in computer gaming.
See Also: LambdaMOO.
Multicast (general term):To send an online message simultaneously to a list of recipients on the
network.
See Also: IP Address; Ethernet; Network.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Multi-Homed Hosts (general term): Refers to systems with more than one network interface
that do not function as routers because they do not forward packets. Multi-Homed Hosts are
sought-after targets for crackers, because they connect to a number of different segments of a
local network and, therefore, can serve as an excellent plotform for further attacks.
See Also: Host; Packet; Routers.
Further Reading:Wasserman, M. Multi-homed host. [Online,August 15, 2004.] Hypermail
Development Center Website. http://dict.regex.info/ipv6/multi6/2002-10.mail/0000.html.
Multipartite Virus (general term): Uses more than one Means of Transmission or more than
one Means of Infection. An example is the infection of an executable program and the boot
sector, such that a mutual re-infection can take place after one of the two infections is detected
and removed, thus keeping the virus alive.
See Also: Means of Infection; Means of Transmission;Virus.
Mutex (Mutual Exclusion Object) (general term): A programming concept that serializes
access to a shared resource, such as a file or data in memory. Frequently, this serialization is necessary
to protect the resource from being changed in an inconsistent manner. Poorly designed
Mutual Exclusion Objects are targets of crackers looking for a possible path for an attack.
Mydoom and Doomjuice Worms (general term): Around January 27, 2004, the MyDoom
worm wreaked havoc on computer systems by leaving a back door—thereby permitting a
cracker to gain access to computers infected by the worm at some later time. Several forms of
the worm roamed the Internet in July 2004. Malicious programs related to Mydoom had been
released under the names Doomjuice and Zindos. At the height of the release of these worms,
215 Mydoom and Doomjuice Worms
Microsoft issued alerts urging users to take action to remove these worms and to keep their computers
safe from other malicious intrusions by installing security features such as anti-virus
software and firewalls.
See Also: Back or Trap Door; Intrusion;Worm.
Further Reading: Microsoft Corporation.What You Should Know About the Mydoom and
Doomjuice Worms. [Online, July 30, 2004.] Microsoft Corporation Website. http://www
.microsoft.com/security/incident/mydoom.mspx.
Mydoom and Doomjuice Worms 216
Name Server (general term): A network server that provides the Domain Name Service
(DNS).
See Also: Domain Name System.
Napster (general term): Once boasting millions of registered users, Napster Inc. was one of the
hottest network software applications in history because it allowed its members to exchange
music files over the Internet for free. Napster Inc. implemented a quite simple IP-based protocol
for communicating information as well as control operations, and it used a custom-name
space that was in some ways similar to but in other ways sufficiently different from DNS.
Shawn Fanning and Sean Parker developed Napster Inc. in their Northeastern University dormitory
room, and they must have been pleased to see that their vision became a huge success in
the late 1990s. However, Napster’s success was rather short lived.
Because the network traffic generated by Napster downloads flooded some university networks,
a few institutions prevented it from entering their networks by blocking ports. Challenges
brought about by DMCA—costing millions of dollars to the music industry—eventually put the
original Napster Inc. out of business. The original Napster Inc. helped, however, to popularize
peer-to-peer (P2P) network computing.
Because of its popularity, Napster was reestablished in 2004 as a commercial music-download
service through which users pay for downloaded songs.This made the service compatible with
the particulars of the DMCA.Working with some of the original Napster Inc.’s employees and
investors, Shawn Fanning, now in his mid-twenties, formed Snocap, Inc.The new company has
a registry that allows recording companies to set the pricing terms under which their music can
be sold to online consumers.
See Also: Digital Millennium Copyright Act (DMCA); Domain Name System (DNS);
Flooding; Internet Protocol (IP); Online File Sharing; Peer-to-Peer (P2P); Record Industry
Association of America (RIAA) Legal Cases.
Further Reading: About, Inc. Napster. [Online, 2004.] About, Inc.Website. http://compnetworking.
about.com/cs/napsterp2p/g/bldef_napster.htm; Wingfield, N. Napster’s Fanning
Back in Business. The Globe and Mail, December 3, 2004, p. B10.
National Center for Supercomputing Applications (NCSA) (general term): Created by
the National Science Foundation (NSF) in 1986 as one of five centers for supercomputing
research in the United States. The NCSA is based at the University of Illinois in Urbana-
Champaign. Researchers at NCSA created Mosaic, one of the very first Web browsers, and
HTTP server programs.
See Also: Browser.
National Cybersecurity Defense Team Authorization Act (legal term): Allowed the U.S.
President’s Advisor for Cyberspace Security to set up a National Cyber Security Defense Team
to identify Internet infrastructures vulnerable to terrorist attacks and to recommend ways of
eliminating such vulnerabilities. On March 5, 2002, the Act was referred to the Committee on
the Judiciary. On May 23, 2002, the bill was placed on the Senate Legislative Calendar under
General Orders, but was not passed in this form.
See Also: Cyberspace; Internet;Vulnerabilities of Computers.
Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet.
[Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/
legislation/107th/wiretaps/.
National Cyber Security Division (NCSD) (general term): In 2003, the U.S. Department
of Homeland Security (DHS) started the National Cyber Security Division, or NCSD, under
the jurisdiction of the Department’s Information Analysis and Infrastructure Protection
Directorate. Its purpose was to oversee a Cyber Security Tracking, Analysis and Response
Center (CSTARC).
CSTARC’s role was to conduct analysis of cyberspace threats and vulnerabilities, improve
information sharing, issue alerts and warnings for cyber threats, respond to major cyber security
incidents, and aid in national-level recovery efforts.
See Also: Analysis and Response Center; (CSTARC); Cyber Security Tracking; Department
of Homeland Security (DHS).
Further Reading: Wilson, C. CRS Report for Congress: Computer Attack and
Cyberterrorism:Vulnerabilities and Policy Issues for Congress. [Online, October 17, 2003.] CRS
Report Website. http://www.fas.org/irp/crs/RL32114.pdf.
National Director for Cyber Security (general term): In September 2003, the Department
of Homeland Security (DHS) announced that Amit Yoran would be the National Director
of its Cyber Security Division.Yoran was responsible for implementing recommendations to
improve national cybersecurity in the United States. He stepped down from his position on
September 30, 2004. Andy Purdy, who served as Deputy Cyber-security Director under Amit
Yoran, acted as interim director.Yoran went on to become President of Yoran Associates, a technology
strategy and risk-assessment company in Virginia. On April 20, 2005,Yoran appeared
before the Homeland Security Subcommittee on Economic Security, Critical Infrastructure
Protection, and Cybersecurity. He spoke to the House of Representatives about HR 285:The
Department of Homeland Security Cybersecurity Enhancement Act of 2005.
See Also: Critical Infrastructures; Critical Networks; Department of Homeland Security
(DHS).
Further Reading: Committee on Homeland Security. Statement by Amit Yoran: HR 285:
The Department of Homeland Security Cybersecurity Enhancement Act of 2005. [Online, May
15, 2005.] Committee on Homeland Security Website. http://hsc.house.gov/files/Testimony_
Yoran_2005-04-20.pdf; MacMillan, R. Purdy Tapped as Cyber-Security Director. [Online,
October 7, 2004.] Washington Post Website. http://www.washingtonpost.com/wp-dyn/articles/
A12240-2004Oct6.html.
National High-Tech Crime Unit (NHTCU) (general term): Located in the United
Kingdom. This organization conducted a survey among businesses in 2003 to determine how
much money they lost from computer security breaches over the previous twelve months.The
NHTCU found that security breaches cost U.K. businesses an estimated £143m during that
National Cybersecurity Defense Team Authorization Act 218
period.The 105 businesses surveyed said there were 3,000 incidents among them.The breaches
included information theft, virus attacks, and the physical loss of hardware (such as laptops).
Similar surveys have been jointly conducted in the United States by the CSI and FBI. As is
the case with these annual U.S. surveys, a number of companies chose not to participate in the
U.K. survey.
Moreover, as in the United States, in many cases of computer intrusions U.K. organizations
believe that they have more to lose in terms of damage to their brand and customer confidence
if they report the breaches to the police than if they keep quiet and have their security experts
try to deal with the intrusions.This belief is the nature of the problem facing the police and businesses
trying to curb system intrusions by getting a better handle on the number of intrusions
and particulars on these intrusions.
For this reason, information security exploit reporting was one of the topics for discussion at
the 2004 e-crime congress, organized by the NHTCU.Without accurate figures and with very
few financial institutions willing to discuss the subject, affirmed the NHTCU, it is possible to
present only a rough estimate of the level of electronic crime existing in the U.K. and elsewhere.
See Also: Computer; CSI/FBI Survey.
Further Reading: Moores, S. Security: No Place to Hide. [Online, September 16, 2003.]
ComputerWeekley.com Website. http://www.computerweekly.com/Article124889.htm.
National Homeland Security and Combating Terrorism Act of 2002 (legal term): In
2002, U.S. Senator Joseph Lieberman, D-CT, brought in the National Homeland Security and
Combating Terrorism Act of 2002 to set up the Department of National Homeland Security and
the National Office for Combating Terrorism. The Act was sent to the Committee on
Governmental Affairs on May 2, 2002, and on June 24, 2002, it was placed on the Senate
Legislative Calendar. It was never passed in this form. For additional information on creation of
the Department of Homeland Security (DHS), see H.R. 5005, which became Public Law
107-296 on November 22, 2002.
See Also: Department of Homeland Security (DHS);Terrorism.
Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet.
[Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/
legislation/107th/wiretaps/.
National Imagery and Mapping Agency (NIMA) or National Geospatial-Intelligence
Agency (NGA) (general term): Headquartered in Bethesda, Maryland, the agency was established
under the name NIMA on October 1, 1996, and was renamed to NGA in 2004.
Because it has clients beyond the boundaries of the U.S. Department of Defense, this agency
was originally designated as a part of the broader U.S. Intelligence Community.The formation
of this agency centralized imagery and mapping responsibilities, a step toward achieving the
Department of Defense’s so-called mission of “dominant battle space awareness.”This agency was
developed to capitalize on enhanced collection systems, digital processing technology, and the
future growth in commercial imagery. Its goal was to provide up-to-date, accurate, and important
intelligence of a geospatial nature to support the national security of the United States.The
objectives of NGA remain as originally created.
See Also: Intelligence; U.S. Intelligence Community.
219 National Imagery and Mapping Agency or National Geospatial-Intelligence Agency
Further Reading: GNU_FDL. National Geospatial Intelligence Agency. [Online, 2004.]
GNU Free Documentation License Website. http://www.wordiq.com/definition/NIMA.
National Information Infrastructure Protection Act of 1996 (legal term): In October of
1996, the U.S. National Information Infrastructure Protection Act of 1996 was passed as part of
Public Law 104-294. It made changes to the Computer Fraud and Abuse Act, codified at
18 U.S.C. § 1030.The changes were meant to add strength to that Act by closing legal voids to
more ably protect the confidentiality, integrity, and security of computer information and
networks.
See Also: Computer; Computer Fraud and Abuse Act of 1986; Integrity; Network.
Further Reading: U.S. Department of Justice.The National Information Infrastructure Act.
[Online, May 15, 2000.] U.S. Department of Justice Website. http://www.usdoj.gov/criminal/
cybercrime/s982.htm#I.
National Infrastructure Protection Center (NIPC) (general term):A U.S. agency that investigates
threats to critical infrastructures and provides warnings regarding likely attacks to
banks, emergency services, utilities, government operations, telecommunications, and water systems.
See Also: Attack; Blended Threats; Critical Infrastructures; Critical Networks Telecom.
National Institute of Standards and Technology (NIST) (general term): Started in 1901,
NIST is a federal agency embedded in the U.S. Commerce Department’s Technology
Administration, whose goals are to develop and advance measurement, standards, and technology
to improve productivity in the United States, stimulate trade, and elevate the quality of life for
citizens.
In January 2005, NIST’s Information Technology Laboratory released its Special Publication
800-65, delineating the important risk variables that should be taken into consideration by an
agency’s capital and investment planning process so that policies are consistent with the Federal
Information Security Management Act (FISMA) and with current NIST standards.
NIST fulfills its purpose by maintaining four cooperative programs.These include the NIST
Laboratories, which conduct research to promote the technology infrastructure and improve services
and products; the Baldrige National Quality Program, which campaigns for performance
excellence among educational institutions, health care providers,manufacturers, and service companies
through outreach programs and by managing the Malcolm Baldrige National Quality
Award Program; the Manufacturing Extension Partnership, which offers assistance in technical
and business matters relating to smaller companies, in particular; and the Advanced Technology
Program, which promotes the development of innovative technologies by co-funding Research
and Development (R & D) partnerships with private companies.
NIST plays a key role in encryption by being the primary organization responsible for AES
(Advanced Encryption Standard)—therefore driving the encryption standard that most large entities
strive to implement.
See Also: Risk.
Further Reading: Hash, J.S. Integrating IT Security Into the Capital Planning and Investment
Control Process. [Online, January 30, 2005.] NIST Website. http://csrc.nist.gov/publications/
nistpubs/index.html; National Institute of Standards and Technology. NIST. [Online, August 2,
National Imagery and Mapping Agency or National Geospatial-Intelligence Agency 220
2004.] National Institute of Standards and Technology Website. http://www.nist.gov/
public_affairs/general2.htm.
National Reconnaissance Office (NRO) (general term): Set up by the U.S. Defense
Department in 1992.The NRO Director is typically appointed by the Secretary of Defense and
is responsible for consolidating into one program all Department of Defense air vehicle and satellite
overflight projects for intelligence.This mission is defined as the National Reconnaissance
Program.
The NRO works with the Defense Space Operations Committee (DSOC) on budgets, policy,
programs, and requirements.The NRO also performs operations approved by the Defense
Space Operations Committee and establishes interfaces between the Defense Intelligence
Agency, the Joint Chiefs of Staff, the National Reconnaissance Office, the National Security
Agency, and the U.S. Intelligence Board. Moreover, when needed, the NRO utilizes qualified
personnel from the Department of Defense as full-time personnel in the NRO.
See Also: Defense Intelligence Agency (DIA); Intelligence; National Security Agency (NSA).
Further Reading: Aftergood, S. NRO Organization. [Online, March 11, 1996.] National
Reconnaissance Office Website. http://www.fas.org/irp/nro/nroorg.htm.
National Security Agency (NSA) (general term):The U.S. organization that coordinates and
directs highly specialized activities to protect information systems and to produce foreign intelligence.
On March 3, 2005, the NSA said that it constructed Linux-version security tools to assist in
making the U.S. computing infrastructure less vulnerable to intruders. Its success, however,
depends on its being adopted by companies and government agencies alike—an outcome that is
not all that predictable. After the NSA took a risk in 2000 on the then-emerging Linux operating
system, the NSA turned more recently to open-source code.These efforts have produced the
NSA’s Security Enhanced Linux technology—which the agency says should raise the country’s
overall level of cybersecurity.
See Also: Intelligence; Linux; Risk.
Further Reading: Farlex, Inc. NSA. [Online, 2004.] Farlex, Inc. Website. http://www
.thefreedictionary.com/NSA; Greenemeier, L. Linux Security Rough Around the Edges, But
Improving. [Online, March 3, 2005.] CMP Media LLC Website. http://www.informationweek
.com/story/showArticle.jhtml?articleID=60405086.
National Strategy to Secure Cyberspace (general term): A report published in 2003 by the U.S.
government to encourage companies in the private sector to improve computer security.The
U.S. government was especially concerned about computer security related to critical infrastructures.
Moreover, federal agencies were to set the example for “walking and talking” the best
cyber-security practices.
In this report, the government also said that it reserved the right to respond in an appropriate
manner if the United States were to be hit with cyberwarfare. It also noted that if a cyberwar
were to occur, the United States could retaliate using cyber attack tools or malicious code
designed to crack and disrupt the adversary’s computer systems.
Another issue raised in the report was whether the National Strategy to Secure Cyberspace can
safely trust that voluntary actions would be taken by private firms, home computer users,
221 National Strategy to Secure Cyberspace
universities, and government agencies to protect their networks.The report also raised the possibility
of bringing in regulations to ensure best security practices. Critics against such regulations
argued that they not only would interfere with innovation but also possibly harm the country’s
economic competitiveness.
See Also: Attack; Blended Threats; Computer; Critical Infrastructures; Cyber Apocalypse;
Cyberspace; Cyber Terrorism; Cyber Warfare; Network;Trust.
Further Reading: Wilson, C. CRS Report for Congress: Computer Attack and
Cyberterrorism:Vulnerabilities and Policy Issues for Congress. [Online, October 17, 2003.] CRS
Report Website. http://www.fas.org/irp/crs/RL32114.pdf.
National-Level Guidance for Launching Computer Network Attacks (general term): In
February 2003, President George W. Bush announced plans to develop national-level guidance
to assess when and how the U.S. would launch computer network attacks against an adversary’s
computer systems, because such attacks could cause considerable retaliation.
A controversial issue for the U.S. Congress has been that any cyber attack response by the U.S.
military could be viewed by other nations as an unprovoked first strike against a targeted terrorist
group. Moreover, the use of cyber weapons by the U.S. could also be argued to exceed the
customary rules of military conflict, known as the International Laws of War. Also, the effects of
offensive cyber weapons could be difficult to limit; for there is, after all, the possibility that malicious
code aimed against terrorist groups could accidentally infect large numbers of systems on
the Internet. Thus, such a move could have the unintended effect of shutting down the critical
infrastructure systems of countries friendly to the United States.
See Also: Attack; Computer; Internet, Network;Terrorist-Hacker Links.
Further Reading: Wilson, C. CRS Report for Congress: Computer Attack and
Cyberterrorism:Vulnerabilities and Policy Issues for Congress. [Online, October 17, 2003.] CRS
Report Website. http://www.fas.org/irp/crs/RL32114.pdf.
NCC or RIPE NCC (general term): The Réseaux IP Européens Network Coordination
Centre, one of five regional Internet registries assigning and administering IP addresses. RIPE
NCC was started in 1989 as a nonprofit organization that gives IP numbers in Europe, the
Middle East, and parts of Africa and Asia.
See Also: Internet; IP Address.
Further Reading: Jupitermedia Corporation. What is RIPE NCC? [Online, February 5,
2003.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/R/RIPE_
NCC.html.
Net Police (general term): Online users who take it upon themselves to flame (that is, to insult
and denigrate) those failing to display online etiquette (netiquette).
NetBIOS (general term): Software developed by IBM that provides the interface between the
PC operating system, the i/o bus, and the network. Since its design, NetBIOS has become a de
facto standard, making it the target of crackers because of its many Windows vulnerabilities.
Netcat (general term): A simple but powerful tool that can connect two hosts on the Internet
so that data can be sent. Because Netcat can use any port, it is frequently used to hide an
National Strategy to Secure Cyberspace 222
attacker’s control connection to a compromised computer behind an apparently legitimate
connection.
See Also: Computer; Internet; Port and Port Numbers.
Netmasks (general term): A bit field used in version 4 of the Internet Protocol to calculate
the network part from a given IP Address by using a binary AND operation.
See Also: Bit and Bit Challenges; Internet Protocol (IP); IP Address.
NetProwler Agent (general term): A component monitoring network traffic to detect, identify,
and respond to crack attacks.
See Also: Attack; Cracking; Network.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Net-Runners (general term): See Crackers.
NetWare Operating System (general term): Among the earliest products to create Personal
Computer networks, which were introduced in the late 1980s. NetWare emphasizes file and
print serving capabilities.Today it is installed on millions of computers worldwide.
See Also: Computer; Local Area Networks (LAN).
Further Reading: About, Inc. Netware. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-netware.htm.
Network (general term): A group of computers and related devices connected by communications
hardware and software to share data and peripherals such as printers and modems.
See Also: Local Area Network (LAN).
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Network Address Translation (NAT) (general term):Allows an Internet Protocol (IP) network
to translate public IP addresses into private ones.NAT, a popular technology for Internet
connection sharing, is at times used in server load-balancing applications on networks in corporations.
One of the most popular configurations is to have NAT map all the private IP addresses
on a small local network to the single IP address assigned through an Internet Service
Provider (ISP), thus allowing local systems to use a single Internet connection. In addition,
NAT improves network security by preventing external computers from accessing the home network
IP space. NAT intercepts both incoming and outgoing IP traffic and adjusts the addresses
according to its translation rules.
NAT changes the source or destination address in the packet header (and adjusts the checksums)
to perform the desired mapping.NAT performs either fixed or dynamic translations of one
or more IP addresses.Typically, NAT’s functionality is implemented on routers and other gateway
systems at the network’s boundary. Microsoft’s Internet Connection Sharing (ICS) adds
NAT support to the Windows operating system.
See Also: Internet Protocol (IP); Internet Service Provider (ISP); IP Address.
Further Reading: About, Inc. NAT. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/cs/tcpipaddressing/g/bldef_nat.htm.
223 Network Address Translation (NAT)
Network Attached Storage Server or NAS (general term): Permits files to be stored and
retrieved on a network. The NAS authenticates users and manages file operations in much the
same way as traditional file servers do through protocols such as NFS and CIFS/SMB, but at a
much lower cost. Rather than use all-purpose computer systems with Windows XP, which drives
up the price, NAS tends to use a small operating system embedded in a simplified hardware
platform. Though NAS boxes support hard drives and at times tape drives, they do not have
input/output devices such as a monitor or keyboard. NAS is easier to manage than a file server
because it is designed specifically for network storage. Attacks to these systems are not widely
known, but that might be because they are not yet widely installed throughout industry.
See Also: Network; Network File Systems (NFS).
Further Reading: About, Inc. NAS. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-nas.htm.
Network File Systems (NFS) (general term): A file-sharing protocol used on UNIX and
Linux computers. Because NFS was not designed with security concerns taken into consideration,
it has some reported design vulnerabilities.
See Also: Linux; UNIX;Vulnerabilities of Computers.
Network Hackers (general term): See Crackers.
Network Operating System (NOS) (general term): Implements protocol stacks and device
drivers for networking hardware. Some operating system software (such as Windows 98,
Second Edition, and later versions) also has networking features such as Internet Connection
Sharing (ICS). NOS has been in existence for more than thirty years.The UNIX operating system
was designed right from the start to effectively support networking.
See Also: Network; Operating System Software; Protocol.
Further Reading: About, Inc. NOS. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-nos.htm.
Neumann, Peter G. and Concerns About a Cyber Apocalypse (general term): In the early
2000s, the Defense Advanced Research Projects Agency (DARPA) funded no fewer than
12 key computer security projects under the umbrella of the Composable High-Assurance
Trustworthy Systems (CHATS) program. Peter G. Neumann from the Stanford Research
Institute Computer Science Laboratory led one of those key projects. The emphasis in the
CHATS program was on trustworthy open-source operating systems having trusted components.
A technical paper on the results of the project appeared in the 2003 DISCEX03
proceedings Achieving Principled Assuredly Trustworthy Composable Systems and Networks.
In a less technical piece appearing in The New Yorker in May 2001, Peter G. Neumann underscored
his concerns about the possibility of the cyber-criminal arm causing a Cyber
Apocalypse. What worried Neumann was “the big one.” Because malicious crackers can get
into the United States’ most critical computers in just a few minutes and clear a third of the computer
drives in America in a single day, or because they could shut down the power grids and
emergency-response systems of numerous states, Neumann warned in his piece that the Internet
lies in wait for its Chernobyl. Moreover, Neumann said that he does not believe the wait will be
much longer.
Network Attached Storage Server or NAS 224
See Also: Cybercrime and Cybercriminals; Internet, Cyber Apocalypse; Open Source;
Security;Trust.
Further Reading: Specter, M. The Doomsday Click. The New Yorker. May 28, 2001,
p. 101–107; SRI International Computer Science Laboratory. Peter G. Neumann. [Online,
2004.] SRI International Computer Science Laboratory Website. http://www.csl.sri.com/users/
neumann/neumann.html.
Newbies or Scriptkiddies (general term): Relatively inexperienced crackers in the
Computer Underground who tend to rely on prefabricated software to do their cracking
exploits.
See Also: Computer Underground (CU); Crackers; Exploit.
Nibble (general term): Half of a byte (4 bits).
See Also: Byte.
NIMDA worm (general term): A costly worm that first struck computers on September 18,
2001, and was still around in August 2002. NIMDA is thought to have cost about $500 million
in damages as corporations repaired their networks and added virus protection software and
other security services.Without any assistance from computer users, the NIMDA worm spread
quickly through Windows 2000 computers on the Internet.
See Also: Computer; Internet; Malware; Network;Virus;Worm.
Further Reading: Bruck, M. The Key to Eradicating Viruses and Bugs. [Online,
August 5, 2002.] Entrepreneur.com, Inc. Website. http://www.entrepreneur.com/article/
0,4621,302155,00.html.
NMAP (general term): Short for Network Mapper, an open source utility for exploring networks
or doing a security audit. It is available without charge and was developed to quickly scan
large networks. It performs well in this environment as well as with single hosts.
Nmap utilizes raw IP packets in novel ways to ascertain a number of things, including which
hosts are available on the network, which services a host is offering (including application name
and version), which operating system software and OS version is running, what type of
packet filters/firewalls are being utilized, and more. Nmap runs on most types of computers
(with console and graphical versions obtainable) and is obtainable with complete source code
under the terms and conditions of the GNU GPL.
See Also: Audit Trail; Code or Source Code; Firewalls; Internet Protocol (IP);Network;Open
Source; Operating System Software.
Further Reading: Insecure.org. Nmap. [Online, 2004.] Insecure.org Website. http://www
.insecure.org/nmap/.
Node (general term): Any devices attached to a telecommunications network such as cell
phones, computers, personal digital assistants (PDAs), and other network appliances. In the IP
domain, any device having an IP address is called a node. Servers in a clustering setting, such
as database clusters or Web farms (large installations of Web servers), are also called nodes.
See Also: Internet Protocol (IP); IP Address; Network;Telecom.
Further Reading: About, Inc. Node. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-node.htm.
225 Node
Nonrepudiation (general term):Term that can be used in the legal sense and in the cryptotechnical
sense. In a legal sense, someone who signs a legal paper is permitted to “repudiate” a
signature that has been attributed to him or her. A forged signature is one example of repudiation;
a true signature obtained under conditions of duress is another.
The term “nonrepudiation” crypto-technically means that during authentication, a service
providing proof of the integrity and origin of the information can be verified by a third party at
any time. Put another way, nonrepudiation means that during authentication, the information
can be found to be genuine with high assurance; for this reason, chances are slim that it could be
refuted afterward.
See Also: Authentication; Cryptography or “Crypto”; Signature.
Further Reading: McCullagh, A. and Caelli, W. Non-repudiation in the Digital
Environment. [Online, August, 2000.] First Monday Website. http://www.firstmonday.dk/
issues/issue5_8/mccullagh/.
NSA National Computer Security Center (NSA/CSS) (general term):A U.S. government
group in the National Security Agency (NSA) that assesses computing equipment for highsecurity
applications to make sure that the firms processing classified and sensitive information
are using trusted computer systems and parts. NCSC was started in 1981 as the Department of
Defense Computer Security Center. It received its current name of NSA/CSS in 1985.
The NSA/CSS encourages businesses, educational institutions, and government agencies to
advance research and standardization efforts to ensure that secure information systems are
designed.The NSA/CSS also distributes information about issues dealing with secure computing.
It does this in part by holding an annual National Information Systems Security Conference.
On February 15, 2005, President George W. Bush announced that he was considering making
the NSA the online traffic police for helping agencies to share homeland security
information in a secure fashion across government computer networks.To this end, on March 2,
2005, the NSA presented its recommendations for securing U.S. government sensitive and
unclassified documents. Elliptic Curve Cryptography (ECC), a public key cryptosystem produced
by Canadian company Certicom Security Architecture,was recommended by the NSA to
assist in this regard.
ECC’s advanced cryptography algorithms known as Suite B were of particular interest to the
NSA.The public key protocols included in Suite B were Elliptic Curve Menezes-Qu-Vanstone
(ECMAQ) and Elliptic Curve Diffie-Hellman (ECDH) for key agreement.The Elliptic Curve
Digital Signature Algorithm (ECDSA) was included for authentication. The Advanced
Encryption Standard (AES) for data encryption and SHA for hashing were also part of the recommended
suite.
Other countries besides the United States are becoming concerned about cyber security for
government documents. For example, during the week of February 15, 2005, the Auditor
General for Canada, Sheila Fraser, warned that federal agents in Canada are failing to keep up
with the crackers, making confidential government documents vulnerable. Fraser said that she
was disappointed that the Canadian government did not meet its own minimum standards for
IT security, despite the fact that guidelines had been available for almost a decade.
As a case in point cited by Fraser, in May, 2004, the Treasury Board Secretariat surveyed 90
government departments and found that of the 46 departments that responded, only one agency
Nonrepudiation 226
met the minimum requirements of the Canadian government’s security policy and related online
standards. Even worse, the survey results showed that 16% of the departments did not have any
information security policy, and more than 25% of the departments did not have a policy requiring
a plan to keep critical systems and services running if a major cyber attack or power blackout
occurred.
See Also: Algorithm; Diffie-Hellman Public-Key Algorithm (DH); Digital Signature;
Encryption or Encipher; National Security Agency (NSA).
Further Reading: Bridis, T. White House Eyes NSA for Network ‘Traffic Cop.’ [Online,
February 15, 2005.] The Washington Post Website. http://www.washingtonpost.com/wp-dyn/
articles/A25583-2005Feb15.html; Canoe Inc. Security Gaps in Federal Computers. [Online,
February 15, 2005.] Canoe Inc. Website. http://cnews.canoe.ca/CNEWA/Canada/2005/
02/15/931808-cp.html; TechTarget. National Computer Security Center. [Online, February 2,
2001.] TechTarget Website. http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_
gci519382,00.html; The Globe and Mail. U.S. Government to Rely on Canadian Cryptography.
[Online, March 2, 2005.] The Globe and Mail Website. http://www.globetechnology.com/
servlet/story/RTGAM.20050302.gtcrypto0303/BNStory/Technology/.
NSF (National Science Foundation) and NSFnet (general term): A U.S. government
agency that has funded the development of a cross-country backbone network, as well as regional
networks designed to connect scientists over the Internet, thereby taking on the term NSFnet.
Nuking (general term): A form of abuse found in Internet chat rooms. An example of nuking
is sending someone a large number of ICMP or other high-priority packets, thus provoking a
Denial of Service attack. If the victim has a low connection speed compared to the sender’s, he
or she may get dropped from various Internet services (such as IRC), because his or her machine
is so busy handling the high-priority packets that it does not handle the lower-priority packets
before it idles out.
See Also: Denial-of-Service (DoS); Internet Control Message Protocol (ICMP); Internet
Relay Chat (IRC); Packet.
Further Reading: Eskimo Organization. IRC Abuses. [Online, July 15, 1998.] Eskimo
Organization Website. http://www.eskimo.com/~cwj2/chan-atheism/abuses.html.
227 Nuking
Oakley Protocol (general term): Cites a sequence of key exchanges and describes their services,
particularly authentication and identity protection.
See Also: Authentication; Key.
Further Reading: TechTarget. Internet Key Exchange. [Online, February 16, 2004.]
TechTarget Website. http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci884946,00
.html.
Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP)
(general term): Canadian Prime Minister Jean Chrétien announced the development of this
agency on February 5, 2001. It took over the functions of the former Emergency Preparedness
Canada, and its role was to protect Canada’s critical infrastructures from disruption or complete
failure in order to assure the health, safety, and economic well-being of Canadians. A prolonged
disruption or failure in one utility contributing to the infrastructure could produce cascading disruptions
or failures across a number of other infrastructures, with major economic and social
repercussions for Canadians.
In December 2003, Canadian Prime Minister Paul Martin said that OCIPEP would be integrated
into a new department known as Public Safety and Emergency Preparedness Canada
(known as PSEPC). The first Deputy Prime Minister and Minister of Public Safety and
Emergency Preparedness appointed by the Prime Minister was Anne McLellan.
See Also: Critical Infrastructures; Critical Networks; Cyber Apocalypse.
Further Reading: OCIPEP. OCIPEP: Who We Are. [Online, May 11, 2004.] OCIPEP
Website. http://www.ocipep-bpiepc.gc.ca.
OMG (general term): Stands for Object Management Group, an open-membership consortium
of computer companies committed to producing and upholding computer industry specifications
for enterprise applications that are interoperable.The OMG Board of Directors contains
well-known names in the computer and Internet industry including IBM,Alcatel, the Boeing
Company, NASA, Sun Microsystems, and Hitachi.
OMG’s star specification is the multi-platform Model-Driven Architecture (MDA), and
OMG’s own middleware platform is CORBA (an acronym that stands for Common Object
Request Broker Architecture). CORBA is OMG’s open and vendor-free architecture and infrastructure
that various computer applications use to be able to function together over networks.
When the standard protocol IIOP is used, a CORBA-based program from any vendor on almost
any computer or operating system in any programming language and on any network can interoperate
with a CORBA-based program from the same or another vendor in all of these ways.
Because of how easily CORBA integrates machines from huge mainframes to desktops and
PDAs, it has become the middleware of choice for many large and some smaller enterprises. One
of CORBA’s most common uses is in servers handling a huge volume of customers and having
high hit rates but still maintaining high reliability.
Moreover, the OMG Interface Definition Language (IDL) allows interfaces to objects to be
defined independently of an object’s implementation. After an interface in IDL is defined, it is
used as input to an IDL compiler, whose output is to be compiled and linked with an object
implementation and its clients.
See Also: Compiler; Computer; Internet; Middleware.
Further Reading: Barry & Associates, Inc. OMG Interface Definition Language. [Online,
May 16, 2005.] Barry & Associates, Inc.Website. http://www.service-architecture.com/webservices/
articles/omg_interface_definition_language_idl.html; Barry & Associates, Inc.CORBA.
[Online, May 16, 2005.] Barry & Associates, Inc.Website. http://www.service-architecture.com/
web-services/articles/corba.html.
On-Access Scanner (general term): Relates to the constant monitoring of the file system on
workstations and servers. For anti-virus software effectiveness, it is important that a computer
virus be found and then blocked before it is activated.Therefore, every time a file is accessed for
reading or writing, or whenever a program is launched, the on-access scanner is invoked. The
on-access scanner literally scans the file. Although on-access scanning is a quite secure way to
check for viruses, it is not well liked by sophisticated users because of its adverse impact on performance.
See Also: Anti-Virus Software; On-Demand Scanner; Server;Virus.
Further Reading: SAV25 Data Systems. SAV25 Data Systems. [Online, 2000.] SAV25 Data
Systems Website. http://www.sav25.com/norman/nvc/nvc_corp_features.htm.
On-Demand Scanner (general term): Used for the manual scanning of selected areas on a
computer, including entire drives or certain folders. For example,Windows Explorer allows an
object to be selected and then scanned.The user simply chooses the on-demand Virus Scanner
entry from the right-mouse button menu.
In a networked environment, the system administrator can schedule scanning operations to
be run on some or on all workstations and servers within the corporation.Tasks can be run
immediately, scheduled to be run at a later point in time, or scheduled to be run at some fixed
interval.The on-demand scanner can use a sandbox-type of technology to add more protection
levels to detect novel and unknown malware before it can create havoc on the network.
See Also: Administrator; Computer; On-Access Scanner; Malware; Server;Virus.
Further Reading: SAV25 Data Systems. SAV25 Data Systems. [Online, 2000.] SAV25 Data
Systems Website. http://www.sav25.com/norman/nvc/nvc_corp_features.htm.
One-time Password (general term): One-time passwords can be used for only one authentication
process in order to gain access to a system. By using one-time passwords, the probability
of an attack relying on the interception and replay of network traffic is lessened because a previously
valid password will not be accepted on a second or following round. One-time passwords
are typically used in security-critical environments in which clear-text passwords continue to
be used.
See Also: Attack; Authentication; Password; Security.
One-Way Hash Function (general term): A mathematical transformation of data of arbitrary
length into a fixed-length string.The mathematical properties of the transformation ensure that
OMG 230
the reversion of the hashing is computationally hard and that similar data yield dissimilar hashes.
The output of a hash function—called a hash, message digest, or digital fingerprint—is used for
authentication and message integrity purposes.
Online File Swapping or Online File Sharing (general term): Recent studies indicate that
more people than ever are using Peer-to-Peer (P2P) services for online file swapping and file
sharing.These terms mean just as they sound: users swap or share files online with others, usually
without paying royalties.The files shared are typically music, movies, and photos.
For example, BigChampagne, which tracks Internet file-sharing in the United States, says that
more than eight million people were online at any one time in June 2004, using unauthorized
services such as KaZaA and eDonkey. That is an increase of 19% from 6.8 million people who
engaged in unauthorized file-sharing in June 2003.Though BigChampagne says that the majority
of files being swapped are music, pornography videos and images is the second-biggest
category.
After September 2003, the Recording Industry Association of America (RIAA) filed 3,500
lawsuits against U.S. online music sharers who uploaded songs to the Internet.The charges relied
on the infringement of the DMCA law.The RIAA had settled about 600 of these cases as of July
2004, with fines levied ranging from $2,000 to $15,000. After 2004, the RIAA continued to file
suits against individuals they believed to be infringing the DMCA. As of September 30, 2005, the
milestone number of cases reached 15,000. In some jurisdictions outside the United States, such as
in Canada, online file swapping is not illegal.
See Also: Digital Millennium Copyright Act (DMCA); Internet; Napster; Peer-to-Peer
(P2P); Recording Industry Association of America (RIAA).
Further Reading: Graham, J. Online File Swapping Endures. USA Today, July 12, 2004, p.A1.
Rank One Media Group. US music industry hits milestone, has sued 15,000 people. [Online June
2006]. cdfreaks Web site. http://www.cdfreaks.com/news/12474.
Opcode (general term): Short for Operation Code, which is the part of an instruction in
machine language to specify the operation to be performed. A complete machine language
instruction consists of an opcode and zero or more operands with which the specified operation
is performed. Examples are “add memory location A to memory location B,” or “store the number
five in memory location C.”“Add” and “Store” are the opcodes in these examples. Because
virus scanners try to detect and remove malicious patterns of machine instructions, virus writers
have now turned to metamorphic viruses that rewrite themselves using equivalent opcodes, or
that re-order the machine instructions to achieve the same computational result while at the
same time avoiding detection.
See Also: Virus.
Open Relay (general term):An SMTP email server permitting outsiders to relay email not for
or from local users. Spammers rely on open relay to send unwanted messages to potential consumers.
Open relays are blacklisted by some Internet services, and other mail servers use these
lists to block emails from the open relay servers. System administrators of open relays are contacted
by the listing service asking them to fix their configurations in order to be removed from
the black list.
231 Open Relay
See Also: Administrators; Electronic Mail or Email; Internet; Simple Mail Transfer Protocol
(SMTP); Spam; Spammers.
Further Reading: MarketingSherpa, Inc.The Ultimate Email Glossary: 180 Common Terms
Defined. [Online, 2004.] MarketingSherpa, Inc. Website. http://www.marketingsherpa.com/
sample.cfm?contentID=2776.
Open Shortest Path First (OSPF) (general term):A gateway-routing protocol created for IP
networks that implements the “shortest path first” (or link-state) algorithm. Routers use the
algorithms to forward routing information to all other OSPF routers on the Internet by calculating
the shortest path to each router, based on a connection graph of the network as it is “seen”
by each router.
Each router sends not only the portion of the routing table describing the state of its own
links but also the complete routing structure (known as the topography).The positive aspect of
“shortest path first” algorithms is that they produce smaller, more frequent updates, thus preventing
problems such as routing loops and count-to-infinity (which occurs when routers
continue to increment the distance counter to a destination net).
OSPF results in a stable network. OSPF’s major disadvantage is its large requirement of CPU
power and memory.The advantages far outweigh the costs, however.
See Also: Algorithm; Internet; Protocol; Routers.
Further Reading: Jupitermedia Corporation.What is OSPF? [Online, February 13, 2004.]
Jupitermedia Corporation Website. http://www.webopedia.com/TERM/O/OSPF.html.
Open Software Foundation (OSF) (general term): Founded in 1988 to develop an open,
interoperable standard for UNIX operating systems.The group, consisting initially of all but two
major players in the UNIX market, included IBM, Digital Equipment Corporation (DEC),
Hewlett Packard, Apollo, Groupe Bull, Siemens, and Nixdorf.The Foundation was largely seen
to be an attempt to unify forces against Sun Microsystems and American Telephone & Telegraph
(AT&T) and their System V version of UNIX.The competition between the coalition of seven
and the pair consisting of Sun Microsystems and AT&T became known as the UNIX wars.
Commercially, the developed standard was a failure. The only implementation was OSF/1 by
DEC, which was later renamed Digital UNIX. In 1996, OSF merged with X/Open to form the
Open Group.The OSF is frequently confused with the Free Software Foundation (FSF), but
there has never been a connection between OSF and FSF.
See Also: Free Software Foundation; UNIX.
Open Source (general term): Open source proponents believe that software users should be able
to view the source code and make changes to it to correct glitches or produce value-added features.
The Linux operating system, for example, is open source.
See Also: Internet; Open Source Initiative (OSI).
Open Source Initiative (OSI) (general term): In addition to giving other software users open
access to the source code, the distribution conditions for software under the OSI license scheme
must also comply with the following conditions, among others:
Open Relay 232
• Free Redistribution.The license should not stop anyone from selling or giving away the
software when it is part of an aggregate software having programs from a number of different
sources. Moreover, the license should not require a royalty fee for such a sale.
• Source Code.The product must include source code and permit its distribution.When a
product is distributed without source code, there has to be some clearly stated way to get it
for a price not exceeding reasonable reproduction costs. In fact, the source code should be
able to be downloaded from the Internet, preferably for free. Furthermore, the source code
should be in the form in which, say, a programmer could amend it.
• Derived Works.The license should permit software changes, and works derived from the
original software should be permitted to be distributed under the same terms and conditions
as the license of the original software version.
• No Discrimination Against Persons or Groups.The license is not allowed to discriminate
against any person or group.
• No Discrimination Against Fields of Endeavor.The license is not allowed to restrict any
person from using the program for a specific purpose, such as for business or for genetic
research.
• Distribution of License.The rights to the program must apply to everyone who receives it
without having to obtain more licenses.
• License Must Not Restrict Other Software.The license must not put restrictions on other
software distributed with the licensed software.That is, the license must not insist that other
programs distributed on the same medium as the licensed software also be open source.
• License Must Be Technology Neutral. No license provision may be predicated on any particular
technology or interface style.
See Also: Code or Source Code; Internet; Open Source.
Further Reading: Open Source Initiative. The Open Source Definition. [Online, 2004.]
Open Source Initiative Website. http://www.opensource.org/docs/definition_plain.php.
Open Systems Interconnect (OSI) Model (general term): Defines Internet function through
a vertical stack of seven layers.The uppermost layers represent the implementation of network services
such as encryption and connection management, and the lowermost layers implement the
hardware-oriented functions such as addressing, flow control, and routing.
Data communication begins with the top layer at the sending side, descends the OSI model
stack to the bottom layer, crosses the network connection to the bottom layer on the receiving
side, and ascends the OSI model stack.
The OSI model was developed in 1984 to be an abstract model, but it has become a practical
framework for developing current network technologies such as Ethernet and protocols such
as IP.
233 Open Systems Interconnect (OSI) Model
See Also: Encapsulation; Encryption or Encipher; Ethernet; Internet; Internet Protocol;
Layers; Network.
Further Reading: About, Inc. OSI Model. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/cs/designosimodel/g/bldef_osi.htm.
Operating System Software (general term): Software managing the computer hardware.
Operating systems vary in their make-up because they are organized in different ways, and
designing a new Operating System is a major undertaking. Because an Operating System is complex,
it has to be designed one piece at a time. Moreover, each piece needs to be a well-defined
section of the systems, with well defined inputs. For PCs, the most popular current operating system
software is the Microsoft Windows family, but experts project that Linux will replace
Windows on at least one-fifth of all computer systems by 2010.
See Also: Linux.
Operation Sun Devil of 1990 (general term): A nation-wide raid carried out by the U.S.
Secret Service as part of an online investigation into the cyberwar between the Legion of
Doom (LoD) and the Masters of Deception (MoD).
See Also: Hacker Clubs; Legion of Doom (LoD); Masters of Deception (MoD).
Orange Book (general term): A standard from the U.S. National Computer Security Council
(an arm of the National Security Agency). It defines criteria for trusted computer products
and describes four trust levels, designated as A, B, C, and D.
Each level of trust includes more features and requirements:
D is a nonsecure system.
C1 requires a user to logon but does not prohibit group ID.
C2 requires individual logons with a password and an audit mechanism.
B1 requires Department of Defense security clearance.
B2 requires secure communication links between the system and users and gives assurance that
system testing is performed regularly and clearances are maintained.
B3 requires that the system be characterized by a viable mathematical model, and
A1 requires a system characterized by a proven mathematical model
See Also: National Security Agency (NSA);Trust.
Further Reading: Farlex, Inc. The Orange Book. [Online, 2004.] Farlex, Inc. Website.
http://computing-dictionary.thefreedictionary.com/Orange%20Book.
Osowski, Geoffrey and Tang,Wilson Case (legal case): Accountants Geoffrey Osowski and
Wilson Tang pleaded guilty in April 2001 to exceeding their authorized access to the Cisco
Systems Inc. computers so that they could illegally issue about $8 million in Cisco stock to
themselves.They were charged with violating Title 18, United States Criminal Code by committing
computer and wire fraud. Under a plea bargain, they consented to pay back money
amounting to the difference between almost $8 million that they issued to themselves and that
Open Systems Interconnect (OSI) Model 234
which the government could recover from the sale of jewelry, an automobile, and other purchased
goods.
The pair admitted that between October 2000 and March 2001, they worked together to
defraud Cisco Systems so that they could get Cisco stock they were not authorized to get. In
December 2000, they moved 97,750 shares of Cisco stock into two separate accounts at Merrill
Lynch, with 58,250 of the shares to be deposited into an account for Osowski and 39,500 shares
to be deposited into an account for Tang.
In February 2001, the cybercrime team caused two more transfers of stock to their accounts,
this time of 67,500 and 65,300 shares. For their cybercrime, Osowski and Tang were sentenced
to 34 months in prison.
See Also: Access Control; Cisco Systems Inc.; Fraud.
Further Reading: U.S. Department of Justice. Former Cisco Accountants Plead Guilty to
Wire Fraud via Unauthorized Access to Cisco Stock. [Online, January 17, 2003.] U.S.
Department of Justice Website. http://www.usdoj.gov/criminal/cybercrime/OsowskiPlea.htm.
Out-of-Band Management (general term): Refers to a method of accessing network firewalls,
routers, switches, or servers allowing security technicians to configure and manage these devices
through dial-up lines instead of using the devices’ regular network connection.
See Also: Firewall; Network; Routers; Server; Switch.
Further Reading: Communication Devices, Inc. Products: Out of Band Management.
[Online,May 18, 2005.] Communication Devices, Inc.Website. http://www.commdevices.com/
oob_story.htm.
Outsider Hacker or Cracker (general term): A hacker or cracker known as an outsider is
not an employee of a company or government agency whose computer systems have been
attacked.
The “outsider” personality profile is based primarily on crackers under age 30 who were
caught and convicted on cracking-related crimes. As with insiders caught for computer crimes,
outsider crackers have multidimensional rather than unidimensional motivational needs. For
example, in a piece written in 1994, the infamous British “Prestel Hacker” Schifreen described
the motivational factors of outsider hackers as being broad and existing in degrees of White Hat
and Black Hat traits.These motivational factors included seizing the cracking opportunity available
because of poor system controls as well as the cracker’s internal need for a challenge, to
relieve boredom, to get revenge, or to satisfy greed.
See Also: Black Hats; Cracker; Hacker; Schifreen, Robert;White Hats or Ethical Hackers or
Sumarai Hackers.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Overrun Error (general term):Typically occurs in devices and applications when they receive
more data then they anticipate, usually because the allocated or physical memory buffer is not
big enough. Crackers try to create these conditions. Because frequently the application or
device does not handle the Overrun Error in a secure way, it allows a cracker to exploit a vulnerable
state of the system.
See Also: Buffer Overflows.
235 Overrun Error
Package (general term): An object containing files and instructions for distributing software.
Packet (general term): Data travels along the Internet in packets that are sent individually across
the network and then reassembled into the original data at the correct recipient address. Each
packet is like a letter in that it has a sender and a receiver. When the packet reaches the correct
receiver address, it stops traveling.
Every packet has the following fields: source IP address (such as 10.23.1.156); destination IP
address; transport type (such as ICMP=1, TCP=6,UDP=17); source port and destination port
(such as DNS=53, FTP=21, HTTP=80); and flags (such as SYN).
See Also: Encapsulation; Internet; Internet Protocol (IP); IP Address; Port and Port Numbers;
Synchronize Packet (SYN).
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Packet Filters (general term): In firewalls, the technology used most often to control traffic.
The fields in every packet are compared against a rule set configured on the firewall. Rules
might be of the following form:
BLOCK destination=196.0.3.x TCP flag=SYN
ALLOW destination=196.0.3.129 TCP destport=25
ALLOW destination=196.0.3.130 TCP destport=80
So, if the private network is 196.0.3.x, the initial rule in the preceding list blocks all incoming
TCP connections, but outbound connections can continue.The following rules override the
first; thus, access to the email server at port 25 is allowed and access to the Web server at port 80
also is allowed.
Packet filters are susceptible to fragmentation attacks, whereby an attacker splits up a TCP
connection into many smaller packets to avoid detection by packet-filtering rules.
See Also: Firewall; Fragmentation; Packet;TCP/IP or Transmission Control Protocol/Internet
Protocol.
Packet Storm (general term): A nonprofit group of security professionals who provide information
necessary for securing networks by posting new security information on a global
network of Websites. Information posted includes current and earlier security tools, exploits, and
advisories.
See Also: Exploit; Network; Security.
Further Reading: Packetstorm Security.About Packet Storm. [Online, 2004.] Packet Storm
Website. http://packetstormsecurity.org.
Packet-Switched Network (general term): Computers connected to the Internet use a
packet-switching network to transmit data packets from one attached device to another.
See Also: Ethernet; Internet; Network; Packet; Routing and Traceroute Tool.
PAD or Padding (general term):An encryption algorithm used to encrypt or “padlock” a message.
In cryptosystems, padding also refers to random characters, blanks, zeros, and nulls added to
the beginning and ending of messages to conceal their actual length or to satisfy the data block
size requirements of some ciphers. Padding also serves to obscure the location at which cryptographic
coding actually begins.
See Also: Algorithm; Encryption or Encipher.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Parson, Jeffrey Lee Case (legal case): On August 12, 2004, Jeffrey Lee Parson appeared before
a judge in Seattle,Washington, admitting to having created the B variant of the Blaster worm.
Known also as the “teekids” variant, it exploited nearly 50,000 computers on the Internet in
2003. In January 2005, Parson was sent to jail for 18 months. He was also ordered to put in 10
months of community service after his release.The judge said that she was sentencing him at the
lighter end of the potential jail-term range, because though Parson was 18 when he launched his
cyber attack, he was emotionally immature. If the judge wanted to be tougher, Parson could have
faced a jail term of 10 years and a $250,000 fine.
See Also: Blaster Worm; Hackers’ Psychological Profile; Malware;Worm.
Further Reading: ECT News Network. Jeffrey Lee Parson Pleads Guilty to Blaster Worm
Crime. [Online, August 15, 2004.] ECT News Network Website. http://www.technewsworld
.com/story/35820.html; Johnson, G. Teen Sentenced for Releasing Blaster Worm Variant.
[Online, January 28, 2005.] Security Focus Website. http://securityfocus.com/news/10377.
Passive Attack (general term): On a cryptographic system. It is a method that starts with some
information about plaintexts and their corresponding ciphertexts (under some unknown key)
and then determines more information about the plaintexts.
See Also: Attack; Ciphertext; Passive Countermeasures; Plaintext.
Further Reading: Electronic Frontier Foundation. Passive Attack. [Online, 2004.] Electronic
Frontier Foundation Website. http://gnupg.unixsecurity.com.br.
Passive Countermeasures (general term):Though there is no true means of defending against
Denial of Service (DoS) attacks, the most effective means seem to be passive countermeasures.
Passive countermeasures are used to prevent network resources from being taken over by crackers
as clients for a DoS attack.
Specific passive countermeasures include configuring the router to do egress filtering, thus
preventing spoofed traffic from exiting the network; asking the Internet Service Provider to
configure routers to perform ingress filtering on the network; using a firewall that exclusively
employs application proxies; and disallowing unnecessary ICMP, TCP, and UDP traffic.
Moreover, if the ICMP traffic cannot be blocked, passive countermeasures can include disallowing
unsolicited (or all) ICMP_ECHOREPLY packets; disallowing UDP and TCP, with the
Packet-Switched Network 238
exception of a specific list of ports; and setting up the firewall to block any outgoing data traffic
whose originating address is not on the protected network.
See Also: Active Countermeasures; Denial of Service (DoS); Firewall; Internet Control
Message Protocol (ICMP); Internet Service Provider (ISP); Passive Attacks; TCP/IP or
Transmission Control Protocol/Internet Protocol; User Datagram Protocol (UDP).
Further Reading:AXENT Technologies, Inc.TFN2K — An Analysis. [Online,March 7, 2000.]
AXENT Technologies, Inc. Website. http://gaia.ecs.csus.edu/~dsmith/csc250/lecture_notes/
wk12/tfn2k.html.
Passive Fingerprinting (general term): See Fingerprinting.
Passive Wiretapping (general term):A type of wiretapping that is not active but rather attempts
merely to observe the traffic flow to gain desired knowledge, whether it be snooping for a password
or just logging traffic.
Passphrase (general term): Text string consisting of several words and numbers that a user enters
to access a computer, network, or an applicaiton. Some systems allow users to use entire
passphrases rather than a short string for passwords.Though passphrases are deemed to be more
secure because they are harder to crack, they are generally used only when extreme security is
demanded.
See Also: Authentication; Cracking; Password.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Password (general term):A unique character string that a user types to access a computer, network,
or an application such as a database or a Web-based service. Essentially, passwords are
identification codes restricting access to computers, networks, and sensitive files.
The system compares the typed user identification and password against a list of authorized
users and passwords stored on the system. If the entered user identification (that is, id) and password
are valid, the system lets the user access at the security level preapproved for him or her.
See Also: Access Control; Authentication; Computer; Network.
Password Authentication Protocol (PAP) (general term): One of the earlier forms of
authentication for gaining access to a network.A user’s name and password were transmitted over
a network and compared to a list of name-password pairs.Typically, the passwords stored in the
table were encrypted. It is important to note that PAP was not a strong authentication method,
for passwords were sent over the wire as “clear text.” Furthermore, there was no protection from
replay attacks or from brute-force trial and error attacks. Because of these shortcomings, PAP is
no longer in wide use.
Further Reading: IETF, PPP Authentication Protocols. [Online, October 1992.] Website.
http://www.ietf.org/rfc/rfc1334.txt.
Password Cache (general term): A temporary copy of a password; an internal prompting that
occurs inside a computer during a session to prevent the user from being externally prompted
to continually reenter the password.
See Also: Computer; Password.
239 Password Cache
Patches or Fixes or Updates (general term): Updated system software created to close security
gaps discovered after the software has been released to the public.
Patent Law and Automated Business Methods (legal term): Once considered a taboo subject
matter of patent law,Automated Business Methods (or ABMs) are now accepted by the U.S.
Patent and Trademark Office and U.S. courts.ABMs, business methods that once were manually
completed but are now automated, are used by some of the largest businesses operating on the
Internet, known generally as “electronic-commerce” or “e-commerce.”
See Also: Internet;Trademark Law.
Further Reading: Kirsch, G. The Software and E-Commerce Patent Revolution. [Online,
2004.] Gigalaw.com Website. http://www.gigalaw.com/articles/2000-all/kirsch-2000-01-all
.html.
PATRIOT Act of 2001 (legal term):Also known as the USA PATRIOT Act and Patriot Act I,
this controversial Act was introduced as H.R. 3162 by Representative F. James Sensenbrenner, RWI,
on October 23, 2001, in response to the September 11, 2001, terrorist attacks.The acronym
“USA PATRIOT” stands for Uniting and Strengthening America by Providing Appropriate
Tools Required to Intercept and Obstruct Terrorism. The Act’s stated intent was to deter and
punish terrorist acts in the United States and elsewhere and to enhance law enforcement investigation
tools. Related bills include H.R. 2975 (an earlier anti-terrorism bill that passed the
House on October 12, 2001) and H.R. 3004 (the Financial Anti-Terrorism Act). On October
26, 2001, H.R. 3162 became Public Law No. 107-56, that is, the USA PATRIOT Act of 2001.
Though federal courts have found some provisions of the Act unconstitutional, and despite
continuing public controversy and concern, the law was renewed in March 2006.
Further controversy brewed when on February 7, 2003, the Center for Public Integrity, a public
interest think tank in Washington, D.C., disclosed the content of a classified document that
was to be introduced as the Domestic Security Enhancement Act of 2003 or Patriot Act II.The
legislation was not brought forward in this form, although some of the controversial sections
were reintroduced in the Tools to Fight Terrorism Act of 2004. This act was read in the Senate
on July 19, 2004. It was not passed in this form.
See Also: Terrorism.
Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet.
[Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/
legislation/107th/wiretaps/. Azulay, Jessica. ‘Chilling’ Pieces of Patriot Act II return to Senate.
The NewStandard. [Online, September 22, 2004]. http://newstandardnews.net/content/
?action=show_item&itemid=1027.
Payload (general term): Associated with a computer virus, it is the malicious software content
that the virus executes.The term payload is also the actual data that is encapsulated in a packet
and is transmitted on a network. Payload is also a critical concept in Web services, identifying
the data that is transmitted.The payload in Web services is XML based, thus delivering the data
in a standardized format that can be understood by many diverse applications.
See Also: Encapsulation; Network; Packet;Virus.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.]. http://
securityresponse.symantec.com/avcenter/refa.html.
Patches or Fixes or Updates 240
PBX (Private Branch Exchange) (general term):A type of internal telephone switchboard—
typically circuit-switched networks—found in corporations. As telephony continues to evolve
to Voice Over IP (or VoIP), companies will use a so-called “hybrid” networks made up of both
circuit-switched and VoIP equipment. According to security experts, during this transitional
period, present-day security vulnerabilities of circuit-switched networks will continue—
including toll fraud, service theft, the use of unauthorized modems, and eavesdropping on the
Public Switched Telephone Network—and new vulnerability issues will emerge. How security
professionals deal with these vulnerabilities will depend on the selected vendor, the configuration
used, and the particular deployment scenario under investigation.
See Also: Fraud; Modem; Network;Theft;Voice Over Internet Protocol (VoIP).
Further Reading: Collier, M.The Value of VoIP Security. [Online, July 6, 2004.] CMP Media
LLC. Website. http://subscriber.acumeninfo.com/uploads2/5/E/5E9080CAB3A1ABE63E3B
8EFB7B21E22D/1090506012673/SOURCE/secureLogix.html.
PDA (Personal Digital Assistant) (general term):A small, handheld system combining in one
device multiple computing, Internet, networking, and fax/telephone features. A typical PDA
can work as a personal organizer, a cell phone, and, in some cases, an Internet browser. One of
the favorite PDAs of executives is the Canada-produced BlackBerry; other popular models are
produced by Hewlett-Packard and Palm, Inc. In fact, today’s technology is making it easier for a
handheld phone to become what telecommunications expert George Gilder calls a “teleputer”—
a wireless device able to perform all of the functions typically associated with a much larger
computer.For example, the Nokia N91 has a four-gigabyte hard drive—about ten times more storage
than a desktop computer had ten years ago. That provides enough storage for thousands of
MP3 files, hundreds of photos, or numerous office documents. Some say that the modern-day
cellular phone is the equivalent of a small laptop PC in the user’s pocket.
Though very useful, even the BlackBerry has some security concerns. It is interesting to note
that during the week of March 1, 2005, the Canadian military and U.S. security agencies commenced
a one-year joint effort to make it and other PDAs more secure in the hopes that one
day PDAs can be used for transmitting top-secret information.
Though the Blackberry device allows government officials and executives to make critical
decisions using a wireless device in the palm of their hands even when they are away from their
worksites, the security of PDAs, in general, came fully into question when in February, 2005,
reports indicated that a cracker accessed personal information from Paris Hilton’s PDA (a
Sidekick II).The cracker obtained over 500 celebrities’ phone numbers and email addresses from
her PDA and then posted on the Net topless photos of the hotel heiress and model.
It is interesting to note that on February 15, 2005, a PDA-cracking cybercriminal was taken
to court, and the media questioned whether he was Paris Hilton’s PDA-cracker. In a plea agreement
with prosecutors, Nicolas Jacobsen, aged 22, pleaded guilty in U.S. federal court to one
felony charge related to his intentionally gaining access to a protected computer and causing
damage to it. Jacobsen’s crime spree began in late 2003 and ended when he was arrested in the
fall of 2004. Though Jacobsen’s 2003–2004 cyber targets included Paris Hilton’s T-Mobile
Sidekick II as well as other T-Mobile users, he was not apparently connected to the late February,
2005, crack attack that resulted in Hilton’s topless photos being shown on the Net.
241 PDA (Personal Digital Assistant)
The intrusion into T-Mobile’s servers by Jacobsen seemed to have resulted from the company’s
failure to patch a known security hole in a commercial software package. For example, at least
one Internet Website noted that anybody using a service to spoof caller ID could have exploited
the flaw.Though T-Mobile agreed that the vulnerability existed, they said that the solution to the
problem is a simple one. Users simply need to set their voice mail to require a particular password;
by default, clients are not required to do this.
In July, 2003, the vulnerability was discussed in a Black Hat Briefing talk in Las Vegas.An SPI
Dynamics researcher talked about how to exploit the Weblogic vulnerability, and, apparently,
Jacobsen learned of the hole from an issued advisory. He then created his own 20-line exploit in
Visual Basic and searched the Internet for potential targets who failed to install the issued patch.
In October, 2003, Jacobsen discovered that T-Mobile was, indeed, one such place.
See Also: Browser; Internet; Network;Wireless.
Further Reading: Ingram,M.Cellphones Becoming ‘Small Laptop in Your Pocket.’ The Globe
and Mail, May 18, 2005, p. B.3; Lemos, R. Flaw Threatens T-Mobile Voice Mail Leaks. [Online,
February 24, 2005.] CNET Networks Inc. Website. http://news.com.com/Flaw+threatens+
T-Mobile+voice+mail+leaks/2100-1002_3-5589608.html; Poulsen, K. Known Hole Aided
T-Mobile Breach. [Online, February 28, 2005.] Lycos, Inc. Website http://www.wired.com/
news/privacy/0,1848,66735,00.html; Thorne, S. Canadian Military, U.S. Agencies Launch
Blackberry Security Project. [Online, March 1, 2005.] Attrition.org. Website. http://www
.attrition.org/pipermail/isn/2005-March.txt.
PDP-10 or Programmed Data Processor-10 (general term): One of an earlier series of minicomputers
produced by Digital Electronic Corporation (DEC). These minicomputers not only
made time-sharing real but also held a special place in hacker history because they were used in
the 1970s by academic computing centers and research laboratories, including the MIT Artificial
Intelligence (AI) Lab.
Some aspects of the instruction set (especially the bit-field instructions) are to this day considered
by some to be unsurpassed. The PDP-10 was eventually made obsolete by the VAX
machines (a descendant of the PDP-11) when DEC realized that the PDP-10 and the VAX computer
systems were in competition with each other. DEC decided to concentrate its software
development efforts on the more profitable choice—VAX. The PDP-10 computer was eliminated
from DEC’s product line in 1983.
See Also: Artificial Intelligence (AI); Hacker.
Further Reading: Webnox Corporation. PDP-10 Definition. [Online, 2004.] Webnox
Corporation Website. http://www.hyperdictionary.com/dictionary/PDP-10.
Peer-to-Peer (P2P) (general term):Architecture permitting hardware and software to work on
a network without central servers It is frequently used to set up home computer networks, for
which a dedicated server can be too costly; it became popular with software applications such as
Napster.
A controversial tool for P2P communications is known as Skype, an encrypted Internet telephony
system allowing for the swapping of files; it interconnects with the publicly switched
telephone system. Skype is controversial and a headache for enterprises, because it can easily
PDA (Personal Digital Assistant) 242
penetrate firewalls; however, businesses can implement safeguards by, for example, placing Skype
on a separate, dedicated segment of their network.
Released in 2004 by the makers of KaZaA, Skype scans the Internet searching for a supernode
(by definition, other users running the software and, therefore, not being screened by
firewalls). An unknown quantity of supernodes links to other supernodes, eventually looping
back to Skype’s servers, thus allowing users on the Internet to send and receive files.
Skype is marketed as having communications encrypted with a 256-bit encryption standard,
and keys are exchanged with the RSA encryption algorithm. Unlike other, nonproprietary Voice
Over Internet protocols (VoIP), Skype uses a proprietary, secret protocol. So, for financial and
health institutions required by law to monitor the communications between their employees and
their clients, they need to be aware that Skype is unmonitorable. Skype appears to be more secure
than cell phones having their encryption disabled or landlines having zero encryption.With
Skype, even large files of 100MB size can be sent without contending with server size restrictions.
In recent years, the P2P abbreviation has taken on another meaning “People-to-People.”
Thus, P2P (or People-to-People) has become a marketing abbreviation for selling P2P software
and for creating businesses that can help individuals on the Internet to meet one another or to
share some common interests.
See Also: Internet; Napster; Online File Swapping; Peer-to-Peer (P2P);Voice Over Internet
Protocol (VoIP).
Further Reading: About, Inc. P-2-P. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-p2p.htm; Garfinkel, S. Can 9 Million Skype
Users Be Wrong? [Online, March 22, 2005.] CXO Media Inc. Website. http://www
.csoonline.com/read/030105/machine.html.
Penetration Testing (general term):The process of probing and identifying security vulnerabilities
and the extent to which they are used to a cracker’s advantage. It is a critical tool for
assessing the security state of an organization’s IT systems, including computers, network components,
and applications. Hackers of the White Hat variety are often hired by companies to
do penetration testing. It is money well spent, computer security experts contend.
See Also: Hacker;Network;White Hats or Ethical Hackers or Sumari Hackers;Vulnerabilities
of Computers.
Further Reading: Lowery, J. Penetration Testing:The Third Party Hacker. [Online, February,
2002.] Sans Institute Website. http://www.sans.org/rr/papers/index.php?id=264.
Perimeter Authentication (general term):The process of authenticating the identity of an offsite
user not within the application server’s domain.This process is completed by a remote user
specifying an identity and some form of corresponding “proof ” of identity.The proof provided
is generally a secret string of letters and/or numbers (such as a credit card number, a password,
or a Personal Identification Number such as an important date to the user) that can then be
verified.
See Also: Authentication; Fraud; Identity Theft or Masquerading; Password; Personal
Identification Number (PIN).
Further Reading: BEA Systems. Security Fundamentals. [Online, 2004.] BEA Systems
Website. http://e-docs.bea.com/wls/docs81/secintro/concepts.html#1077583.
243 Perimeter Authentication
Perimeter Defenses (general term): Used for security purposes to keep a zone secure.A secure
zone is some combination of policies, procedures, technical tools, and techniques enabling a
company to protect its information. Perimeter defenses provide a physical environment with
management’s support in which privileges for access to all electronic assets are clearly laid out
and observed. Some perimeter defense parameters include installing a security device at the
entrance of and exit to a secure zone and installing an intrusion detection monitor outside the
secure zone to monitor the zone. Other means of perimeter defense include ensuring that
important servers within the zone have been hardened—meaning that special care has been
taken to eliminate security holes and to shut down potentially vulnerable services—and that
access into the secure zone is restricted to a set of configured IP addresses. Moreover, access to
the security appliance needs to be logged and all changes to the security appliance need to be
documented, and changes regarding the security appliance must require the approval of the
secure zone’s owner. Finally, intrusion alerts detected in the zone must be immediately transmitted
to the owner of the zone and to Information Security Services for rapid and effective
resolution.
See Also: Intrusion; IP Address; Security Zones; Server.
Further Reading: The University of California. Anatomy of a Secure Zone. [Online,
November 3, 2003.] The University of California San Francisco Website. http://isecurity.ucsf
.edu/main.jsp?content=secure_zones/secure_zones.
Peripherals (general term): Equipment such as printers, modems, mouse devices, and keyboards
that attach to one of the computer’s ports so that users can send, receive, and print
information using that computer.
For users with disabilities that restrict their ability to use mouse devices and keyboards, voicerecognition
software provides an alternative means for these individuals to conduct their
computing activities. By wearing a headset and by speaking into a microphone, users can substitute
typing with dictating words and sentences. Users “train” the voice-recognition software
system to become familiar with their voices and convert spoken words into text.The software is
designed to track errors that it makes—such as correcting the word “lock” to appear as “luck”
by learning the individual’s speech patterns and idiosyncrasies.
Two suppliers of speech-to-text dictation software include the former ScanSoft, Inc. (now
called Nuance Communications, Inc.) and IBM Corporation. The suppliers claim an accuracy
rate approaching 99%.
See Also: Modem; Port and Port Numbers.
Further Reading:Weinberg, P. Speak and It Shall Be Written (Or Pretty Close). The Globe
and Mail, March 10, 2005, p. B10.
Perl (general term): A popular scripting language that runs on a wide variety of platforms,
including UNIX and Windows. PERL is open source, easily integrated into Web servers for
CGI, easy to learn, and supports a large library of utilities.
See Also: Common Gateway Interface (CGI Scripts, cgi-bin); Open Source; Programming
Languages C, C++, Perl, and Java; Server; UNIX.
Perimeter Defenses 244
Personal Identification Number (PIN) (general term): A string of numerals used for the
identification of authorized users or clients. For example, Automated Teller Machines (ATMs)
can be accessed by registered bank clients after they enter a PIN into a keypad.Though convenient,
PINs can be stolen and used fraudulently.
For debit card fraud to occur, a robber needs two things: the account information found on
the user’s card’s magnetic strip and the user’s PIN.According to police, the PIN can be obtained
in a number of ways, including stealing the user’s wallet and finding the PIN written on a paper
in it, or watching a user enter the PIN into an ATM machine and then stealing the user’s card.
Another trick used by fraud artists is to have a legitimate-looking store clerk skim the card on
a legitimate point of-sale terminal and then skim it again on an illegitimate card reader designed
to store information embedded on the card’s magnetic strip.Though the initial sale will be sent
to the financial institution, giving the PIN user the idea that everything is okay, the criminal will
then make a new card with the personal information stored on it and use the PIN that had been
entered by the legitimate user (and captured on film by an overhead camera) to fraudulently purchase
goods and services with the fake card. The legitimate card user typically calls the police
when he or she discovers that large sums of money or the entire amount thought to be in the
user’s account no longer exists. One such PIN scam occurred in Ajax, Ontario, Canada, in
December 2004, at a gas station that engaged in such illegal practices.
Victimized users sometimes find that after informing the bank of the missing account funds,
the bank investigator might ascertain that the user failed to take appropriate protections to safeguard
his or her PIN.The bank therefore might not replace the stolen funds. Such moves hurt
consumer loyalty.
It is for this reason that in 2004, credit card companies began urging merchants to buy into a
new payment method allowing consumers to use their plastic cards without swiping them
through a machine and inputting a PIN. On May 19, 2005, J.P. Morgan Chase & Co., the largest
credit card issuer in the United States, announced plans to distribute millions of new cards that
simply need to be waved or held in front of a special reader. Such a card can also be swiped
through the more traditional machine. The technology is known simply as “blink.” The cards
contain a special chip recognized by the merchant’s terminal. When clients wave their cards in
front of the machine, the card reader lights and then beeps to signal that the transaction has been
authorized. The card never needs to leave the client’s hand. Visa, MasterCard, and American
Express have agreed to accept any card equipped with “blink.”
See Also: Fraud; Identity Theft or Masquerading.
Further Reading: Durham Regional Police Service. Debit Card Fraud. [Online, 2002.]
Durham Regional Police Service Website. http://www.police.durham.on.ca/internet_explorer/
public_safety/safety_tips/index.asp?Action=3&Topic_ID=73&Category_ID=12&AbsPage=2;
Metroland. Card Scam Targeted Durham Gas Bars, Police Say. [Online, December 28, 2004.]
Metroland Website. http://www.durhamregion.com/dr/regions/ajax/story/2450588p-2838370c
.html; Sidel, R. Credit Cards Charge Into Future. The Globe and Mail, May 19, 2005, p. B16.
Pew Internet and American Life Project Survey (general term): The Pew Internet and
American Life Project conducted a national telephone survey between March 12, 2003, and May
20, 2003, to discover the extent of Internet usage and types of online activities engaged in by
245 Pew Internet and American Life Project Survey
U.S. adults.The survey conductors discovered that more than 53 million U.S. adults, or 44% of
the U.S. adult Internet users, have used the Internet to accomplish a number of objectives,
including sharing their thoughts in chat rooms, responding to others through email, posting
pictures, and sharing files. Moreover, about 13% of the respondents said that they have their own
Websites, and about 7% of the respondents said that they have Web cameras running on their
computers to let other Internet users view live pictures of them and their surroundings. Only 2%
of the respondents said they kept Web diaries or blogs.
By the end of 2004, an updated study showed that eight million users in the United States had
created blogs, and that blog readership increased by 58% in 2004 to encompass 27% of U.S.
Internet users. It is expected that this growth rate has not diminished significantly and the number
of active bloggers has grown substantially.
A 2006 study released on April 26 shows that Internet penetration has now reached 73% (up
from 66% in the 2005 survey) of American adults. The respondents said that improvements in
e-commerce are noticeable, as are the online opportunities to pursue hobbies and personal
interests.
See Also: Blog; Chat Rooms; Electronic Mail or Email; Internet; Online File Swapping.
Further Reading: Lenhart, A., Fallows, D., and Horrigan, J. Reports: Online Activities and
Pursuits. [Online, February 29, 2004.] Pew Internet and American Life Project Website. http://
www.pewinternet.org/PPF/r/113/report_display.asp. Madden, M. Internet Penetration and
Impact. [Online, April 26, 2006.] Pew Internet and American Life Project Website. http://
www.pewinternet.org/PPF/r/182/report_display.asp.
Phiber Optik (a.k.a. Mark Abene) (person; 1972– ): In the early 1990s, Mark Abene was
engaged in cyberwarfare with Erik Bloodaxe.The online war eventually led to Abene’s arrest.
Abene, who became publicly known in Manhattan for his intelligence both on- and offline, served
a one-year federal prison sentence for his cyberwar activities.
See Also: Cyberwarfare; Hacker Clubs.
Phishing (general term): A form of identity theft whereby a scammer uses an authenticlooking
email from a large corporation to trick email receivers into disclosing online sensitive
personal information, such as credit card numbers or bank account codes.
According to a 2004 report released by Gartner, Inc., an IT marketing research firm, phishing
exploits cost banks and credit card companies an estimated $1.2 billion in 2003. Moreover,
according to the Anti-Phishing Working Group (a nonprofit group of government agencies and
corporations trying to reduce cyber fraud), more than 2,800 active phishing sites were known
to exist.
In April 2005, a new “cousin” of phishing was defined and called “WiPhishing” (pronounced
“why phishing”)—an act executed when an individual covertly sets up a wireless-enabled laptop
computer or access point to get other wireless-enabled laptop computers to associate with it
before launching a crack attack. About 20% of wireless access points use default SSIDs. Because
users failed to rename them, a cracker can quite easily guess the name of a network that target
computers are normally configured to, thereby gaining access to the laptop computer and putting
malicious code into it. Intrusion detection appliances such as AirPatrol Enterprise have been
designed to detect wireless exploits.
Pew Internet and American Life Project Survey 246
Firms having wired networks are at risk of being cracked if employees’ laptop computers are
left on. Instead of exploiting wireless networks with WiPhishing, crackers could do even more
damage by hijacking the legitimate connection to a wired computer network, exploiting the soft
underbelly of that network, and launching an invasive attack.
See Also: Cracking; Exploit; Electronic Mail or Email; Fraud; Identity Theft or
Masquerading.
Further Reading: Levinsky,D. Hacker Teenage Pleads Guilty. [Online,May 14, 2005.] Calkins
Media, Inc. Website. http://www.phillyburbs.com/pb-dyn/news/112-05142005-489320.html;
Leyden, J. WiPhishing Hack Risk Warning. [Online, April 20, 2005.] http://www
.theregister.co.uk/2005/04/20/wiphishing; MarketingSherpa, Inc. The Ultimate Email Glossary:
180 Common Terms Defined. [Online, 2004.] MarketingSherpa, Inc.Website. Reg SETI Group
Website. http://www.marketingsherpa.com/sample.cfm?contentID=2776.
Phrack (general term): Phrack Magazine, or simply Phrack, began in 1985 as the first electronically
distributed magazine, or e-zine, connecting the hacker community. The online magazine provided
those in the computer underground with information on anarchy, cryptography,
reverse-engineering, phreaking, and numerous other features of high-tech interest.The last edition
of Phrack #63 appeared on July 30, 2005. In the final edition, an announcement was made
that a new editorial team could be expected for 2006–2007.
See Also: Cryptography or “Crypto”; Defcon; Hacker.
Further Reading: phrackstaff@phrack.org. PHRACK #63. [Online, July 30, 2005.] Phrack
Website. http://www.phrack.org/archives/phrack63.tar.gz.
Phreaking (general term): A form of cyberspace theft and/or fraud using technology to make
free telephone calls. John Draper (a.k.a. Cap’n Crunch) is probably the most famous phreaker in
the Computer Underground, because he was the first in the U.S. who was jailed for this type
of exploit.
See Also: Computer Underground (CU); Fraud.
Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime:A
Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004.
Phun (general term): A phreaking magazine popular in the computer underground during
the late 1980s.The first copy was released on September 20, 1988, and contained 13 articles covering
such topics as telecommunications, radio, and overcoming computer security. Red Knight
was the President and Editor.The Website can be found at: http://www.etext.org/CuD/Phun/
phun-1.
See Also: Phreaking;Telecom.
Physical Exposure (general term):A rating used to calculate a system’s vulnerability. It is based
on whether a perpetrator needs physical access to a system in order to exploit the system’s vulnerability.
See Also: Access Control;Vulnerabilities of Computers.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
247 Physical Exposure
Physical Infrastructure Attacks (general term): Cause a Denial of Service (DoS) attack.
These physical infrastructure attacks can be accomplished simply by snipping a fiber-optic
cable.They are typically mitigated by the reality that traffic can quickly be rerouted.
If physical access to a computer system can be obtained, then gaining access to the information
on that computer system can also be obtained.With new U.S. laws pertaining to the security
of information—including HIPAA (Health Insurance Portability and Accountability Act),
the Gramm-Leach-Bliley Act, and the Sarbanes-Oxley Act—data in both physical and electronic
forms must not only be protected by adequate access control mechanisms but also be audited if
compliance with the various regulations is to be maintained.
Recommendations on physical and logical security integration can be found at this TechTarget
Website: http://www.searchSecurity.com/originalContent/0,289142,sid14_gci1046324,00.html?
track+NL-358&ad=502258.
See Also: Accountability; Fiber-Optic Cable; Gramm-Leach-Bliley Act of 1999 (Financial
Services Modernization Act); Health Insurance Portability and Accountability Act of 1996
(HIPAA).
Further Reading: Maiwald, E. The ‘How-tos’ of Security Integration. [Online, January 20,
2005.] TechTarget Website. http://searchsecurity.techtarget.com/originalContent/0,289142,
sid14_gci1046324,00.html?track+NL-358&ad=502258; McAlearney, S.Wedded to Physical and
IT Security? [Online, January 20, 2005.] KnowledgeStorm, Inc.Website. http://knowledgestorm
.techtarget.com/searchsecurity/MainServlet?track+NL-358&ad=502258&ksAction+Home&c=
TT&n+home;TechTarget. Denial of Service. [Online,May 16, 2001.] TechTarget Website. http://
searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213591,00.html.
Ping of Death Attack (general term): Uses IP fragmentation to crash computers.This kind
of attack was so named because the Ping program built into Windows in earlier years easily
could be told to fragment packets.
See Also: Attack; Fragmentation; Internet Protocol (IP); Packet; Ping or Packet Internet
Groper.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
ping or Packet Internet Groper (general term):The ping command, built into both Windows
and UNIX operating systems, is a universal way of testing network response time and performance.
The ping command is used by system administrators for diagnostic problems, particularly
for testing, measuring, and managing networks. Ping is a TCP/IP utility that sends ICMP information
packets to a computer on a network and waits for their return.The ping command is
particularly helpful in verifying whether a host is working and whether a system is attached to
the Internet.
For system administrators not using Windows, several Websites offering ping are available. On
UNIX or Linux, for example, the system administrator simply needs to type “ping host_name.”
System administrators using a Windows-type operating system can open a command window
and then type “ping host_name” (that is, the name of the host the system administrator wants to
check). Figure 16-1 shows how the output will appear when someone pings the Whitehouse
Webserver from a Windows machine.
Physical Infrastructure Attacks 248
Figure 16-1. Output from ping command used to locate a host
See Also: Internet; Internet Control Message Protocol (ICMP); Linux; Packets; TCP/IP or
Transmission Control Protocol/Internet Protocol; UNIX.
Further Reading: Silvestri,M.Ping. [Online, 2000.] Wowarea Website. http://www.wowarea
.com/english/researches/wg4_ping.htm.
Piracy (general term): Copying protected software without authorization; in most jurisdictions,
it is considered a crime.
See Also: Authorization; Copyright Laws; Digital Millennium Copyright Act (DMCA);
Infringing Intellectual Property Rights and Copyright.
Plain Old Telephone System (POTS) (general term):The regular analog telephone service,
using copper wiring, as opposed to ISDN,ADSL, and other digital phone services.
See Also: Internet Telephony;Voice over IP.
Plaintext (general term):An email message with no formatting code.The term is also used to
describe the unencrypted version of a message.
See Also: Code or Source Code; Electronic Mail or Email; Encryption or Encipher.
Platform for Privacy Preferences (P3P) (general term):The World Wide Web Consortium
(W3C) developed P3P as a standard protocol to enable Web users to take more control over their
individual privacy settings. P3P was officially recommended as a standard on April 16, 2002.
Further Reading: W3C, The Platform for Privacy Preferences 1.0 (P3P1.0) Specification.
[Online, April 16, 2002.] http://www.w3.org/TR/P3P/.
Point-to-Point Protocol (PPP) (general term): Is an Internet protocol for connecting computers
over a serial line. It is most widely used to connect to Internet dial-up services over
telephone lines.
Point-to-Point Protocol Over Ethernet (PPPoE) (general term): This technology, documented
in RFC 2516, has been adopted by some DSL service providers and combines Ethernet
and Point-to-Point Protocol (PPP) standards especially for use with modems having broadband
connectivity capabilities.
See Also: Ethernet; Modem; Point-to-Point Protocol (PPP).
Further Reading: About, Inc. PPPOE. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-pppoe.htm.
C:\WINDOWS>ping www.whitehouse.gov
Ping a12389.g.akamai.net [212.105.197.134] with 32 byte
Reply from 212.105.197.134: Bytes=32 Time=89ms TTL=55
Reply from 212.105.197.134: Bytes=32 Time=85ms TTL=55
Reply from 212.105.197.134: Bytes=32 Time=87ms TTL=55
Reply from 212.105.197.134: Bytes=32 Time=113ms TTL=55
Ping statistic for 212.105.197.134:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 85ms, Maximum = 113ms, Average = 93ms
249 Point-to-Point Protocol Over Ethernet (PPPoE)
Point-to-Point Tunneling Protocol (PPTP) (general term): An early network protocol that
enabled the secure transfer of data from a remote client to an organization’s server, establishing a
virtual private network (VPN) on top of the Internet or an IP-based local area network.
See Also:VPN.
Police and Criminal Evidence Act of 1984, Order 2002 (legal term):A British Act updated
with changes that took effect on October 14, 2002.The changes allowed an agent appointed by
the Secretary of State for Trade and Industry to investigate a serious charge leading to a possible
arrest to have the same powers as those given to police in the Police and Criminal Evidence Act
of 1984. Prior to 2002, such an agent had to apply to a circuit judge for an order to search for
and seize evidence possibly leading to the suspect’s arrest in a given jurisdiction.
See Also: Jurisdiction.
Further Reading: Crown Copyright. The Police and Criminal Evidence Act 1984
(Department of Trade and Industry Investigations) Order 2002. [Online, September 18, 2002.]
Crown Copyright Website. http://www.legislation.hmso.gov.uk/si/si2002/20022326.htm.
Polymorphic Virus (general term): A virus that can alter its byte pattern when it replicates,
thereby avoiding detectioin by simple string-scanning intrusion detection techniques.
See Also: Intrusion Detection System (IDS);Virus.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Poor SUID (general term): Sometimes poor SUID scripts (shell or other programs that Set the
UserID to run under another user’s privileges) that perform certain tasks can be run as root. If
the scripts are writeable by an id, for example, the scripts can be edited and executed.
See Also: id (identity); Shell.
Further Reading: NMRC. The Hack FAQ. Unix Local Attacks. [Online, 2004.] NMRC
Website. http://www.nmrc.org/pub/faq/hackfaq/hackfaq-29.html.
Port and Port Numbers (general term):A port is a communication endpoint for passing data
over the network.A port is typically associated with a specific application or protocol. Port 80,
for example, is normally used for the http protocol and, therefore,Web traffic. Port 25, as another
example, is used for mail transfer.
The Well Known Ports are both controlled and assigned numbers by the IANA (Internet
Assigned Numbers Authority). They can be used only by root (or system) processes or by
programs run by privileged users. Port numbers fall into three distinct ranges: (1) the Well Known
Ports; (2) the Registered Ports; and (3) the Dynamic or Private Ports.
The Well Known Ports are in the 0–1023 range, the Registered Ports are in the 1024–49151
range, and the Dynamic or Private Ports are in the 49152–65535 range.
The complete list of Registered Ports and Dynamic or Private Ports can be found at
http://www.codecutters.org/resources/ports.html.
System administrators need to know these port numbers very well and must be aware that
any application can be executed on any port. From a cracking standpoint, this means that
“something” communicating over port 80 is not necessarily an innocent connection between a
Point-to-Point Tunneling Protocol (PPTP) 250
browser and a Web server. It might very well be a back door hiding behind this well-known
connection—hiding in wait until the cracker decides to exploit the system.
See Also: HTTP (HyperText Transfer Protocol); IANA or Internet Assigned Numbers
Authority; Network; Protocol; TCP/IP or Transmission Control Protocol/Internet Protocol;
User Datagram Protocol (UDP).
Port Scan (general term): A port scan or port scanner attempts to connect to all 65536 ports
on a server to see whether there are services listening (that is,waiting for connections) on those
ports. The purpose of a port scan is to audit network computers for likely vulnerabilities or
exploits.Typically, scanners have built-in databases of known port vulnerabilities.
A number of network scanners exist. For example, the Infiltrator Network Security Scanner
tool reveals and catalogues a number of important security features, such as installed software,
Simple Network Management Protocol (SNMP) information, and open ports. It can audit
password and security policies and conduct a registry audit, and it includes 18 network utilities
for footprinting, scanning, and gaining access to computers via a ping sweep, email tracking,
whois lookups, and so on.
Also, the port scanner (formerly known as port probe) is a tool for determining the daemons
or open ports running on a targeted computer.This tool supports these kinds of scans:TCP Full
Connect (the most accurate way to detect open ports); UDP ICMP Port Unreachable Connect;
TCP Full/UDP ICMP Combined;TCP SYN Half Open (only for Windows 2003/XP/2000);
and TCP Other (only for Windows 2003/XP/2000).
The de facto standard in the security industry is a public domain tool called nmap, which is
considered to be the “Swiss Army knife” of port scanners because of its versatility.
See Also: Network; Ping or Packet Internet Groper; Port and Port Numbers; Scanner;Whois.
Further Reading: NorthWest Performance Software, Inc. NetScan Tools Pro Technical Info.
[Online, May 18, 2005.] NorthWest Performance Software, Inc. Website. http://www
.netscantools.com/nstpro_port_scanner.html; WebAttack, Inc. Infiltrator Network Security
Scanner 2.0. [Online, May 18, 2005.] WebAttack, Inc. http://www.snapfiles.com/features/
infiltrator-803-461696.php.
Portable Document Format (PDF) (general term): A file format that captures the exact
details of a printed, hard-copy document into an electronic document to allow individuals to
view, navigate, print, or forward the e-document to another individual.
PDF files are made with software such as Adobe Acrobat. Many other programs have included
the pdf-file format as a possible output format.To view and use the files, an individual needs a
document viewer.Among the freely available viewers,Acrobat Reader is the most popular. It provides
an implementation of the latest version of the file format as it is released by Adobe.The
program can be easily downloaded from the Internet. After Acrobat Reader has been downloaded,
it will start automatically whenever the individual wants to view a PDF file. PDF files are
great for viewing magazine pieces, product and service brochures, and academic papers when
getting the original graphic look online is important.
A PDF file contains a single or many page images with zooming capabilities. The Adobe
Acrobat product for making PDF files costs $200–$300. Free alternatives to the commercial
251 Portable Document Format (PDF)
product are numerous. An example is PDFcreator (available as a freeware project on sourceforge.
net). It is used in the form of a printer driver that plugs into any Windows program,
meaning that any program that can generate output for a real printer can also create PDF files.
Some features of the full Adobe product—such as the generation of forms—are typically not
included in the free alternatives. It is interesting to note that in July 2001, just before he was to
give a speech at DefCon 9, Russian Dmitry Sklyarov was carried off by Federal agents and
charged with violation provisions in the Digital Millennium Copyright Act. Dmitry’s claim to
fame was a software program that he developed and was sold by his Russian employer ElcomSoft
Company Ltd. The software allowed users to convert books in Adobe’s copy protected e-book
format to the more commonly used PDF format. In short, the Federal agents alleged that
Sklyarov made unauthorized copies of e-books.
See Also: Download.
Further Reading: TechTarget. PDF. [Online, September 9, 2004.] TechTarget Website.
http://whatis.techtarget.com/definition/0,,sid9_gci214288,00.html.
Portal (general term): Known also as Web portal, is a special kind of Website. The term portal
was initially given to large Internet search engines that expanded their offerings to include
email, news, stock quotes, and other information tidbits of practical use. Some large companies
developed Intranet Websites with a similar approach, giving way to what is now known as
“enterprise information” or “corporate portals.”A portal typically has a home page allowing for
navigation of loosely integrated features provided by a company’s divisions or by independent
third parties and a large, diversified target audience.
See Also: Electronic Mail or Email; Internet; Intranet.
Further Reading: About, Inc. Portal. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-portal.htm.
Post Office Protocol or POP (general term):What an email user uses to retrieve electronic
messages from an email server.The most widely used version is POP3.
See Also: Electronic Messages or Email; Server.
Poulsen, Kevin (person; 1965– ): In 1988, Kevin Poulsen was indicted in the United States on
phone tampering charges. He took over all the telephone lines going into radio station KIISFM,
assuring that he would be the 102nd caller and thus the winner of a Porsche 944 S2. He
pleaded guilty to the charges. He currently writes for ZDNet and his Web page can be found at:
http://www.iss.net/security_center/advice/Underground/Hackers/Kevin_Poulsen/default.htm.
See Also: Fraud.
Prehistory Era (general term): Defined as the era from the 1800s until 1969, the Prehistory Era
included the activities of such math and computing superstars as Ada Byron, Kay McNulty
Mauchly Antonelli, the Tech Model Railroad Club hackers at MIT, the early days of Dennis
Ritchie and Ken Thompson at Bell Laboratories, and the early years of Rear Admiral Dr. Grace
Murray Hopper.
See Also: Antonelli, Kay McNulty Mauchly; Byron, Ada; Hopper, Rear Admiral Dr. Grace
Murray; Ritchie, Dennis;Thompson, Ken.
Portable Document Format (PDF) 252
President Clinton’s Commission on Critical Infrastructure Protection (general term):
President Bill Clinton issued Executive Order 13010 in 1996 to set up the President’s
Commission on Critical Infrastructure Protection (known as PCCIP).The PCCIP’s role was to
examine the burgeoning dependency of the U.S. economy and way of life on critical infrastructures.
A set of recommendations by the PPCIP was given to the President in November
1997, and in May 1998 President Clinton ordered two Presidential Decision Directives (PDD)
to better protect critical infrastructures.
One directive was known as PDD-62 (called Combating Terrorism) and the other as PDD-63
(called Critical Infrastructure Protection). Noting that the government cannot on its own adequately
protect critical infrastructures to maintain citizens’ safety and quality of life, the framework
selected for optimizing defensive and security activities focused on leadership rather than micromanagement.
For example, PDD-63 explained that every federal department and agency would
develop its own plan for defending its jurisdiction, and businesses were encouraged to do the
same.
See Also: Critical Infrastructures; Critical Networks;Terrorism.
Further Reading: Ryan, J.The Infrastructure of the Protection of the Critical Infrastructure.
[Online, Fall 1998.] The Information Warfare Site. http://www.iwar.org.uk/cip/resources/
pdd63/pdd63-article.htm.
Pretty Good Privacy (PGP) (general term): Software used to encrypt and thereby protect
email as it is transmitted from one computer to another. PGP can be used for sender identity
verification.
See Also: Electronic Mail or Email; Encryption or Encipher.
Further Reading: MarketingSherpa, Inc.The Ultimate Email Glossary: 180 Common Terms
Defined. [Online, 2004.] MaarketingSherpa, Inc.Website. http://www.marketingsherpa.com/
sample.cfm?contentID=2776.
Privacy (general term): Freedom from unauthorized access. Privacy issues in the security sense
include digital rights management, spam deterrence, anonymity maintenance, and cracker disclosure
rule adequacy. Privacy also means being able to maintain a balance between individuals’
privacy rights and those of the government in providing national security.
In April 2005, the U.S. government added Canada to its “piracy watch list” and ordered a
review of Canadian Intellectual Property Rights (IPR) enforcement measures. The review
was apparently fueled by a number of industry complaints alleging that Canada has become a
haven for pirated and counterfeit goods, primarily because it and six other countries—the
Ukraine, Belize, Latvia, Lithuania,Taiwan, and Thailand—act as channels for pirated goods moving
from countries such as China to the U.S.
See Also: Intellectual Property (IP); Intellectual Property Rights and Copyright
Infringement; Piracy; Security.
Further Reading: Grami, A. and Schell, B. Future Trends in Mobile Commerce: Service
Offerings, Technological Advances and Security Challenges. Proceedings of Second Annual
Conference on Privacy, Security and Trust. University of New Brunswick, New Brunswick, Canada,
October 13–15, 2004. [Online, October, 2004.] Privacy, Security, Trust 2004 Website.
253 Privacy
http://www.unb.ca/pstnet/pst2004/;McKenna,B.Trade:U.S. Puts Canada on Piracy Watch List.
The Globe and Mail, May 2, 2005, p. B1, B4; Whitman, M. and Mattord, H. Principles of
Information Security. Boston: Thomson Learning, Inc., 2003; http://www.tascomm.fi/~jlv/
ngtrans/.
Privacy Enhanced Mail (general term): Defines a set of methodologies to provide confidentiality,
authentication, and message integrity using various encryption methods.
See Also: E-Mail; Encryption; Privacy.
Further Reading: The Internet Engineering Task Force, Privacy Enhancement for Internet
Electronic Mail. [Online, February 1993.] IETF Website. http://www.ietf.org/rfc/rfc1421.txt.
Privacy Laws (legal term): Deal with the right of individual privacy, critical to maintaining the
quality of life that citizens in a free society expect. Privacy laws generally maintain that an individual’s
privacy shall not be violated unless the government can show some compelling reason
to do so—such as by providing evidence that the safety of the nation is at risk.This tenet forms
the basis of privacy laws in the United States and elsewhere.
See Also: Privacy; Risk.
Privacy Policy (general term): A clear description of how companies use email addresses and
other information they gather when online users opt to be included in requests for company
information, newsletters, or third-party deals.U.S. state laws compel companies to not only state
their privacy policy on their Websites but also place it where people can plainly see it. State laws
may also prescribe the display form for the policy.
See Also: Electronic Mail or Email; Privacy.
Further Reading: MarketingSherpa, Inc.The Ultimate Email Glossary: 180 Common Terms
Defined. [Online, 2004.] MaarketingSherpa, Inc.Website. http://www.marketingsherpa.com/
sample.cfm?contentID=2776.
Private Keys (general term): Also known as a secret key and is known just to its creator and,
with respect to secure messaging environments, to the receiver of an encrypted message. Private
Keys are also used in other areas as well.The secure, remote session protocol ssh relies heavily on
the notion of private keys.
See Also: Key.
Privilege Escalation or Elevation (general term): A classic attack against a system, whereby
a user has an account on a system and uses it to gain additional privileges on the system that he
or she was not meant to have.
See Also: Attack; Exploit.
Probe (general term):Any online effort, such as a request, program, or transaction, intended to
get data about a computer’s or a network’s state. For example, a person can conduct a probe of
the network by sending an “empty” message to determine whether a destination really exists.
See Also: Network.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Privacy 254
Problem of Ascertainment (general term): Difficulties obtaining accurate information.Applies
to surveys distributed to system administrators inquiring about the suspected identity of crack
attackers, the methods they employed, the frequency of system intrusions, the systems affected,
and the dollar amount lost as a result of the intrusions.These vital pieces of information, though
often difficult to get from companies because they fear misuse of such information by competitors,
are used as a basis for determining a given organization’s system risk management strategies.
When system administrators try to project the right level of investment in computer security that
their company should make, they tend to compare their company’s risk level of “crack attack,”
or intrusion, by assessing the reports of organizations having similar computer systems and business
characteristics.
Because of the problem of ascertainment, precautions should be taken in interpreting such
data. First, one needs to accept that it is impossible for survey respondents to give completely
reliable answers to such security breach questions. One reason is that an unknown number of
crimes go undetected and therefore cannot be reported. Another reason is that even when the
crack attacks are detected, few of these incidents are actually reported to authorities. For example,
according to the CSI/FBI 2003 Survey, the number of reported incidents is only about 30%.
In fact, a commonly held view in the information security community is that only about onetenth
of all cyber crimes are detected.
See Also: CSI/FBI Survey; Intrusion Detection System (IDS).
Further Reading: Schell, B.H. and Martin, C. 2004. Contemporary World Issues Series:
Cybercrime: A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004.
Process ID (general term): All software runs within an operating system concept known as
“a process,” and each program running on a system is, therefore, assigned its own process ID,
or PID.
See Also: Operating System Software.
Programming Languages C, C++, Perl, and Java (general term): Standardized communication
techniques for expressing computer instructions. Programming languages are sets of syntax
and semantic rules defining computer programs. In this way, programmers can specify exactly
what information a computer will execute, how the information will be transmitted and stored,
and exactly what actions the computer should complete under a variety of circumstances.
The main purpose of programming languages is to allow programmers to state their intentions
for a computation more easily than if they used a lower-level language or code. Thus,
programming languages tend to be designed to use a higher-level syntax that can be readily communicated
to and understood by programmers and computers alike. Common programming
languages include Ada, Basic, C, C++, Pascal, Perl, Python, and Java.
See Also: Code or Source Code.
Further Reading: GNU_FDL. Programming Languages. [Online, August 11, 2004.] GNU
Free Documentation License Website. http://en.wikipedia.org/wiki/Programming_language.
Promiscuous Mode Network Interface (general term): In networking terms, a computer
having its network interface card set to “promiscuous mode” receives all packets on the same
network segment. In “normal mode,” a network card accepts only packets addressed to its MAC
Address.
255 Promiscuous Mode Network Interface
When the network card is in “promiscuous mode,” it not only accepts all of the packets on
the same network segment but also passes them to the OS.This process is helpful for capturing
passwords, monitoring networks, and finding malicious packets. Using sniffers, system administrators
routinely check whether any network interfaces are set to “promiscuous mode” to
discover possible intrusions.
See Also: Administrator; Ethernet; Message Authentication Code (MAC); Message
Authentication Code (MAC) Address; Network; Password.
Further Reading: Eyeonsecurity. About Sniffers—Their (ab)use in Networks. [Online,
2004.] Eyeonsecurity Website. http://eyeonsecurity.org/articles/sniffers.html.
Property Paradigm in Cybercrime (legal term): Relates to property harm resulting from
cracking exploits.These exploits include such common variations as:
• Flooding: A form of cyberspace vandalism resulting in Denial of Service (DoS) to
authorized users of a Website or a computer system
• Virus and worm production and release: A form of cyberspace vandalism causing corruption
and possibly erasing of data
• Spoofing: The cyberspace appropriation of an authentic user’s identity by non-authentic
users with the intent of causing fraud or attempted fraud, in some cases, and critical infrastructure
breakdown, in other cases;
• Phreaking: A form of cyberspace theft and/or fraud involving the use of technology to
make free telephone calls
• Infringing Intellectual Property (IP) rights and copyright: A form of cyberspace
theft involving the copying of a target’s information or software without appropriate documentation
or consent.
See Also: Critical Infrastructures; Cyberspace; Denial of Service (DoS); Infringing
Intellectual Property (IP) Rights and Copyright; Phreaking; Spoofing;Virus;Worm.
Further Reading: Schell, B.H. and Martin, C. 2004. Contemporary World Issues Series:
Cybercrime: A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004.
Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act
(PROTECT Act of 2002 and PROTECT Act of 2003) (legal term):The intent of this Act
was to strengthen the U.S. government’s ability to prosecute crimes involving child pornography.
The PROTECT Act of 2002 also attempted to extend prosecutorial power beyond U.S.
jurisdictions.The Act was sent to the Committee on Judiciary on May 15, 2002. It became public
law 108-21 as the Protect Act of 2003 on April 30, 2003.
See Also: Child Pornography.
Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet.
[Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/
legislation/107th/wiretaps/.
Promiscuous Mode Network Interface 256
Protected Extensible Authentication Protocol (PEAP) (general term): Pronounced peep.
An authentication type for wireless networks that provides a set of unique features, such as strong
security, extensibility of the user database, and support for one-time password authentication, as
well as the aging of passwords. PEAP is based on an Internet Draft (I-D) to the IETF.
See Also: Authentication; Internet Engineering Task Force;Wireless.
Protected Mode and Safe Mode (general term): Protected Mode is a modus of operating an
Intel Microprocessor in which access control to privileged commands is enabled. Safe Mode is a
diagnostic and troubleshooting mode of the Microsoft Windows operating system. Safe Mode
skips over the portion of the registry that loads protected-mode device drivers; it also bypasses
the Autoexec.bat and Config.sys files. Safe Mode prevents all 32-bit (protected-mode) disk drivers
from being loaded except the floppy driver.
Protection Ring (general term): One of a hierarchy of privileged modes of an IT system that
grants a set of access privileges to applications and processes that are authorized to operate in a
given mode.
Protocol (general term): A set of rules governing how communications between two programs
have to take place to be considered valid. It describes various ways of achieving and operating
compatibility.
Protocol Stack (general term): In networking, protocols are layered on top of each other, with
each layer being responsible for a different aspect of communication. A protocol stack is a particular
software implementation of a computer network protocol suite.The suite consists of the
protocol definitions, whereas the stack is the software implementation.
Protocols within a suite are designed with a very specific purpose, and each protocol typically
communicates with two others in the stack.The lowest protocol deals with the low-level physical
interaction of hardware, whereas user applications deal with only the uppermost layers.
Protocol stacks are generally divided into three parts dealing with applications, transport, and
media.
See Also: Encapsulation; Network; OSI-Model; Protocol.
Further Reading: Wikipedia. Protocol Stack. [Online, May 5, 2005.] Wikipedia Website.
http://en.wikipedia.org/wiki/Protocol_stack.
Provider Protection (general term, legal ramifications): Provider protection for Internet
Service Providers has legal ramifications. For example, to be exempted from copyright infringement
liability under the Digital Millennium Copyright Act (DMCA), “the party” must be
a “service provider” as defined in the Act. However, the protection afforded Internet Service
Providers is limited, and there are a number of rigid legal requirements that must be met. Also,
Internet Service Providers who do not fully comply with the stipulated restrictions can lose their
protections.Thus, Internet Service Providers should review their Websites to make sure that they
are, indeed, compliant with the DMCA rules and regulations.
The DMCA covers four categories of services that qualify as “service providers,” many of
them broad enough to encompass businesses that may not consider themselves to be such.These
categories include:
257 Provider Protection
• Transitory communications, whereby the provider routs, transmits, or provides connections
for data coming through the network
• System caching, whereby the provider temporarily stores data coming through the network
• Data storage at the user’s direction, whereby the provider hosts Websites or runs chat rooms,
mailing lists, or news groups
• Data location tools, whereby the provider is a search engine
The overarching rule seems to be simple for companies:When in doubt, comply.Any parties
even remotely falling within the scope of the DMCA definitions of “provider” should, as a precaution,
register under the DMCA.Without the protection afforded under the DMCA, an
Internet Service Provider would have to attempt other defenses when it came to copyright
infringement claims—such as “the fair use” policy.
One example in which the protection as a Provider did not hold occurred in February 2005,
when the Motion Picture Association of America (MPAA) settled a lawsuit against
LokiTorrent.com, a Website that the MPAA alleged helps Internet users to find pirated copies of
films for download. Edward Webber, the owner of LokiTorrent, agreed to pay $1 million in damages
to the MPAA in an out-of-court settlement of the case, after having collected $40,000 in
voluntary contributions to his legal defense fund from LokiTorrent’s user base.
See Also: Digital Millennium Copyright Act (DMCA); Internet Service Provider (ISP).
Further Reading: Hoffman, I. Are You a ‘Service Provider’? [Online, 2001.] Ivan Hoffman
Website. http://www.ivanhoffman.com/provider.html; In Brief. Hollywood Settles Download
Suit. The Globe and Mail, February 17, 2005, p. B10.
Proxy Server (general term):An intermediary system to which a client program (such as a Web
browser) connects.The proxy server connects to the destination on behalf of the client.
See Also: Browser; Server.
Pseudo-Random Number Generator (PRNG) (general term): A random number generator
creates a sequence of randomly distributed numbers.A Pseudo-Random Number Generator
creates random numbers as well, but it will create the same sequence of numbers repeatedly.
Many algorithms have been developed in an attempt to produce truly random sequences of
numbers, with the goal of making it theoretically impossible to predict the next number in the
sequence, based on the numbers up to a given point. Unfortunately, the very existence of an
algorithm that calculates this number means that the next digit can be predicted.
For all real applications, PRNGs are considered to be sufficient. PRNGs play a role in encryption
schemes that use random numbers as part of the encryption process. It has been shown that
weak, predictable PRNGs make the encryption less secure and therefore crackable.
Public Data Network (PDN) (general term): A public data network is defined as a network
shared and accessed by users not belonging to a single organization.A public data network is set
up for public use.The Internet is an example of a PDN.
See Also: Internet.
Provider Protection 258
Public Key (general term): Public key cryptography uses two mathematical keys that are related.
A message encrypted by one key can only be decrypted by the other related key. This notion
contrasts with traditional cryptography, now called symmetric cryptography, which uses the
same key for encryption as for decryption.
See Also: Cryptography or “Crypto”; Decryption or Decipher; Encryption or Encipher;Key.
Public Key Infrastructure (PKI) (general term):A system of certificate authorities, digital certificates,
and registration authorities that verify and authenticate parties involved in Internet
transactions. Because PKIs are evolving, no single PKI or one agreed-upon standard for setting
up a PKI exists. However, no one in the security field disagrees that reliable PKIs are critical for
ensuring trust in online transactions if electronic commerce (known as e-commerce) is to reach
its fullest potential. PKI is also known as “a trust hierarchy.”
See Also: Internet;Trust.
Further Reading: Jupitermedia Corporation. What is PKI? [Online, October 31, 2001.]
Jupitermedia Corporation Website. http://www.webopedia.com/TERM/P/PKI.html.
Puffer, Stefan Case (legal case): In February 2003, a Texas jury acquitted a computer security
analyst by the name of Stefan Puffer, who in March 2002 was accused of wrongfully accessing
the Harris County wireless computer network. Stefan Puffer not only discovered the vulnerability
in the network but also reported it to the Harris County district clerk’s office, telling those
in the office that anyone with a wireless network card could gain access to their sensitive
computer information. In fact, Puffer gave authorities a face-to-face demonstration of the vulnerability.
Instead of receiving thanks from the Harris County officials for his warning, Puffer was
indicted on fraud charges. Though he could have received five years of imprisonment and a
$250,000 fine for each offense, the jurors hearing the case found after just 15 minutes of deliberation
that Mr. Puffer did not intend to cause any damage to the county’s systems. He was
therefore found not guilty of the charges.
See Also: Network;Wireless.
Further Reading: 2600: The Hacker Quarterly. Man Who Exposed County’s Wireless
Insecurity Found Innocent. [Online, February 21, 2003.] 2600:The Hacker Quarterly Website.
http://www.2600.com/news/view/article/1546.
259 Puffer, Stefan Case
QAZ Virus of 2000 (general term):Though in 2004, the QAZ virus was assessed as being at a
low Level 2 threat by Symantec Security Response, the virus (known as W32.HLLW.Qaz.A) was
discovered in China in July 2000.The QAZ virus spread over a network through a back door,
enabling a remote user to set up a connection to take control over someone’s computer
using port 7597. Because this virus could not be spread to machines outside the network, it may
have been initially sent by email. The virus, originally called Qaz.Trojan, was renamed
W32.HLLW.Qaz.A on August 10, 2000.
See Also: Back or Trap Door; Electronic Mail or Email; Network; Port and Port Numbers.
Quality of Service (QOS) (general term): As demand for bandwidth in networks continues to
grow, the competition between different applications and protocols for these resources will continue
to grow as well. Certain applications, such as Voice over IP (VoIP) and Video
Conferencing, require guaranteed minima of resources so that users will not experience unacceptable
delays or dropouts during their communications.The Internet Protocol in its currently
used version 4 does not provide a formal mechanism for applications to reserve these resources on
the network.With version 6 of IP—as well as in a number of other network protocols—the
notion of Quality of Service has been formally introduced, meaning that a mechanism to solve
this problem has been provided.
See Also: Internet Protocol;TCP/IP.
Quarantine (general term):To isolate files, just as to quarantine sick persons means to isolate them
from others in order to stop the spread of disease.Typically, files suspected of containing a virus are
put into quarantine so that they cannot be opened or executed.
Symantec’s AntiVirus Corporate Edition of software detects suspected files as well as virusinfected
files that cannot be patched with current sets of virus-definition remedies. From the
“Quarantine” area on a local computer, the quarantined files can be forwarded to Symantec
Security Response’s central network quarantine for analysis. If the file is found to be infected by
a new virus, updated virus definitions and remedies are returned.
See Also: Anti-Virus Software; Malware;Virus.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004]. Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
r Services (general term): Refer to a class of remote tools in UNIX systems.The most popular
are “rsh” for a remote shell,“rlogin” for a remote login, and “rexec” for remote execution.These
tools were very popular in the pre-Internet era because they were easy to use and could be set
up to automate a wide range of system administration tasks.However, security for these tools was
weak and data was sent across the network in an unencrypted form. For these reasons, these tools
have been widely replaced by their cryptographic counterpart, ssh.
See Also: Internet; Shell; UNIX.
Radio Frequency Interference (RFI) (general term): Also known as electromagnetic interference.
Electric circuits that carry rapidly changing signals, such as data lines, emit an
electromagnetic signal. This signal can interfere with—or disturb—signals on other lines. This
physical property can be abused by crackers (more properly called phreakers) to block or slow
down the communication infrastructure of a target.
Rainbow Series Books (general term): Includes technical manuals distinguished by cover color
and related to computer security. The first Rainbow series was derived by the National
Computer Security Center.These security manuals dealt with evaluating trusted computer systems
and appeared between 1988 and 1995. The most prominent one was the Orange Book,
upon which most of the other titles in the series expanded. Portions of the series were superseded
by the Common Criteria Evaluation and Validation Scheme published by the National
Institute of Standards and Technology.
See Also: Orange Book;Trust.
Further Reading: Gallagher, P. The Rainbow Books. [Online, 1990.] National Computer
Security Center Website. http://www.fas.org/irp/nsa/rainbow/tg011.htm.
Raymond, Eric (person; 1957– ): In 1996, he wrote The New Hacker’s Dictionary (MIT Press),
a book that defined the jargon used by computer hackers and programmers and detailed the
writing and speaking styles of hackers. Besides presenting the portrait of J. Random Hacker, the
book also provided interesting computer folklore.
Raymond’s 2001 book The Cathedral and Bazaar: Musings on Linux and Open Source by an
Accidental Revolutionary is required reading for those caring about the computer industry’s future,
the dynamics of the information economy, and the particulars of open source. His Website can
be found at http://www.catb.org/~esr/.
See Also: J. Random Hacker; Linux; Open Source.
Record Industry Association of America (RIAA) Legal Cases (general term): Beginning
in 2003 and continuing into the present, the Recording Industry Association of America (RIAA)
has commenced lawsuits against individuals thought to have violated provisions in the Digital
Millennium Copyright Act (DMCA). Sometimes the RIAA has won the legal battles, sometimes
not.
In September 2003, in a case of mistaken identity, the RIAA withdrew its lawsuit against a
sculptor, aged 66, who claimed she and her husband never downloaded song-sharing software or
used it numerous times—in alleged violation of the DMCA. Sarah Seabury Ward of
Massachusetts said that she and her husband used their computer only to email their children
and grandchildren.They did not at any time download songs illegally.
The Electronic Frontier Foundation (EFF) assisted the woman in fighting her case. The
attorney handling the case argued that the elderly couple used a Macintosh computer—on which
the KaZaA file-sharing software they were allegedly using cannot be run.Ward was one of 261
individuals sued by the RIAA for illegal Internet file sharing.The accused illegally shared more than
2,000 music titles, argued the RIAA.The RIAA eventually withdrew their case against Ward, labeling
the withdrawal a good-faith gesture. An RIAA spokesperson said that they still believed the
computer address provided by Comcast Corporation,Ward’s Internet Service Provider,was correct.
An attorney with the EFF said that more cases like Ward’s will probably surface, given the difficulties
of identifying IP addresses for particular subscribers. Internet Service Providers such as
Comcast do not have enough IP addresses for each subscriber, so they do not assign addresses
to users permanently. Instead, providers assign IP addresses dynamically when a user connects to
the service. It is not easy to ascertain which addresses are used by which specific account.
See Also: Digital Millennium Copyright Act (DMCA); Electronic Frontier Foundation (EFF);
Electronic Mail or Email; Internet Service Provider (ISP); IP Address; Online File Sharing; Peerto-
Peer (P2P).
Further Reading: Mercury News. Music industry drops suit against sculptor accused
of downloading rap. [Online, September 24, 2003.] http://www.mercurynews.com/mld/
mercurynews/business/6850484.htm?1c.
Recovery or Disaster Recovery (general term): The act of restoring regular business operations
as quickly as possible after a natural or man-made disaster. Typically, a set of preventive
measures is put in place to ensure that the restoration can be performed in a timely fashion.
Redundant (duplicate) hardware, software, data centers, and other facilities are used as standby
and backup facilities to which operations can be switched over when the primary ones are wiped
out. A number of organizations that were hit by Hurricane Katrina in 2005 found that their
backups and backup systems were not far enough removed from their normal sites of operation;
they, therefore, suffered destruction of these backups as well.
Red Box (general term):When a coin is put into a payphone, the payphone emits tones to the
ACTS (Automated Coin Toll System).A red box can fool the ACTS into believing that an individual
actually put money into the phone simply by playing the ACTS tones into the telephone
microphone. After ACTS hears the simulated tones, an individual can place a telephone call for
free.This sort of action mimics what phreakers did to fool the phone system into letting them
make calls for free.
See Also: Phreaking.
Further Reading: The Tech FAQ.What is Red Box? [Online, 2004.] The Tech FAQ Website.
http://www.linuxsecurity.com/docs/Hack-FAQ/telephony/red-box.shtml.
Record Industry Association of America (RIAA) Legal Cases 264
Red Route (general term): Is one registered with the Internet Routing Registry (IRR) and is
configured to be proxied by the route servers but is not announced in a view. It is one of three
categories of Internet route states defined by the Policy Analysis of Internet Routing (PAIR)
project, an initiative dedicated to the development of tools that ISPs (Internet Service Providers),
network operators, and end-users can use to troubleshoot Internet routing and policy problems.
The other two categories are green and grey routes. A green route is one that is registered
with the IRR, complies with policy, and is proxied by the route servers.A grey route is one that
has been received by a route server but is not configured to be proxied in any view.
See Also: Internet; Network.
Further Reading: TechTarget. Red Route. [Online, July 3, 2002.] TechTarget Website.
http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci837125,00.html.
Red Team (general term): A military term that refers to a team of experts who focus on penetration
testing, assessment, and the design of secure systems.The name actually comes from the
game “Capture the Flag,” in which a Blue Team tries to guard the flag—but in this case, the “flag”
is sensitive data or a sensitive computer system.The referees are known as the White Team.
The annual Cyber Defense Exercise competition was held on May 12, 2005, and the winning
team was the U.S. Naval Academy. The competition is meant to assist the participants to better
protect the U.S. critical information systems and is sponsored by the National Security Agency
(NSA). Each team designs, builds and configures a computer network simulating a deployed jointservice
command. The network operations “Red Team” (consisting of NSA and Defense
employees) takes four days to identify the vulnerabilities and then crack into each network.The
winning team is found to be superior in its ability to detect, respond to, and recover from the network
exploits.
See Also: Exploit;Vulnerabilities of Computers.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; Onley, D.S.
Naval Academy Knows Its Cybersecurity. [Online, May 12, 2005.] Post-NewsWeek Media
Website. http://www.gcn.com/vol1_no1/daily-updates/35786-1.html.
Registrar, Domain Name (general term): A company licensed to sell Internet names by the
Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit corporation
created in 1998 to take over a number of Internet-related tasks previously performed by
other organizations.
See Also: Internet Corporation for Assigned Names and Numbers (ICANN).
Registry (general term): An important hierarchical database used in the Windows 9x, ME, NT,
2000, and XP operating system software to store configuration information for applications,
hardware, and users on the system.
See Also: Operating System Software.
Further Reading: Kephyr. The Windows Registry—A definition. [Online, 2004.] Kephyr
Website. http://www.kephyr.com/spywarescanner/library/glossary/registry.phtml.
265 Registry
Regression Test (general term): Performed on a program after a change was performed to
ensure that the modifications are correct and that the changes did not negatively affect the
unchanged portions of the program.
Regular Expression (REGEX) (general term):A programmer’s “Swiss Army knife” for everything
related to pattern matching. With a regular expression, a programmer can search for
basically any type of pattern in textual data.
Relational Database Management System (RDBMS) (general term): Today’s prevalent
type of database management systems. Data are stored in tables that relate to one another in some
way. Successful commercial RDMBSs are IBM’s DB2, Microsofts’s SQL Server, and Oracle’s
Oracle RDMBS. Many Web services are built around MySQL, an RDBMS available without a
license fee.
Remanence or Magnetic Remanence (general term):The information that stays behind after
storage media are erased.The information remains in the form of traces of the original magnetization
of a storage device. Remanence is a treasure trove for forensic investigators who need to
determine what was stored on a disk erased by an alleged perpetrator before it could be secured
for investigation.
Remote Access (general term): A service allowing users to connect to their local network by
telephone.When users try to connect remotely, they dial a remote-access server on the network
and are thereby given access.To gain access, the request needs to be consistent with the server’s
remote access policies, the account needs to be approved for remote access, and the user-server
authentication needs to be successful.
After users are authorized, their access to the network might be limited to specific servers, subnets,
or protocol types, depending on the users’ profiles. Services typically available to users
connected to a local area network—file and print sharing,Web access, and messaging—are similarly
available to users through remote access connection.
Crackers are drawn to poorly configured remote access points, for often they provide an open
door into the network—and crackers do not have to worry about security devices at the Internet
border.The reality is that although most networks have remote access points, the majority of these
do not have enough security.
Firms such as Sun Microsystems, Inc., which acquired remote-access software maker
Tarantella, Inc. for about $25 million in May 2005, build software programs allowing organizations
to access and manage their information and applications across all platforms, networks, and
devices.
See Also: Authentication; File and Print Sharing; Local Area Network (LAN);Network; Outof-
Band Management; Protocol.
Further Reading: Habersetzer,V.Thwarting Hacker Techniques: Securing Remote Access
Points. [Online, February 25, 2005.] TechTarget Website. http://www.searchSecurity.com/tip/
1,289483,sid14_gci1062436,00.html?track+NL-358&ad=506214; In Brief. Sun Acquiring
Maker of Remote Access Software. The Globe and Mail, May 12, 2005, p. B8; Microsoft
Corporation. Planning Distributed Security. [Online, 2001.] Microsoft Corporation Website.
Regression Test 266
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/
techinfo/reskit/en-us/deploy/dgbe_sec_xqlf.asp.
Remote Administration Trojans (RATs) (general term):Typically malicious code appearing
to be harmless or to be doing proper applications.Trojans tend to be created to cause losses
or theft of computer information and are even capable of destroying information systems.
RATs let a cracker get unrestricted access to another person’s computer whenever that user
is online.The cracker can then do such things as transfer files, add or delete files, and even control
the mouse and keyboard.Trojans are usually distributed as email attachments or bundled
with another software program.
See Also: Code or Source Code; Electronic Mail or Email; Malicious Code;Trojan.
Further Reading: Webroot Software, Inc. Spyware Defined. [Online, 2004.] Webroot
Software, Inc.Website. http://www.webroot.com/wb/products/spysweeper/spywaredefined.php.
Remote Attacks or Exploits or Intrusions (general term):A common way to classify attacks,
exploits, or intrusions is to indicate whether they are done remotely by a cracker across the
Internet or by a user’s having privileges on the system. It is important to note that remote attacks
can be launched by any of the hundreds of millions of people on the Internet—at any time and
without first logging on.
In a case of remote cracking that occurred in March 2005, Limp Bizkit singer Fred Durst’s home
computer was the subject of a remote attack. The cybercriminals made a copy of a 2003 threeminute
private video in Durst’s possession. Saying that the video was not meant for public viewing,
Durst became visibly upset when the video appeared on at least ten Websites. Durst filed a lawsuit
in U.S. federal court, seeking more than $70 million in damages and any profit that the Website
operators gained as a result of the video’s appearance on the Web.Though the singer secured copyrights
to the video before commencing the lawsuit, he maintains that the Website operators invaded
his privacy and misappropriated his name and appearance.
See Also: Crackers; Internet.
Further Reading: Associated Press.This Just In: Limp Bizkit’s Durst Sues Websites Over Sex
Tape. The Globe and Mail, March 10, 2005, p. R2; Graham, R. Hacking Lexicon. [Online, 2001.]
Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/
hacking-dict.html.
Remote Authentication Dial-In User Service (RADIUS) (general term): A network protocol
enabling remote access servers to talk with a central server to authenticate dial-in users and
grant access to the computer system or service. RADIUS allows an organization to store user
profiles in a central location that can be shared by all remote servers.This centralization provides
better security by enabling a company to define a policy at a single administered point in the
network.
See Also: Authentication; Authorization.
Remote Data Objects (RDO) (general term): An application program interface (API) from
Microsoft Corporation permitting individuals writing Windows applications to get access to the
267 Remote Data Objects (RDO)
database. RDO statements embedded in the code use the lower-layer Data Access Objects
(DAO) for allowing database access. Databases reply to these requests by writing to the DAO
interface.
RDO has developed into ActiveX Data Objects (ADO), the program interface that the
Microsoft Corporation currently suggests for new programs. ADO not only gives individuals
access to nonrelational databases but also is considerably easier to use than RDO.
See Also: ActiveX Data Objects (ADO); Code or Source Code.
Further Reading: TechTarget. Remote Data Objects. [Online, July 27, 2001.] TechTarget
Website. http://searchdatabase.techtarget.com/sDefinition/0,,sid13_gci214261,00.html.
Remote Procedure Call (RPC): A sender makes a request via a function, method, or procedure
call. RPC then translates these into requests transmitted over the network to the intended destination.
A relatively common programming technique available in UNIX since the 1990s and
introduced into the Windows family with Windows NT more recently, the RPC receiver processes
the request on the basis of a procedure’s name and list of arguments and then sends a response to
the sender when this step is completed. RPC applications implement software modules called
“proxies” and “stubs” to broker the remote calls and cause them to appear to the programmer to
be identical to local procedure calls. Applications making use of RPC programming operate synchronously,
meaning that they wait until the remote procedure returns a result. RPC incorporates
a “time-out” logic to deal with network failures or scenarios in which RPCs do not return.
See Also: Network; UNIX.
Further Reading: About, Inc. RPC. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/cs/programming/g/bldef_rpc.htm.
Remote Service Crash (general term):Typically caused by a fault in the particular service or
daemon software that causes the service to terminate.A remote service crash is initiated or caused
over the network.
See Also: Daemon.
Remote System Crash (general term):Typically caused by a fault in the operating system
software that makes it stop working properly, if at all.A remote system crash is caused by a fault
or exploited vulnerability in the networking components of the operating system.
See Also: Operating System Software.
Replay Attack (general term): Using a previously recorded or captured message to attack a
computer system or network or to gain access to somewhere one is not authorized to be (a form
of identity theft). Many people consider biometrics to be a very secure means of authentication
and a rather effective means of fighting off a replay attack.However, the 1983 movie War Games
showed how someone can fool cryptographic systems if the systems are created in a naïve and
vulnerable manner. For example, a cracker can record an authorized person’s voice and replay
it in order to access a system. This replay attack can be enhanced if the cracker uses digitalized
information.The 1997 movie Gattaca showed how even more sophisticated DNA-based computer
security systems could be fooled. The movie tells a futuristic story about a genetically
imperfect man who has an unrequitable need to travel in space, so he takes on the identity of an
athlete who is genetically able to pursue the dream.
Remote Data Objects (RDO) 268
See Also: Cracker;War Games of 1983.
Further Reading: Barmala,C.Attack. [Online, 2004.] Christian Barmala’s Free CA Website.
http://ca.barmala.com/attack.en.php#replay; Rees, C. Plot Summary for Gattaca (1997).
[Online, May 19, 2005.] Internet Movie Database, Inc.Website. http://www.imdb.com/title/
tt0119177/plotsummary.
Request for Comments (RFC) (general term): University and corporate researchers publish
RFC documents to get feedback from others regarding new Internet technologies, and many of
the most widely implemented networking standards such as IP and Ethernet have been documented
in RFCs.
The first RFC is thought to have been published in April 1969. Though today the RFC’s
plaintext format has remained the same as it was in the early days, as the Internet technologies
have evolved, the need for RFCs has markedly decreased. Some RFCs are still being developed
for cutting-edge research regarding Internet-based networking, however.
See Also: Ethernet; Internet; Internet Protocol (IP).
Further Reading: About, Inc. RFC. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-rfc.htm.
Resident (general term): A piece of code, whether a regular program or a virus, that is not
cleared from memory after its execution.A resident virus loads its replication module into memory
and makes sure that the operating system always calls this module when it wants to execute
another program, thus allowing the virus to spread.
See Also: Means of Infection;Virus.
Residue or Residual Data (general term): Also sometimes referred to as “ambient data,” this
is data or information that is not actively used on a computer system. Residual data includes data
found in unallocated blocks on storage media; data found in the slack space of files and file systems;
and data within files that has technically been deleted so that it is not accessible by the
application used to create the file.To access any of these three types, one must undelete or use
special data-recovery tools. Forensic investigators sift through the residual data to find traces of
wrongdoing on computer systems under investigation.
See Also: Remanence.
Reverse-engineering (general term): Involves analyzing a computer system to identify its components
and their relationships.Then, the parts of the system are put together in a different form
or at some other abstraction level. Reverse-engineering is often done to redesign a system for
increased maintainability or to produce system replicas without having access to the original
design.
For example, an individual might take the code of a computer program, execute it to review
how it behaves with different inputs, and then write a program that performs the same as before,
or, preferably, even better. On the Black Hat side of the equation, an integrated circuit might
be reverse-engineered by a firm that wants to make unlicensed (and therefore illegal) copies of
a hot-selling chip.
Researchers who reverse-engineer software to find programming flaws cannot legally publish
their findings online in France. During the first week of March 2005, a French court ruled that
269 Reverse-engineering
when researcher Guillaume Tena discovered a number of vulnerabilities in the Viguard antivirus
software in 2001 and then published his findings online in March 2002, he violated article 335.2
of the Code of Intellectual Property.Though he could have gone to jail for four months, he was
set free but was fined 5,000 Euros.
See Also: Black Hats; Code or Source Code.
Further Reading: Farlex, Inc. Reverse-Engineering.[Online, 2004.] Farlex, Inc.Website.
http://computing-dictionary.thefreedictionary.com/reverse%20engineering; Kotadia, M. France
Puts a Damper on Flaw Hunting. [Online, March 9, 2005.] CNET Networks, Inc.Website.
http://news.com.com/France+puts+a+damper+on+faw+hunting/2100-7350_3-5606306.html.
REXEC Protocol (general term): See r Services.
RFID or Radio Frequency Identification (general term):A tiny communication chip placeable
on just about anything. Some high-tech experts tout it as being the next biggest
technological development since the Internet.
RFID is particularly exciting to the business community. For example,Wal-Mart and other
major retailers in the United States and elsewhere plan to use it to replace the soon-to-be oldfashioned
bar code.The reason for RFID use is to reduce inventory losses through theft as well
as personnel costs by hundreds of millions of dollars. Moreover, RFID usage is expected to
improve just-in-time stocking issues.
RFID appears to be consumer friendly. For example, at the Barcelona Baja Beach Club,VIP
(Very Important People) customers have embedded chips under their skin so that staff members
at the club can treat them with special respect.
A volunteer watchdog group in Canada, Britain, the United States, and Australia monitors the
accuracy of the old-fashioned bar code scanners in stores.The group began its activities in 2002
to discipline businesses that refused to reimburse consumers when the store bar scanners overcharged
them.With RFID, the group may choose to close down their shop.
Speaking at the March 1, 2005,Wireless/RFID Conference and Exhibition in Washington,
D.C., wireless experts said that the growth of wireless technologies such as RFID chips and
nano-scale “smart dust” is not all positive; it has privacy losses as well as consumer-friendly gains.
Generally, wireless networks become vulnerable to attack because system administrators fail to
properly configure wireless access points with password protection. Also, they tend to use little
or no encryption, fail to disable infrared ports and P2P aspects of the wireless networks, and
tend to provide little to no private network protection.
See Also: Encryption or Encipher; Infrared or IrDA Ports; Internet; Peer-to-Peer (P2P);
Wireless.
Further Reading: In Brief. Bar-Code Scanner Practices Scrutinized. The Globe and Mail,
January 20, 2005, p. B9; Grami, A. and Schell, B. Future Trends in Mobile Commerce: Service
Offerings,Technological Advances and Security Challenges. Proceedings of Second Annual Conference
on Privacy, Security and Trust. University of New Brunswick, New Brunswick, Canada, October
13–15, 2004. [Online, October, 2004.] Privacy, Security, Trust 2004 Website. http://www
.unb.ca/pstnet/pst2004/; Olsen, F. Security Through Layers. [Online, March 1, 2005.] FCW Media
Group Website. http://www.fcw.com/fcw/articles/2005/0228/web-wiresec-03-01-05.asp; Ticoll,
Reverse-engineering 270
D. RFID:The Tiny Chip That Can Do Just About Everything. The Globe and Mail, July 22, 2004,
p. B8.
Rhosts Mechanism (general term): The Berkeley rlogin utility allows remote users to obtain
access to a system without supplying a password through the .rhosts mechanism, a list of host
names and/or IP addresses considered to be trusted. Because it is considered to be highly insecure,
experts recommend replacing this service with the more secure and encrypted SSH. If
rlogin access is required, the service should be protected by the use of TCP Wrappers.
See Also: IP Address; Password; r Services; SSH;TCP Wrappers;Trust.
Further Reading: UNIX Systems Support Group. Common Services. [Online, August
16, 2004.] Indiana University Website. http://uwsg.iu.edu/index.php?option=articles&task=
viewarticle&artid=15&Itemid=3.
Ridge,Tom (person; 1946– ):The first U.S. Secretary of Homeland Security, a position created
in October 2001 after the September 11, 2001, terrorist events. Prior to this appointment,
Ridge was Governor of Pennsylvania from 1995–2001, was a member of the House of
Representatives from 1983–1995, and is a Vietnam combat veteran.Tom Ridge resigned from his
post as Secretary of Homeland Security on November 30, 2004 and stayed on the job until
February 2005.
Ridge, the seventh cabinet member to announce his departure since George W. Bush was
reelected U.S. President in October 2004,may be remembered for the heavily ridiculed color-coded
terrorist warning system that he introduced, as well as for his comment that duct tape might be helpful
in the event of a poison-gas attack.After he left his post, Ridge became a speaker worldwide on
the importance of Homeland Security for all nations. For example, in a speech to a Toronto Bay
Street audience on May 11, 2005, Ridge rejected recent U.S. complaints that Canada’s security and
immigration systems are lax and therefore responsible for helping terrorists invade U.S. borders. He
added, however, that Canada and the European Union should develop a unified approach to identifying
suspected terrorists, suggesting that biometric scanning is a likely solution.
On December 2, 2004, President Bush announced that Bernard Kerik, who directed New
York City’s emergency response to the September 11 attacks in his capacity as New York City’s
police commissioner, was chosen to assume the leadership role of the Department of Homeland
Security. Kerik soon withdrew his nomination, however, and was replaced by federal Judge
Michael Chertoff.
See Also: Department of Homeland Security (DHS); September 11, 2001,Terrorist Events.
Further Reading: CP. Canada’s Doing Its Part on Security, Ridge Says. The Globe and Mail,
May 12, 2005, p.A14; GNU_FDL.Tom Ridge. [Online, 2004.] GNU Free Distribution License
Website. http://www.wordiq.com/definition/Tom_Ridge;Koring, P. Ridge Quits U.S. Post. The
Globe and Mail, December 1, 2005, p. A17; Riechmann, D. Bush Picks Ex-Police Officer as
Homeland Security Chief. The Globe and Mail, December 3, 2004, p. A20.
Rip (general term): It means to make an illegal copy of a copyrighted work.
See Also: Computer Underground (CU); Copyright Laws.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
271 Rip
RIPE (general term): Stands for Réseaux IP Européens and is one of the five regional bodies that
administer the IP Address space. RIPE is set up as a collaboration between the European operators
of IP networks.
See Also: AfriNIC;APNIC;Arin; LatNIC.
RIPE MessageDigest (general term): The base class for hashing algorithms in the Java programming
language. Implementations of MessageDigest algorithms must extend this class and
implement all the abstract methods.The integration of this algorithm into the programming language
standard libraries is an example of how higher-level programming languages include
security-aware programming features enabling programmers to write better, more secure
software.
See Also: Algorithm; Hash, One-Way; Java.
Further Reading: Sun Microsystems, Inc. Overview Package. [Online, 1999.] Sun
Microsystems, Inc.Website. http://java.sun.com/products/javacard/htmldoc/javacard/security/
MessageDigest.html.
Risk (general term): In security, its assessment is an attempt to assess or measure the likelihood
that a cracker will successfully exploit system or network vulnerabilities. In its 2004 Global
Security Survey, Deloitte reported that 83% of respondents confirmed that their companies’ systems
had been exploited in some way in 2003—and the percentage is likely higher because of
respondent underreporting.These compromised systems cost companies money. For example, in
2002, NetworkITWeek in the United Kingdom noted that KMPG consultants estimated that
security breaches cost businesses an average of $108,000.
The underlying principle behind risk assessment considers three critical elements: assets,
threats, and vulnerabilities. Assets include tangible items having value, such as computer systems,
as well as intangible items having value, such as the company’s reputation.Thus, a primary step
in risk assessment is to determine the items of value and their approximate value amounts—just
as homeowners would determine their items of value and their approximate value amounts in
order to buy the appropriate amount of insurance.
Threats are defined as the means that could be used by crackers or company insiders to compromise
the company’s computer systems.An action plan and appropriate security devices should
be employed to counter these threats.
Vulnerability assessment indicates the likelihood that an exploit could occur, including where
in the system and how. Questions that typically need answering include, for example, the following:
Are passwords produced properly and amended regularly? Are systems locked-down and
are networks adequately secured?
A major challenge facing system administrators is to consider the threats to which valued
company assets are vulnerable and determine what security efforts are required—and in what
priority—to not only stop possible exploits from occurring but also to be able to quickly and
effectively recover from these exploits should they occur.
See Also: Administrator; Cracking; CSI/FBI Survey; Exploit;Vulnerabilities of Computers.
Further Reading: McLean,D. Companies Neglect IT Security At Their Peril. The Globe and
Mail,May 12, 2005, p. B9; Schell, B.H. and Martin,C. Contemporary World Issues Series: Cybercrime:
A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004.
RIPE 272
Risk Analysis (general term): In an IT security context, it is the process of determining the
actual likelihood or risk that an organization’s security will be breached, and what kind of material
or immaterial losses will potentially result from such a security breach. Immaterial losses
typically describe hard-to-measure losses such as loss of reputation. An example for such a loss
would be a successful attack on a bank or financial institution in which data privacy was violated.
The risk is typically expressed as a financial risk and used to budget for investments in IT
security technology, personnel, and processes; it is similar to insuring against a natural disaster or
a theft.
See Also: Risk.
Ritchie, Dennis (person; 1941– ): In 1969, he and Ken Thompson developed an open set of
rules to run computers on the virtual frontier. They called their standard operating system
UNIX, and to hackers then and now, it was and is a thing of beauty.
See Also: Thompson, Ken; UNIX.
ROFL or ROTFL (general term): Chat room talk meaning “rolling on the floor laughing.”
Root (general term): In UNIX, it is the superuser or administrator account having complete
control over everything in the machine.
See Also: Administrator; Superuser or Administrative Privileges.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Root Servers (general term): A group of thirteen servers located throughout the world that are
responsible for the basic level of the Domain Name System (DNS).
See Also: Domain Name System (DNS); Root.
Rootkit (general term): A backdoor Trojan horse hiding behind or within processes and files
that can provide crackers remote access to a compromised system. Besides being the name of
a specific software tool, the term rootkit is often used in a more general sense to describe a tool
providing system administrators access privileges to snoop while avoiding detection.
During the week of February 17, 2005, Microsoft Corporation security experts cautioned
about a new group of system-monitoring programs, or kernel rootkits, that are nearly impossible
to detect using present-day security products.This new generation of rootkits therefore pose
a serious security challenge to companies’ systems. Going by names such as Hacker Defender,
FU, and Vanquish, these rootkits not only can snoop but also may be creating a whole new group
of spyware and worms that can wreak havoc on systems. Experts further feared that online criminal
groups would find these to be of extreme interest as a means to commit cyber crimes.
See Also: Administrator; Remote Access;Trojan.
Further Reading: Roberts, P. RSA: Microsoft on ‘Rootkits’: Be Afraid, Be Very Afraid.
[Online, February 17, 2005.] Computerworld Inc. Website. http://www.computerworld.com/
securitytopics/security/story/0,10801,99843,00.html; Symantec Security Response. Rootkit.
[Online, November 7, 2003.] Symantec Security Response Website. http://securityresponse
.symantec.com/avcenter/venc/data/backdoor.isen.rootkit.html.
273 Rootkit
Rotation cipher (general term): A very simple form of encryption. The encryption is performed
by shifting the letters of the alphabet by a certain number of places.The cipher Rot13
displaces a character by 13 positions; it was widely used to obscure the content of messages on
the Usenet news network.
See Also: Encryption.
Rough Auditing Tool for Security (RATS) (general term): RATS (not to be confused with
RATs, or Remote Administration Trojans) is a set of tools to analyze C and C++ source code
for potential security flaws, such as insecure function calls.The tool has not yet reached a state in
which it can fix security problems in any automated fashion, but it provides a very good starting
point for manual security audits.
See Also: Buffer Overflows; Languages.
Routers (general term): Specialized computer devices at the border of an Internet-connected
network that store a specialized map of the Internet and contribute to this map by informing
its neighbors about what it “knows” about its part of the Internet. Internal routers are used to
structure larger networks.These contain routing tables representing the internal network structure.
Functionally, routers forward data packets to their destinations through the routing
process—usually associated with the Internet Protocol. Routing occurs at the layer 3 Network
Level of the OSI seven-layer model.
Cisco Systems, Inc. and Juniper are two providers of router equipment, and in recent times
both have issued advisories regarding vulnerable routing software. For example, on January 27,
2005, Juniper told all M- and T-series router clients using software made before January 7, 2005,
to either upgrade the software or risk becoming victimized by a serious security vulnerability
that was exploitable either by a device directly attached to the router or by a remote attack. Cited
as a “high” risk level, the vulnerability was transmitted to the U.S. Computer Emergency
Readiness Team by Qwest. Previously, Juniper had marketed its software as being more stable and
more reliable than Cisco’s IOS.
On February 16, 2005, Cisco released a fresh line of security products that it claimed could
thwart elusive network threats such as phishing, viruses, and DoS attacks.With this news, IT
security professionals had both rave but very cautious reviews.
See Also: Cisco Systems, Inc.; Denial of Service (DoS); Internet; Network; Phishing;Virus.
Further Reading: Duffy, J. Juniper Bitten by Software Bug. [Online, January 27, 2005.]
Network World, Inc. Website. http://www.nwfusion.com/edge/news/2005/0127juniper
.html; GNU_Free Documentation License. Routers. [Online, May 18, 2005.] GNU_Free
Documentation License Website. http://en.wikipedia.org/wiki/Router; Schell, B.H. and Martin,
C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA:
ABC-CLIO, 2004; Storer, A. New Cisco Security Strategy Targets Elusive Threats. [Online,
February 16, 2005.] TechTarget Website. http://searchnetworking.techtarget.com/original
Content/0,289142,sid7_gci1059436,00.html.
Routing and Traceroute Tool (general term): Information is routed through the Internet in
small packets, and a traceroute tool can check the path that one packet followed.
Rotation cipher 274
To comprehend how routing works and what the traceroute tool does, readers need to understand
that all information sent or received on the Internet is just a small piece of the original data.
For example, when requestors visit a Website and they want to retrieve a Web page, the server of
that Website receives the request for the Web page and sends the Web page to the requestor.The
requestor does not receive the whole Web page all at one time; instead, it is divided into little
pieces of information called packets.These packets reach the requestor by traveling through the
Internet and passing through computers along the way.
Each packet is like a letter, in that it has a sender and a receiver. Computers connected to the
Internet use a packet-switching technique to transfer packets from one system to another.The
packet is, essentially, handled as a “hot potato”; that is, the sending computer (for example, the
server of the Website the requestor is visiting) sends it to the closest router.This router receives
the packet and looks at the recipient address. If the recipient address belongs to a computer in
the same network segment as the router, the router delivers the packet to this computer and the
process stops. If the recipient address is not correct, the packet is sent on to the next nearest
router. If the recipient address is still not correct, the packet is sent on to the next nearest computer.
The cycle continues until the packet reaches the receiver with the correct recipient address.
The Web page may pass through routers in several countries before it reaches the right requestor
with the right address. Routing tables stored in each router assist in the process of determining
the “next nearest” router.
Also, if some routers along the way are down, the data will take another active path. Some
routers may be found to be too busy or too crowded, so they will take quite some time to
respond. For this reason, the traceroute tool was developed.This tool, which can check the path
that one packet followed, can be used by system administrators not only to discover the path
taken but also ascertain the amount of time the packet took to reach the correct address
recipient.
Every IP packet has a field named TTL (TimeToLive), which can take values between 0 and
255. Each router processing the packet looks at this value and subtracts 1 from it.This procedure
continues until the content of the TTL field is decremented to contain 0 or 1.When the TTL
field has reached 0, the router drops the packet. Such a mechanism is needed to keep a packet
from traveling on forever, never finding the correct receiver.
See Also: Internet; Internet Protocol (IP); Packet;Traceroute and Traceroute Program.
Further Reading: Silvestri, M.Traceroute Tools. [Online, 2000.] Wowarea Website. http://
www.wowarea.com/english/researches/wg4_traceroute.htm.
Routing Information Protocol (RIP) (general term): An interior gateway protocol specifying
how routers exchange information about routing tables. Routers exchange entire tables
periodically when they are using RIP. Because this is a rather inefficient process, RIP is currently
replaced by the newer Open Shortest Path First (OSPF) protocol.
See Also: Open Shortest Path First (OSPF); Protocol.
Further Reading: Jupitermedia Corporation. What is Routing Information Protocol?
[Online, August 9, 2004.] Jupitermedia Corporation Website. http://www.webopedia.com/
TERM/R/Routing_Information_Protocol.html.
275 Routing Information Protocol (RIP)
RSA Public/Private Key Algorithm (general term):The most prevalently used public/private
key algorithm. It was invented in the 1970s by Ron Rivest, Adi Shamir, and Leonard
Adleman.
See Also: Algorithm; Key.
Russian FSB (formerly KGB) (general term): President Vladimir Putin recently signed a decree
to identify the criteria for reorganizing Russia’s Federal Security Service (FSB).The FSB played a
direct part in drafting the decree, a move indicating that most of the proposals made by the counterintelligence
service will be accounted for.A number of independent services will be established
under the reorganization, as will special subdepartments for combating terrorism and extremism.
New organizational decisions are expected to allow Russia’s security services to react more appropriately
to contemporary terrorist and cyberterrorist threats.
See Also: Cyberterrorism; Intelligence;Terrorism.
Further Reading: The Russian Journal Publishing Company.The future of Russian counterintelligence.
[Online, July 20, 2004.] The Russian Journal Publishing Company Website. http://
www.russiajournal.com/news/cnews-article.shtml?nd=44715.
RSA Public/Private Key Algorithm 276
S (general term): Chat room talk meaning “smiling.”
S.1837 (Otherwise Untitled) (legal term): U.S. Senator Robert Torricelli, D-NJ, introduced
the bill S.1837 on December 18, 2001, to establish a board of inquiry to review the activities of
U.S. intelligence, law enforcement agents, and other relevant agencies regarding their roles and
shortcomings in not preventing the terrorist attacks of September 11, 2001. On December 18,
2001, the bill was sent to the Senate committee, was read twice, and was sent to the Committee
on the Judiciary. It was not passed in this form.
See Also: Intelligence; September 11, 2001,Terrorist Events.
Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet.
[Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/
legislation/107th/wiretaps/.
S/Mime (Secure Multipurpose Internet Mail Extension) (general term):A MIME protocol
version supporting message encryption. S/MIME uses the RSA’s public-key encryption as
a base technology.
See Also: Encryption or Encipher; RSA Public/Private Key Algorithm.
Further Reading: Jupitermedia Corporation.What is S/Mime? [Online, February 25, 2004.]
Jupitermedia Corporation Website. http://www.webopedia.com/TERM/S/S_MIME.html.
Safe Frequency (general term): Of backups is the frequency done on a particular computer
system at which the maximum possible system loss would be bearable.The safe frequency has to
be determined after a thorough risk assessment and an evaluation of what the computing and
data assets are worth for a company.
See Also: Computer; Risk.
Safeguard (general term): A feature, procedure, process, or technique intended to mitigate the
effects of intrusion risk but that rarely if ever eliminates all risk. It does reduce risk to some
acceptable organizational or institutional level.
See Also: Risk.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Sandbox or Sandbox Security Model (general term): Provides an alternative for ensuring that
software not coming from the usual trusted sources can be assessed.Thus, the sandbox model lets
users accept code from any source. As it is running, the sandbox restricts code from untrusted
sources to be able to take actions that could possibly harm a system.The advantage is that users
do not need to determine what code they can or cannot trust.Also, they do not need to scan for
viruses, for the sandbox prevents any viruses or other malicious code invited into the system from
doing any damage they may have been designed to do.
Users need to trust software before they run it on their computers, or face the possibility of their
experiencing some dire consequences.Traditionally, users have achieved relative security by being
careful to use software only from trusted sources and by regularly scanning their systems for known
viruses and worms.When viruses or worms have access to a user’s system, they can gain full control.
If the virus or software is malicious code, it can cause much damage to the user’s system
because no restrictions would be placed on the software by the computer’s runtime environment.
See Also: Code or Source Code; Malicious Code.
Further Reading: Venners, B. Java’s Security Architecture. [Online, July, 1997.] Artima
Software, Inc.Website. http://www.artima.com/underthehood/overviewsecurity2.html.
Sanitize (general term): Means to erase a storage device, such as a computer hard drive, so thoroughly
that no residual data can be collected from the device. Old computer disks should be
sanitized—and not only superficially erased—before they are thrown away in order to avoid the
possibility that a cracker can obtain any valuable information from scavenging through an organization’s
garbage (electronic dumpster diving).
See Also: Remanence; Residue.
SANS Institute (general term): Likely the largest information security training and certification
source in the world. The SANS Institute develops, maintains, and makes available for free an
impressive collection of research documents about information security.The SANS Institute also
operates the Internet’s early-warning system known as the Internet Storm Center.
The SANS (SysAdmin, Audit, Network, Security) Institute was started in 1989 as a research
and education organization. Today, its programs get to more than 165,000 auditors, Chief
Information Officers (CIOs), network administrators, and security professionals who share
with each other lessons they have learned about information security.They try to find solutions
to the cyber challenges they encounter.
The SANS Institute shared resources include a weekly vulnerability digest (@RISK), the
weekly NewsBites news digest, the Internet Storm Center warning system for the Internet, flash
security alerts, and more than 1,200 award-winning research papers.
During the first week of May 2005, for example, the SANS Institute warned that in the first
quarter of 2005, more than 600 new system vulnerabilities were detected, including flaws in
products by Microsoft Corporation, Computer Associates, Oracle, McAfee and F-Secure,
Trend Micro, Symantec Corporation, and some relatively new “players” such as RealPlayer,
iTunes, and WinAmp.
See Also: Administrator; Network; Security; Symantec Corporation; Vulnerabilities of
Computers.
Further Reading: Brenner,B. SANS: Security Software, Media Players Increasingly Vulnerable.
[Online,May 2, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/originalContent/
0,289142,sid14_gci1084324,00.html?track=NL-358&ad=513148; The SANS Institute. About
SANS. [Online, 2004.] The SANS Institute Website. http://www.sans.org/aboutsans.php.
Scanner (general term): Uses rules to scan for vulnerabilities on the network, computer
system, application program, or Web-based service, typically working with a list of known vulnerabilities.
Some Web-application scanners scan for vulnerabilities within applications.
See Also: Network; On-Access Scanner; On-Demand Scanner;Vulnerabilities of Computers.
Sandbox or Sandbox Security Model 278
Scavenging Technique (general term): Used by crackers who dial up to the Internet hoping
to find connections left dangling when somebody else abruptly hung up.They can then exploit
the connections.The term is also used to describe the activity of hunting for Residual Data on
erased devices.
See Also: Crackers; Residue; Sanitize; Internet.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Schifreen, Robert (person): See Gold, Steven and Schifreen, Robert Case.
Schneier, Bruce Books (general term): A well-respected cryptographer who has written a
number of books, including Beyond Fear (2003), Secrets and Lies: Digital Security in a Networked
World (2000), and Applied Cryptography: Protocols, Algorithms, and Source Code in C (1995).
See Also: Algorithm; Code or Source Code; Cryptography or “Crypto.”
Schwartz, Randal Case (legal case): A case illustrating that some judgment mistakes can cause
a system administrator to become a convicted felon.
Randal Schwartz started his career at the Intel Corporation in early 1988 and left at the end
of 1993. During Schwartz’s employment at Intel iWarp (a part of Intel’s Supercomputer System
Division, or SDD), he recommended to the company that it keep its systems secure by following
some standard procedures such as using good passwords.To this end, in 1991 Schwartz began
checking passwords by running a software program known as “crack,” distributed by CERT. It
attempts to crack a set of passwords found in a UNIX /etc/passwd file. In 1991, Schwartz was
no newcomer to “crack”; he served as a beta-tester for its version 3.
As part of his job at Intel iWarp, Schwartz gave security training courses to individuals in other
firms. Many of these courses focused on Perl, a popular programming language at that time.
Because much of his job involved travel, Schwartz set up various ways to read his email at Intel
iWarp when off-site.This seemed to be a wise move because starting in late 1993, he was responsible
for setting up DNS (Domain Name System) servers for the company.
In late 1993, while working for Intel’s SGI division as a system administrator, Schwartz ran the
“crack” software on the password file of an SGI computer in his previous division where he still
had an account. Schwartz decided to investigate the problem further by testing the password file
of the central set of systems at the SSD division, but he thought that he would wait until he had
final study results before telling SSD officials what he was doing. One of his staff members
noticed that Schwartz was running “crack” and told his manager, who reported the incident to
those at the top of the firm.When word reached the top, corporate leaders began to think that
Schwartz was a corporate spy.
Soon thereafter, the police arrived at Randal Schwartz’s house, took all his computer equipment,
and pressed charges under an Oregon law for altering or transporting computerized
information. Because the district attorney viewed Schwartz’s moving a password file from one of
Intel’s computers to another to be at least transporting, Schwartz was charged on March 14, 1994,
with three criminal felony counts—even though the district attorney never alleged that any
information ever left Intel’s premises.
In September 1995, after a jury trial, Schwartz was given five years of probation, 480 hours
of community service, 90 days of initially deferred and then suspended jail time, and he was
279 Schwartz, Randal Case
ordered to pay Intel Corporation $68,000 in restitution. On appeal, the court upheld the conviction
on all counts but reversed the restitution order, sending it back to the original court for
reconsideration.
See Also: Administrator; Cracking; Domain Name System (DNS); Server.
Further Reading: Pacenka, S. Computer Crime. [Online,April 8, 2001.] Lightlink Website.
http://www.lightlink.com/spacenka/fors/; Quarterman, J. System Administration as a Criminal
Activity or, the Strange Case of Randal Schwartz. [Online, September, 1995.] MIT Computer
Science and Artificial Intelligence Laboratory “Project Mac”Website, http://www.swiss.ai.mit
.edu/6095/articles/computer-crime/schwartz-matrix-news.txt.
Screensaver (general term): A program that is activated by the operating system after a predetermined
period of inactivity by the user. A screensaver serves two goals: By blanking the screen
or displaying a constantly-changing pattern, the screensaver avoids the burn-in effect on the
screen’s photo-sensitive layers, through which a pattern displayed for longer periods of time
remains visible as a ghost image on the screen.The second goal is to lock the access to the computer
system after a period of inactivity. Users who return to their workstations have to enter
their password to regain access to the computer.
Scriptkiddie or Newbie (general term): Inexperienced crackers who rely on prefabricated
software to perform computer exploits.
See Also: Crackers; Exploit.
Scripts (general term): Programs consisting of instructions for an application.Thus, scripts usually
have instructions expressed with the application’s syntax and rules.Typically, scripts contain
simple control structures.
A scripting language is not compiled into machine code but interpreted “on the fly” by a
script interpreter, which makes scripting languages slower than compiled languages. Scripting
languages are popular among system administrators, primarily because they incorporate many
of the tools and syntactical elements that the administrator is already familiar with. In fact, the
command-line interpreters in Windows and in UNIX are scripting language interpreters also
featuring an interactive mode—the command prompt or shell.
See Also: Administrator; Shell; UNIX.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Se7en Controversy (general term): A self-proclaimed hacker with a charismatic pseudonym
whose real name is Christian Valor. Valor created controversy when in the late 1990s he conducted
an alleged vigilante campaign against online pedophiles. However, some in the Computer
Underground believe that he never did this because, they say,Valor lacks the required hacking
skills.
See Also: Hacker; Computer Underground (CU);Vigilante.
Further Reading: Silberman, S. Kid-Porn Vigilante Hacked Media. [Online, February 8,
1999.] Wired Magazine Website. http://www.wired.com/news/culture/0,1284,17789,00.html.
Search Engine (general term): Existing in a variety of types, all search engines procure information
but organize it in a variety of unique ways, which is why there are so many different
Schwartz, Randal Case 280
search engines. At a basic level, a search engine is one of two things: a Robot or a Directory.
Though some search engines combine features of both, most are predominantly either Robots
or Directories.
A Robot uses a software program to search, catalog, and then organize information on the
Internet. Organization of data can be completed in a number of ways—including through a harvester,
robot, spider, wanderer, and worm—and employing diverse ways of searching Websites to
gather data.
Directory search engines do not search on the Internet for information but rather obtain it
from individuals who enter it into the search engine’s database. Because each Directory has its
own means to categorize information, multitudes of them exist.
In March 2005, Google, Inc., a popular search engine, released its first official version of its
free software for finding information stored on computer hard drives.The software scours hard
drives for information contained in Adobe Acrobat’s portable document format (known as PDF),
and it scours music, video files, and email content.
On Saturday, May 7, 2005, the Google, Inc. search engine went down from 6:45 p.m. until
7:00 pm. Eastern Time. Google spokesman David Krane said that the problem was not a crack
attack, as many people thought, but a problem related to the DNS or Domain Name System.
He did not elaborate.
See Also: Bot or Robot; Domain Name System (DNS); Internet.
Further Reading: Churilla, K. Secrets of Searching the Web & Promoting Your Website.
[Online, 2004.] Gocee Company Website. http://www.gocee.com/eureka/e_sedef.htm; Google
Admin. Google Down? Getting 404! Google Hacked? [Online, May 9, 2005.] Search Engine
Forums Website. http://www.submitexpress.com/bbs/post-1601.html&highlight=&sid=
cdfcb4b3aa56cdca7df35ed920dd8079; In Brief. Google’s Official Desktop Search Software
Released. The Globe and Mail, March 10, 2005, p. B10.
Secure HTTP (general term): Abbreviated S-HTTP. Developed in 1995 and extends the
HTTP protocol, having as its primary function the transmitting of data in a secure way over the
World Wide Web. Not all Internet browsers and servers understand S-HTTP.
See Also: HTTP (HyperText Transfer Protocol); Protocol;World Wide Web (WWW).
Secure Sockets Layer (SSL) (general term):A network protocol running on top of TCP/IP
that assists in improving the safety of Internet communications and serves as a standard for
encrypted client/server communications between network devices. SSL and S-HTTP have
uniquely different designs and goals, so it is actually possible to put together the two protocols.
Whereas SSL has been developed to create a secure connection between two systems, S-HTTP
has been developed to securely transmit individual messages. SSL uses different kinds of network
security techniques, such as certificates, public keys, and symmetric keys.Websites typically use
SSL to safeguard the transmission of an individuals’ personal information such as banking account
numbers and credit card numbers. Moreover, both SSL and S-HTTP have been sent to the
Internet Engineering Task Force (IETF) to be approved as a standard.
See Also: HTTP (HyperText Transfer Protocol); Internet; Internet Engineering Task Force
IETF);TCP/IP or Transmission Control Protocol/Internet Protocol;World Wide Web (WWW).
281 Secure Sockets Layer (SSL)
Further Reading: About, Inc. SSL. [Online, 2004.] About, Inc.Website. http://compnet
working.about.com/cs/securityssl/g/bldef_ssl.htm; Jupitermedia Corporation.What is S-HTTP?
[Online, October 7, 2002.] Jupitermedia Corporation Website. http://www.webopedia.com/
TERM/S/S_HTTP.htm.
Secure Transactions (general term): Secure Web transactions are increasingly commonplace. If
anyone has ever ordered a book, a CD, or any other product or service over the Web (say, through
Amazon.com), he or she likely utilized a secure transaction system.The e-commerce company
Amazon.com processes thousands of secure e-transactions daily. As do most secure e-commerce
Websites, Amazon.com encrypts confidential information with the Secure Sockets Layer
(SSL) technology as it is transmitted between the consumer’s Web browser and the online company’s
Web server.
No computer system can be assumed to be completely secure.Therefore, one needs to understand
that security in an e-commerce sense is best defined in terms of acceptable risk—meaning
that the consumer must feel comfortable that his or her personal information will be relatively
safe from inappropriate use after it is sent online as part of the transaction. Moreover, acceptable
risk means that the company operating the server must be confident that it can defy internal and
external exploits.
Because of concerns regarding e-commerce secure transactions, on February 9, 2005, XRamp
Technologies announced that it is now issuing 256-bit digital SSL technology certificates that
function with browsers and servers capable of the 256-bit Advanced Encryption Standard
(AES). Besides working with the frequently used Mozilla Firefox Web browser, the SSL technology
certificates are backward compatible—able to provide encryption for software not meeting
this standard.
See Also: Advanced Encryption Standard (AES); Exploit; Risk; Secure Sockets Layer (SSL);
Security.
Further Reading: Cahoon, B.What Are Secure Web Transactions? [Online, May 28, 1998.]
Technology Expo ’98 Website. http://www.arches.uga.edu/~cahoonb/techexpo/security.html;
XRamp Technologies, Inc. XRamp Offers the Industry’s First 256-Bit Secure Server Certificates.
[Online, February 9, 200.] XRamp Technologies, Inc.Website. http://list.windowsitpro.com/
t?ctl=3E11:4FB69.
SecureID (general term): A system involving a small, portable device generating a one-time
password at set intervals (for example, one minute) and a software component on an access
device synchronized with this password-generation mechanism. A user gets access to the system
when he or she enters the password displayed on the portable device. Carrying the portable
device around (such as in the form of a key ring attachment) is more comfortable than carrying
a one-time password list, but it serves the same purpose.
See Also: One-Time Password; Password.
Further Reading: Experts Exchange LLC. Solution Title: Can you do one time passwords ala
SecureID on Linux? [Online, August 16, 2004.] Experts Exchange LLC Website. http://www
.experts-exchange.com/Security/Linux_Security/Q_20647635.html.
Security (general term): Having protection from one’s adversaries, particularly from those
who would do harm—intentionally, or otherwise, to property or to a person. Information
Secure Sockets Layer (SSL) 282
Technology security issues include but are not limited to authentication, critical infrastructure
protection, disaster recovery, intrusion detection and network management, malicious code software
protection, physical security of networks, security policies, the sharing of rights and
directories, and wireless security.
Security breaches occur daily, with some of them making media headlines and embarrassing
the targeted companies or agencies. On January 30, 2005, for example, a security incident
occurred that brought considerable embarrassment to the Dutch armed forces. About 75 pages
of highly classified documents about human traffickers from the computers of the Dutch Royal
Marechaussee (the armed forces contingency that guards the Dutch borders) somehow found
their way to the controversial weblog Geen Stijl (meaning “No Style”).
The conjecture is that a Dutch armed forces staffer worked on the documents at home and
unwittingly shared the contents of his computer’s hard drive to numerous others when he logged
onto KaZaA—which is unsecure.
This was not the first time that the Dutch have made media headlines over computer security
issues. In 2004, the Dutch public prosecutor’s office was equally embarrassed after it was
publicized that the prosecutor threw his old PC into the trash, making available for public
scrutiny his hard drive with hundreds of pages of classified data on high-profile Dutch crimes—
as well as his own credit card numbers and personal tax file information. As a result, the
prosecutor resigned from his job.
See Also: Harm to Property.
Further Reading: Estala, A. Internet Protocol Version 6 (IPv6). The Next Generation.
[Online, March 9, 1999.] Geocities.com Website. http://www.geocities.com/SiliconValley/
Foothills/7626/defin.html; Grami,A. and Schell, B. Future Trends in Mobile Commerce: Service
Offerings, Technological Advances and Security Challenges. Proceedings of Second Annual
Conference on Privacy, Security and Trust. University of New Brunswick, New Brunswick, Canada,
October 13–15, 2004. [Online, October 2004.] Privacy, Security, Trust 2004 Website. http://
www.unb.ca/pstnet/pst2004/; Lehtovirta, J. Transition from IPv4 to IPv6. [Online, 2004.]
Tascomm Engineering Oy Website. http://www.tascomm.fi/~jlv/ngtrans/; Libbenga, J. Classified
Dutch Military Documents Found on P2P Site. [Online, January 30, 2005.] Reg SETI Group
Website. http://www.theregister.co.uk/2005/01/30/dutch_classified_info_found_on_kazaa/.
Security Account Manager (SAM) (general term): On Microsoft Windows 2000 and NT,
user account data is stored within the SAM, which is actually just one file on the disk. SAM is a
primary target for crackers. Given that SAM is stored in both an original and a repair version,
crackers tend to seek the “repair” version because it is not locked by the operating system.
See Also: Crackers.
Security Administrator Tool for Analyzing Networks (SATAN) (general term): Dan
Farmer and Wietse Venema designed this security tool to assist system administrators in recognizing
a number of network-related security problems. SATAN, though a UNIX-based tool,was
first designed for SunOS/Solaris and Irix.Today, ports to many other varieties of UNIX now
exist, including one for Linux—thereby permitting any individual with a Personal Computer
and a Slip/PPP account to get information provided by SATAN (which normally requires root
access for execution).
283 Security Administrator Tool for Analyzing Networks (SATAN)
As noted, though SATAN is a UNIX-based tool, it can be configured to scan most networks.
SATAN works by procuring as much data as possible about system and network services—such
as finger, ftp, NFS, and rexd. SATAN also procures data on known software glitches, network
configurations, and poorly set up network utilities. On vulnerabilities discovered, SATAN gives
rather limited data on fixing the problem, but despite this limitation, it is a useful tool for testing
single computers or entire networks. Its successor, known as SAINT, is also on the market.
See Also: Administrator; File Transfer Protocol (FTP); Linux; Network File Systems (NFS);
REXEC Protocol; Root; UNIX.
Further Reading: Computer Incident Advisory Capability (CIAC). Network Monitoring
Tools. [Online, 2004.] CIAC Website. http://ciac.llnl.gov/ciac/ToolsUnixNetMon.html
#Courtney; The Center for Education and Research in Information Assurance and Security
(CERIAS). Info About SATAN. [Online, June 2, 1995.] CERIAS Website. http://www.cerias
.purdue.edu/about/history/coast/satan.php.
Security Kernel (general term):The part of a computer that realizes the fundamental security
procedures for controlling access to system resources. In the formal conceptual framework of a
Trusted Computing Base, the security kernel implements the reference monitor.
See Also: Access Control; Operating System.
Security Policy Checklist (general term): A checklist developed by security experts using
questions dealing with a number of security issues. But before detailing the questions (which is
not a complete listing), this overriding question needs to be answered by organizations having
security policy checklists: Are all of the items on the checklist distributed to all employees and
fully understood? Take, for example, the following items:
• Administrator rights and responsibilities: Under what conditions may a system administrator
examine an employee’s account or his or her email, and what parts of the system should the
system administrator not examine (for example, Netscape bookmarks)? Can the system administrator
monitor network traffic, and if so, what boundaries exist?
• Backups:What systems are backed up, and how often? How are backups secured and verified?
• Connections to and from the Internet: What computers should be seen from the outside?
If computers are outside the firewall (bastion hosts), how securely are they separated from
computers on the inside? Are connections from the Internet to the internal network
allowed and, if so, how are they authenticated and encrypted? What traffic is allowed to go
outside the internal network? If there is traffic across the Internet, how is it secured, and
what protection is in place against worms, viruses, or hostile java applets?
• Dial-up connections:Are dial-up connections allowed, and if so, how are they authenticated
and what access level to the internal network do dial-up connections provide? How are
modems distributed in this company, and can employees set up modem connections to
their home or desktop computers?
• Documentation: Does a map of the network topology exist, and is it clearly stated where
each computer fits on that map? Is there an inventory of all hardware and software, and does
a document exist detailing the preferred security configuration of every system?
Security Administrator Tool for Analyzing Networks (SATAN) 284
• Emergency procedures:What kinds of procedures exist for installing security patches or
handling exploits? In cases of system intrusion, is it company policy to shut down the network
immediately, or does the company prefer to monitor the intruder for a while? How
and when are employees notified of exploits, and at what stage and at what time are law
enforcement agencies called in?
• Logs: What information is logged, and how and where? Are the information logs secure
from tampering, and if so, are they regularly examined, and, if so, by whom?
• Physical security:Are systems physically protected from outsider crackers and adequately
secured, where needed, from insider crackers? Are reusable passwords used internally or
externally, and are employees told through company policy to change their passwords
routinely?
• Sensitive information: How are sensitive and proprietary information protected online, and
how are backup tapes protected?
• User rights and responsibilities: How much freedom do employees have in terms of selecting
their own operating system, software, and games for their computers, and can employees
in our company send and receive personal email or do personal work on company computers?
What policies exist regarding resource consumption (for example, disk or CPU
quotas) and abuse (accidental or intentional) of services? What penalties exist, for example,
if an employee brings down a server?
See Also: Administrator; Electronic Mail or Email; Firewall; Internet; Logs; Modem; Password.
Further Reading: Queeg Company. Security Policy Checklist. [Online, October 6, 1997.]
Queeg Company Website. http://queeg.com/~brion/security/secpolicy.html.
Security Zones (general term): Internet Explorer divides the Internet into these so that users
can assign a Website to zones having suitable security levels. Users can ascertain which zone any
Web page is in by viewing the right side of the browser’s status bar.When a user tries to download
information from any Website, Internet Explorer reviews the security configuration for that
site’s zone.The four zones are as follows:
• Local Intranet zone: Has addresses not requiring a proxy server, and the addresses here are
configured by the system administrator in the Internet Explorer Administrator’s Kit
(IEAK). By default, the security level of this zone is Medium.
• Trusted site zone: Has sites that users should be able to trust, meaning that they should be
able to download or run files without worrying about damage being caused to their computer
or information. Users can assign sites to this zone, whose default security level is Low.
• Restricted site zone: Has sites that users would not trust because they cannot be sure that
they could download or run files without damaging their computers or information.
Though users can assign sites to this zone, it defaults to the High security level.
• Internet zone: Has information not on the user’s computer, not on an Intranet, and not
assigned to any other zone.This level’s default security level is Medium.
285 Security Zones
See Also: Administrator, Browser; Internet.
Further Reading: Prescription Pricing Authority.What are Security Zones? [Online, 2004.]
Prescription Pricing Authority Website. http://www.ppa.org.uk/help/www/int00290.htm.
Seepage (general term): The inadvertent distribution of data through uncontrolled holes (or
leaks) in the security perimeter.The leak occurs because of a lack of proper security procedures,
or because of lax enforcement of such procedures. Employees may not be aware of the potential
damage that they cause when sending proprietary information outside of the organization.
Further Reading: Beaver, K. Don’t Spring a Leak. Information Security, [Online, Jan 2006],
http://informationsecurity.techtarget.com/magPrintFriendly/0,293813,sid42_gci1154838,00.
html.
Segments Internal Networks, Isolation, and Separation (general term): Internal networks
are split into logical segments so that they can be isolated and separated. Initially, these segments
were introduced to contain and limit network traffic and to save bandwidth. Now, segmented
networks serve as additional elements in a comprehensive security architecture. Additional
Firewalls can be introduced between network segments.
As a case in point, a financial accounting department’s network might be tightly controlled
and not even be accessible from other internal locations. Should one of the internal systems be
compromised by crackers, the intruder would face additional barriers before he or she could brag
about “0wning” the complete network or having access to the “crown jewels.”
See Also: Firewalls; Network; 0wn.
Sendmail (general term):Widely used program that implements the SMTP mail delivery protocol
on most UNIX and Linux systems. If someone’s ISP delivers email using SMTP, it is
important to configure sendmail correctly to avoid “bouncing” email. If sendmail does not know
a particular user name, it will reject the email and deliver the error message “550 User unknown.”
As with regular land mail, when a recipient is not known because of a wrong or changed address,
the land mail will be returned to the sender. The same principle applies to email. Bouncing
wanted email is considered to be a beginner system administrator’s mistake by more seasoned
experts, especially when it is from a mailing list.
Bouncing wanted email can occur when connecting UNIX to the Internet for the first time.
These techniques can increase the chances that correctly addressed email is accepted by sendmail.
Make sure that: any user name to which email is addressed is defined as a UNIX user, any name
used on email is defined as an alias to UNIX users, and email addressed to unknown user names
is redirected to defined UNIX users.
See Also: Electronic Mail or Email; Internet Service Provider (ISP); Simple Mail Transfer
Protocol (SMTP); UNIX.
Further Reading: Kempston Webmaster.Solaris Resources at Kempston. [Online,
February, 1, 2000.] Kempston Website. http://www.kempston.net/solaris/configsendmail2.html.
Sensepost (general term): A South African IT security consulting company as well as the handle
of one of its founders, R.Temmingh.This person is a well-respected security professional and
frequent speaker at IT security conferences.At the 2005 DefCon hacker gathering, he presented
a tool to automate network assessments called “BiDiBLAH.” At the July 2004 Black Hat
Security Zones 286
Briefings in Las Vegas, Sensepost’s entertaining and content-rich talk was entitled, “When the
Tables Turn.” At the July 2003 DefCon hacking convention, he spoke about vulnerabilities
in critical infrastructures. The company Website can be found at http://www.sensepost.com/
company_profile.html.
See Also: Black Hat Briefings, DefCon.
Sensitive (general term): Certain parts of an organization’s data or information is classified as
this; if there is concern about a loss of data or about access to this data by an unauthorized party,
resulting in some damage to the organization.
Separation of Duties (general term):This principle prevents any part of the computer system
from being under the control of a single person. Every duty or transaction therefore requires multiple
people to be involved, with tasks being split among them. In banking, this idea has long been
part of the security features of the financial community as a means to control fraud and theft.
Now the same concept is applied to computer systems and information security practitioners.
See Also: Computer; Fraud.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
September 11, 2001, Terrorist Events (general term): The events that took place in the
United States on September 11, 2001, had a profound impact worldwide and enhanced citizens’
fears about both terrorism and cyberterrorism.Within minutes, two passenger jets controlled by
terrorists of the al-Qaeda network crashed into the twin towers of the World Trade Center in
Manhattan and a third crashed into the Pentagon in Washington, D.C., causing one side of the
five-sided structure to collapse. Shortly thereafter, a fourth jet crashed in a field about 120 kilometers
southeast of Pittsburgh. The latter crash was diverted by passengers on the jet from its
intended target: the U.S. Capitol.
Prior to this event, the media headlines in the United States tended to focus on crackers’
exploits—and incorrectly labeled the cybercriminal arm as “hackers.” Also, the FBI focused on
the exploits of hackers and crackers alike, often seeing both camps as major criminals in society.
After the September 11 event, media headlines in the United States and elsewhere—as well as the
attention of the FBI—turned sharply toward terrorists and considerably away from hackers.This
movement was visible in the anti-terrorist laws that were quickly passed in the United States following
the September 11 event.
See Also: Crackers; Hacker;Terrorists;Terrorist-Hacker Links.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Server (general term): A computer program carrying out some task on behalf of a user, such as
delivering a Web page or sending email messages. Computers on which these server applications
are found are also called servers.
Servers have often been the focus of computer security attacks. For example, on March 8,
2005, a security researcher announced in an advisory that Microsoft Corporation’s newest operating
systems are vulnerable to Denial of Service (DoS) attacks. In particular, researcher Dejan
Lavaja said that Windows Server 2003 and XP Service Pack 2 (with the Windows Firewall not
287 Server
on) could suffer from LAND attacks—remote DoS incidents created when a packet is sent to a
computer on which the source host/port is the same as the destination host/port. Using reverseengineering
tools, this researcher discovered that just one LAND packet transmitted to a file
server could result in “frozen”Windows Explorers on all the workstations connected to that
server. In fact, warned Lavaja, because of this vulnerability the network could totally collapse.
Soon thereafter, however, a spokesperson for the Microsoft Corporation said that although the
vulnerability exists, the adverse impact of such an attack would result only in the computer’s running
sluggishly for a brief period. Users were cautioned to filter traffic with the same IP source
and destination address.
See Also: Denial of Service (DoS); Electronic Mail or Email; Host; Node; Packet.
Further Reading: Naraine, R. Old-School DoS Attack Can Penetrate XP SP2. [Online,
March 8, 2005.] Ziff Davis Publishing Holdings Inc.Website. http://www.eweek.com/article2/
0,1759,1773958,00.asp.
Severity (general term):The level assigned to an intrusion incident.
Sex Crimes Wiretapping Act of 2001 (legal term): Introduced by U.S. Representative Nancy
Johnson, R-CT, on May 16, 2001, the Sex Crimes Wiretapping Act of 2001 was intended to
change Title 18 of the United States Code so that sexual crimes with minors as targets would be
classified as “predicate crimes for the interception of communications.” On May 22, 2002, this
Act was sent to the Senate Committee, was received in the Senate, and was sent to the
Committee on the Judiciary. It was not passed in this form.
See Also: Child Pornography.
Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet.
[Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/
legislation/107th/wiretaps/.
Shared Drives (general term): Disk drives that are accessible from other computers under the
Microsoft Corp. operating system software. In UNIX terminology, the concept is known as
“exported” file system.
See Also: Network File Systems (NFS); Operating System Software; UNIX.
Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec
Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html.
Shaw, Eric Team (general term): Eric Shaw, along with his colleagues J. Post and K. Ruby,
undertook an innovative 1999 research study to help define the traits and personality profiles of
insider crackers, those existing within corporate and government agency walls.The Eric Shaw
research team found that insider crackers tend to be introverted individuals with a history of significant
family problems in early childhood. They also tend to have an online computer
dependency that significantly interferes with or replaces their direct social and professional interactions
in adulthood. Insider crackers also seem to have an ethical flexibility allowing them to
justify their exploits, and they were found to have a stronger loyalty to their computer specialty
than to their employers. Moreover, the Eric Shaw research team found that insider crackers have
a sense of entitlement; they think that they are special and thus owed the recognition, privilege,
or exception to the normative rules governing other employees with regard to online behaviors.
Server 288
See Also: Crackers; Hacker; Insider Hacker or Cracker.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Shell (general term):The default command-line interface on UNIX systems.
See Also: UNIX.
Shell Metacharacters (general term): Characters used for input or output in UNIX shells having
special meaning. For the shell, these include wildcards, quotes, and logical operators.
See Also: Shell.
Further Reading: Currie, M. Glossary. [Online, January 9, 1998.] University of Leeds
Computer Based Learning Website. http://www.starlink.rl.ac.uk/star/docs/sc4.htx/node75
.html.
Shellcode (general term): Code or code fragments for various operating systems that can be
pasted onto buffer overflow exploits. When crackers successfully exploit vulnerabilities such as
buffer overflows, they typically open a shell at the end of the exploit.With a command-line shell,
the cracker then can perform any task he or she desires. However, opening shells within buffer
overflow exploits can be difficult. For this reason, crackers often maintain libraries of shellcode.
See Also: Buffer Overflows; Crackers; Shell.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Shimomura,Tsutomu (person; 1965– ):A computational physicist who at just 30 years of age
helped the U.S. federal authorities catch cracker Kevin D. Mitnick in 1995. At that time, frequent
cracker Mitnick (who is now a computer security consultant and computer security book
writer), was on the FBI’s Ten Most Wanted fugitives list. Following the capture of Mitnick,
Shimomura wrote the book Takedown to describe the event, and in 2002, a movie of the same
name was released. He is now a Senior Fellow at the San Diego Supercomputer Center.
See Also: Federal Bureau of Investigation (FBI); Mitnick, Kevin (a.k.a. Condor).
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Shoulder Surf (general term): One way in which crackers steal a legitimate user’s passwords—
by watching that individual type his or her password on the keyboard.
See Also: Crackers; Password.
Shunning (general term): In networking terms, is the sensor’s ability to use a network device to
prevent entry to either a specific network host or to a whole network.
See Also: Network.
Further Reading: Cisco Systems Inc. Documentation. [Online, July 28, 2000.] Cisco Systems
Inc. Website. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids2/220ug/
preface.htm#4199.
Signature (general term): In anti-virus software and intrusion detection systems (IDS), a
pattern that the system looks for when scanning files or network traffic.This term should not be
confused with a digital signature. Virus or worm signatures are increasingly hard to determine
289 Signature
because malicious code has begun to use code-morphing techniques—such that each propagated
new signature version looks somewhat different from that of the previous generation.
See Also: Anti-Virus Software; Intrusion Detection Systems (IDS); Polymorphic Virus;Virus;
Worm.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Simple Mail Transfer Protocol (SMTP) (general term): Email is sent with this protocol, as
defined in RFC 821. SMTP has been assigned port 25. If someone knows this information, he
or she can use telnet to directly connect to any email server worldwide and send email.The only
tools necessary to do this are a telnet client program (included in any operating system supporting
TCP/IP, which basically means all modern ones) and a recipient’s email address. Email
programs, text editors, and browsers are not needed.
See Also: Electronic Mail or Email; Port and Port Numbers;TCP/IP or Transmission Control
Protocol/Internet Protocol.
Further Reading: Dru. SMTP with telnet. [Online, 1999.] Daemon News Website. http://
www.daemonnews.org/199905/telnet.html.
Simple Network Management Protocol (SNMP) (general term): A network protocol used
to manage TCP/IP networks. On UNIX systems and in Windows, the SNMP service provides
status information about a host on a TCP/IP network, as well as a means of managing network
hosts (such as bridges, hubs, routers, and workstations or servers) from a computer running network-
management software. SNMP utilizes a distributed architecture of agents and management
systems. Because network management is critical for both auditing and resource management,
SNMP can be used to do a number of useful things, including auditing network usage, configuring
remote devices, detecting network faults and nonauthorized access, and monitoring network
performance.
See Also: Routers; Server; TCP/IP or Transmission Control Protocol/Internet Protocol;
UNIX.
Further Reading: Microsoft Corporation. SNMP Defined. [Online, 2004.] Microsoft
Corporation Website. http://www.microsoft.com/resources/documentation/WindowsServ/
2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/
2003/standard/proddocs/en-us/sag_snmpwhatis.asp.
SkipJack (general term): An encryption algorithm developed by the U.S. National Security
Agency to be included in the Clipper chip, a device through which U.S. governmental agencies
would retain access to information that a user encrypted with the Clipper chip.
See Also: Clipper Proposal; Encryption.
Skylarov, Dmitry Case (legal case): At the DefCon 9 hacking gathering in Las Vegas in July
2001, Russian Dmitry Sklyarov was arrested about the time he was to give his talk to the hacker
crowd. Sklyarov developed a software program sold by his Russian employer ElcomSoft Co.
Ltd. to permit users to download e-books from secure Adobe software to more commonly used
PDF computer files. He, and later his company, were charged with violating provisions under
the Digital Millennium Copyright Act (DMCA) in the United States. Both Skylarov and
his company were eventually cleared of any wrongdoing because of jurisdictional issues.
Signature 290
See Also: Copyright Laws; DefCon, Digital Millennium Copyright Act (DMCA); Elcomsoft
Co. Ltd.; Portable Document Format (PDF).
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
SLIP/PPP or Serial Line IP/Point-to-Point Protocol (general term): Permits users dialup
access to the Internet through a serial link.
See Also: Internet.
Further Reading: Internet Highway, LLC. Internet Terminology: SLIP/PPP. [Online, 1999.]
Internet Highway, LLC.Website. http://www.ihwy.com/support/netterms.html.
Smart Card (general term):A credit card–sized device (or sometimes smaller) that has a embedded
computer chip.This chip not only provides storage functionality but also can run programs.
Smart cards are used in a number of security-sensitive applications. One important application
of Smart Cards is in wireless telecommunication, where Smart Cards are used as Subscriber
Identification Modules (SIM).
Another use is the health insurance card now employed in several countries around the world.
The patient card contains a patient’s health history and a record of previous prescriptions. In
addition to this data, a number of security algorithms are implemented on the card so that only
properly authorized parties—doctors and/or nurses—can access and alter this data when they
successfully establish their identity and authentication through the usage of a health professional’s
version of the card.
SMTP or Simple Mail Transfer Protocol (general term): Relates to how email is transmitted
between hosts and users in a TCP/IP network. A mail program—such as Microsoft
Outlook—sends an outgoing message to an SMTP server typically provided by the Internet
Service Provider of the user.This SMTP server connects to an SMTP server at the email’s destination,
where an SMTP transfer agent receives the message and puts it into the receiver’s
mailbox.
See Also: Electronic Mail or Email; TCP/IP or Transmission Control Protocol/Internet
Protocol.
Further Reading: Internet Highway, LLC. Internet Terminology: SMTP. [Online, Highway,
1999.] Internet Highway, LLC.Website. http://www.ihwy.com/support/netterms.html.
Smurf (general term):An exploit sending a ping to a broadcast address using a spoofed source
address. Consequently, everyone on the target segment responds to the source address, flooding
the targeted site with traffic.
With this kind of attack, someone sends an IP ping (or “echo my message back to me”)
request to some recipient Website. Actually, the ping packet states that it should be broadcast
to more than one host within the recipient Website’s local network.The ping packet also indicates
that the request is from another Website, the target site that is to receive the Denial of
Service (DoS).The result is that many Ping replies will be flooding back to the spoofed host,
and if the flood is severe enough, the spoofed host will no longer be able to distinguish real traffic
or receive it.
See Also: Denial of Service (DoS); Exploit; Flooding; Internet Protocol (IP); Packet, Ping or
Packet Internet Grouper.
291 Smurf
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; TechTarget.
Denial of Service. [Online, May 16, 2001.] TechTarget Website. http://searchsecurity.techtarget
.com/sDefinition/0,,sid14_gci213591,00.html.
Snail Mail (general term): Regular posted mail (for which postage stamps are used).
SneakerNet (general term): Jargon term for the method of transmitting electronic information
by personally carrying it from one place to another on floppy disk or on some other removable
medium, such as tapes or memory sticks.The idea is that someone is using his or her shoes (possibly
sneakers) rather than the telecommunications network to quickly move data around.
Sneakers of 1992 (general term):The 1992 film Sneakers depicted the adventures of a professional
hacking team led by actor Robert Redford.The team’s mission was to go after a device that would
break any code.
See Also: Code or Source Code.
Further Reading: Internet Movie Database, Inc. Sneakers (1992). [Online, May 20, 2005.]
Internet Movie Database, Inc.Website. http://www.imdb.com/title/tt0105435/.
Sniffer Program or Packet Sniffer (general term):A computer program that analyzes data on
a communication network to gather intelligence, such as detecting passwords of interest that are
transmitted over the Internet. Sniffers are used by crackers on compromised systems to spy on
network traffic and steal access information for even more systems.
System administrators can detect whether a sniffer is running on their systems by frequently
checking on the network interface settings. If a sniffer is running, the network interface card is
set to a “promiscuous” mode, allowing it to read all traffic on the Internet.This setting is not the
normal setting and therefore is quite easily detectable.
See Also: Administrator; Crackers; Ethernet; Internet; Network; Promiscous Mode Network
Interface.
Snooper (general term): A program that listens in on a network to gather intelligence.
See Also: Intelligence; Sniffer.
Further Reading: Pipkin, D.L. Halting the Hacker: A Practical Guide to Computer Security.
Upper Saddle River, NJ: Prentice Hall, 2003.
SNORT Network-Based IDS (general term): Popular, free of charge, pattern-based Intrusion
Detection System specializing in the analysis of network traffic.With the incredible growth of the
Internet has come a new aspect of network security, SNORT network-based IDS, or intrusion
detection systems. As the Internet continues to grow, so does the potential for damage caused by
crackers—which is why intrusion detection systems are so essential. In the recent past, solutions for
overcoming intrusions have included firewall components such as packet filters and proxy firewalls,
but today such solutions are not enough. Firewalls, for example, cannot detect back doors
around the firewall.The security conditions are even worse if proxy firewalls are not being used at
all.Moreover, current research suggests that more than half of all recorded breaches in industry, government,
and educational computer systems have been caused by an insider legitimately behind the
Smurf 292
firewall. For all these reasons, companies have recently started deploying intrusion detection systems
(IDS) such as SNORT as an additional part of a network’s security architecture.
See Also: Firewall; Internet; Intrusion Detection Systems (IDS); Packet.
Further Reading: Honeypots.net. Intrusion Detection Articles, Links and Whitepapers.
Honeypot.net Website. http://www.honeypots.net/ids/links/.
SoBigF Worm (general term): As of September 15, 2003, Symantec Security Response downgraded
the threat of this worm to a Category 2 from a Category 4. More formally known as
W32.Sobig.F@mm, this was a mass-mailing worm that sent itself to all the email addresses found
in the files with extensions dbx, .eml, .hlp, .html, .htm, .mht, .txt and .wab.The worm used its
own SMTP engine to propagate, and though it tried to create a copy of itself on reachable and
unprotected network drives, it failed to do so because it had glitches in the code.
See Also: Simple Mail Transfer Protocol (SMTP);Worm.
Further Reading: Symantec Security Response. W32.Sobig.F@mm. [Online, July 28,
2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/
venc/data/w32.sobig.f@mm.html.
Social Engineering (general term):A deceptive process in which crackers “engineer” or design
a social situation to trick others into allowing them access to an otherwise closed network, or
into believing a reality that does not exist.To crack computer systems, crackers often employ
their well-honed social engineering skills.A robust sample of social-engineering case studies can
be found in Kevin Mitnick’s book The Art of Deception.
Social engineering can also be used in noncyber-related crimes. A 2005 case involved a 39-
year-old U.S.woman by the name of Anna Ayala, who filed a complaint to police in March saying
that a human finger was in the chili bowl she purchased from a San Jose Wendy’s fast-food outlet.
The police, believing that the complaint was a hoax after they investigated the claim,
eventually discovered that the finger belonged to a man who lost his finger in an industrial accident
in December 2004. He gave his finger to Anna’s husband, who gave it to Anna. Anna
apparently “social engineered” a fake reality and was convicted of filing a false claim and of grand
theft and sentenced to nine years in prison.The Wendy’s company offered a $100,000 reward for
information regarding the claim, for it said that the crime cost it millions of dollars in sales.
Apparently, the company had to lay off dozens of employees at the San Jose worksite because
business there was harmed.
See Also: Crackers; Human Factor and Social Engineering; Mitnick, Kevin (a.k.a. Condor).
Further Reading: Associated Press. Police Identify Source of Finger Found in Chili. The
Globe and Mail, May 14, 2005, p.A2; Schell, B.H. and Martin, C. Contemporary World Issues Series:
Cybercrime: A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004.
Social Engineering Techniques (general term): Include glancing over authorized users’ shoulders
to see their password entries; recording authorized users’ login keystrokes on video cameras;
searching for password notes under authorized users’ desktop pads; calling system operators and
saying that one is an employee who forgot his or her password and asking for the legitimate
password; going through trash cans and collecting loose pieces of paper with passwords on
them; searching for authorized users’ passwords by reading email messages stored on company
293 Social Engineering Techniques
computers; and guessing different combinations of personally meaningful initials or birth dates
of authorized users—their likely passwords.
Though there were all sorts of high-tech conjectures about how Paris Hilton’s cell phone was
exploited in February 2005, a piece appearing in The Washington Post online on May 18, 2005,
indicated that the exploit may have relied on very basic social engineering techniques—
combined with vulnerabilities in the Website of Hilton’s cell phone provider, T-Mobile
International.A young cracker involved in the cell phone information heist told the reporter that
he was part of an online group that succeeded in its crack attack only after one member
tricked—using his social engineering techniques—a T-Mobile employee into releasing information
not supposed to be in the public domain. Though protecting the minor’s identity, the
reporter said that the young cracker provided him with evidence supporting the claim, including
screen shots of what he maintained were internal T-Mobile computer network pages.
See Also: Electronic Mail or Email; Logging In; Password; Social Engineering Techniques.
Further Reading: Krebs, B. Paris Hilton Hack Started With Old-Fashioned Con. [Online,
May 18, 2005.] The Washington Post Company Website. http://www.washingtonpost.com/wp-dyn/
content/article/2005/05/19/AR2005051900711.html; Schell, B.H., Dodge, J.L., with S.S.
Moutsatsos. The Hacking of America:Who’s Doing It,Why, and How.Westport, CT: Quorum Books,
2002; Schell, B.H. and Martin,C. Contemporary World Issues Series: Cybercrime:A Reference Handbook.
Santa Barbara, CA:ABC-CLIO, 2004.
Social Security Number (SSN) (general term): From the beginning of the Social Security
program in the United States in 1935 until the 1970s, the U.S. government issued Social Security
numbers (SSNs) to applicants based on their stated identifying information. The government,
however, did not ask for evidence verifying that the information given was indeed correct or
legitimate.With an increased use of SSNs by both the government and private sectors, the SSN
has become a target of greater abuse, particularly in cases of identity theft. Because of the U.S.
government’s increased concerns about illegal aliens working in the United States, SSN identity
fraud, and the potential abuse of public entitlement programs, in 2003 Congress legislated “evidence
requirements”—such as rigorous verification of birth certificates or immigration
documentation—for SSN issuing and for the replacement of already issued SSN cards. Even the
procedures have been made more rigorous for assigning SSNs to U.S.-born persons aged 12 and
older.
See Also: Identity Theft or Masquerading.
Further Reading: SSA Policy Site. RM 00203.001 Evidence Required for an SSN Card.
[Online, October 8, 2003.] SSA Policy Site. http://policy.ssa.gov/poms.nsf/lnx/0100203001.
Socket (general term): Is roughly analogous to a port and is a communication endpoint for a
TCP or UDP connection. One process is said to open a socket to listen for incoming connections,
and a second process connects to a socket to establish a communication session.
Sockets can also be used for interprocess communication on a single computer, and multiple
sockets can be made to communicate with one another. Sockets are bidirectional, which means
that both sides of the connection can send and receive information.
See Also: Port and Port Numbers; TCP/IP or Transmission Control Protocol/Internet
Protocol; User Datagram Protocol (UDP).
Social Engineering Techniques 294
Further Reading: About, Inc. Socket. [Online, 2004.] About, Inc.Website. http://compnet
working.about.com/library/glossary/bldef-socket.htm.
Software Piracy (legal term): Unauthorized copying of some purchased software. Most software
programs purchased are licensed for use by just one user or at just one computer site.
Moreover, when someone buys software, he or she is known as a “licensed user” rather than as
an owner of the software.As a licensed user, an individual is permitted to make copies of the software
program for back-up purposes only. It is a violation of copyright laws in North America,
in particular, to freely distribute software copies.
Because software piracy is all but impossible to halt entirely, software companies now launch
legal suits against individuals violating software copyright laws.Years ago, software companies
attempted to prevent software piracy by copy-protecting software, but this strategy was neither
foolproof nor convenient for users. Software companies typically require registration at the time
of software purchase in an attempt to clamp down on the problem.
See Also: Copyright Laws; Digital Millennium Copyright Act (DMCA).
Further Reading: Jupitermedia Corporation.What is Software Piracy? [Online, October 9,
2003.] http://www.pcwebopedia.com/TERM/S/software_piracy.html.
Solaris (general term): Sun Microsystems’ version of the UNIX operating system.
See Also: UNIX.
SonicWall Inc. (general term): In 2000 this provider of IT security products for high-speed
access subscribers released its SonicWALL Network Anti-Virus tool, a virus-scanning software
package.
See Also: Anti-Virus Software.
Further Reading: SonicWALL, Inc. SonicWALL Network Anti-virus Innoculates Businesses
Against Virus Outbreaks:The “ILOVEYOU”Virus Underscores the Need for Active Enforcement
of Anti-Virus Policies. [Online, 2002.] SonicWALL, Inc.Website. http://www.sonicwall.com/
General/DisplayDetails.asp?id=48.
Sophos (general term): Anti-virus software developed for businesses and networks so that it
can be administered and maintained from a single location, with version updates of the virusscanning
engine delivered regularly. As soon as new viruses are discovered, virus definition
updates can be downloaded from the Internet by users.
See Also: Anti-Virus Software; Internet; Malware;Virus.
Further Reading: Paul Smith Computer Services.VPOP3 and Sophos Anti-Virus. [Online,
2004.] Paul Smith Computer Services Website. http://www.pscs.co.uk/products/vpop3/sophos
.php.
Source Route (general term): In network protocols, it lets the user specify the route a packet
should take.
See Also: Network; Packet; Protocol.
Spam (general term): Unsolicited,unwanted, impersonal email.A U.K.-based Spamhaus Project
tracks the Internet’s spammers, gangs, and services, as well as provides spam protection for
Internet networks. The Spamhaus Project team also partners with law enforcement agents to
295 Spam
identify and catch spammers worldwide.This group says that email can be regarded as “spam” if
it has all three of the following attributes: (1) the receiver’s personal identity is irrelevant because
the email message sent is actually applicable to multitudes of other receivers; (2) the receiver has
not given explicit consent for the email to be sent; (3) the sending and receiving of the email
message appears to the receiver to give a “disproportionate benefit” to the sender.
Spam wastes the time and the resources of the receivers. Spam also frequently includes material
that many receivers find offensive, such as the marketing of sexual enhancement devices or
child pornography.
In the United States, spam reportedly costs nearly $21.6 billion annually in lost productivity,
according to the 2004 National Technology Readiness Survey (NTRS).The survey, completed
annually, tracks U.S. consumers’ online opinions and behaviors. The loss estimate of more than
$21 billion was based on U.S. users’ reports that they spend an average of three minutes per day
deleting spam at work.With about 170 million U.S. adults online at work, that results in 22.9
million lost hours a week, or $21.6 billion in lost productivity annually when the average wage
is factored into the calculation.
Early in 2005, Lycos Europe began offering computer users a weapon against spam-emitting
servers.The weapon is actually a screensaver program that automatically visits the Website advertised
in the spam.The idea behind this scheme is to have enough of these screensavers running
to slow down the Website or make it inaccessible. Lycos Europe encouraged its 22 million users
to download the screensaver for their own good, but, they affirmed, anyone who has a computer
is welcome to download it.
During the first week of February 2005, however, security experts warned that spam levels
could increase drastically in future years because spammers have found a new way to deliver
spam. Spamhaus said that a new piece of malware, a Trojan, has been created that gains control
of a PC and then uses it to send spam through the mail server of that PC’s Internet Service
Provider (ISP). Because the spam appears to come from the ISP, it is next to impossible for an
anti-spam blacklist to stop it.
See Also: Child Pornography; Electronic Mail or Email; Internet; Spammers;Trojan.
Further Reading: Demon Spam-Filtering Service. Frequently Asked Questions. [Online,
2004.] Demon Spam-Filtering Service Website. http://www.demon.nl/eng/products/
services/spamfilterfaq1.html; Ilett, D. Spammers tricking ISPs Into Sending Junk Mail. [Online,
February 2, 2005.] CNET Networks, Inc. Website. http://news.zdnet.co.uk/internet/
0,39020369,39186364,00.htm; In Brief. Program Hits Spammers. The Globe and Mail, December
2, 2004, p. B11; In Brief. Spam Wastes $22.9 Million Hours a Week, Survey Finds. The Globe and
Mail, February 9, 2005, p. C8.
Spammers (general term): Individuals such as online marketers who distribute spam. Email
users receive spam for the same reason that people receive junk mail through regular mail:
Marketers are trying to sell others their products or services. Because email is cheaper than regular
mail, email users tend to get an abundance of spam. Spammers derive their mailing lists from
many sources, including by scanning Usenet discussion groups, searching the Web for likely
addresses, and guessing email addresses at random.
Fighting spammers is a difficult battle at the best of times. During March and April 2005, two
legal cases showed both successes and failures in this regard.
Spam 296
The March 2005 case involved a North Carolina woman charged and then released from
spamming charges. Jessica DeGroot, aged 28, was dismissed of spamming charges under the new
Viriginia Antispam law because the jury apparently got buried in a heap of technological evidence
that it could not understand.The charged woman allegedly flooded tens of thousands of
AOL email accounts with unsolicited bulk advertisements.This case fuels pessimism about stopping
spammers despite such efforts as the passage of the CAN-SPAM Act, blacklists, and
Bayesian filters that try to differentiate between legitimate mail and spam by applying statistics.
The April 2005 case involved spammer Jeremy Jaynes of Raleigh, North Carolina, who went
by the name Gaven Stubberfield and was described by prosecutors as being among the top 10
spammers in the world. Jaynes was sentenced to nine years in prison for his spamming exploits.
This is considered to be a landmark case because it was the United States’ first successful felony
prosecution for transmitting spam over the Internet.
The Virginia jury ruled that Jaynes should serve nine years for transmitting 10 million emails
daily using 16 high-speed lines. Jaynes apparently earned as much as $750,000 a month on his
spamming operation.The case is being appealed.
To move ahead in the fight against spammers, Meng Weng Wong, founder of the email forwarding
service Pobox.com, is asking enterprises to join a movement to support proposed new
standards for email sender authentication. The new services proposed by Pobox.com will rate
email messages against thousands of criteria and then send spammers away by treating all email
as “guilty” until proven “innocent.”
The proposed standards include the Sender Policy Framework (SPF) and Microsoft’s Sender
ID Framework (SIDF). SPF is an SMTP extension rejecting messages when the “From” field
domain sender names do not match authorized IP addresses for that domain. SIDF combines
SPF with Microsoft’s Caller ID for email.
The challenge is that SIDF and SPF will be successful only if a critical mass of enterprises agrees
to be part of the movement by registering records of their domain names and IP addresses at sites
such as Pobox.com. At this early stage of the movement, some companies, such as Microsoft,
Amazon, and eBay, are in favor; others, such as Yahoo!, are against the movement for a variety of
reasons. In June 2005, an industry working group lead by Yahoo! and Cisco announced a new
standard for mail authentication named “DomainKeys Identified Mail,” which was subsequently
submitted to IETF for consideration as a standard.Yahoo! is using the standard for their mail systems,
and, as of March 2006, claims to process hundreds of millions of messages signed with
DomainKeys per day. No commonly used standard has emerged yet.
See Also: CAN-SPAM Act of 2003; Spam.
Further Reading: Associated Press. Spammer Sentenced to 9 Years in Prison in Landmark
Case. The Globe and Mail,April 9, 2005, p. B7; Baard, M. In the Dark About Solutions for Spam?
[Online, March 3, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/original
Content/0,289142,sid14_gci1064501,00.html; Demon Spam-Filtering Service. Frequently
Asked Questions. [Online, 2004.] Demon Spam-Filtering Service Website. http://www.demon
.nl/eng/products/services/spamfilterfaq1.html. Jordan, S. Email Authentication Myths and
Misconceptions. [Online, 2006]. Messaging News Website. http://www.messagingnews.com/
magazine/2006/03/features/email_authentication_myths_misc.html.
297 Spammers
Spamming/Scrolling (general term): Sending unsolicited emails for commercial purposes,
sometimes with the criminal intent to defraud.
See Also: Fraud; Spam.
Spear Phishing (general term): Cyber attack that is targeted at a single organization. Usually,
the attack is hidden in an email that seems to come from a trusted sender within the targeted
organization.
Special Oversight Panel on Terrorism (general term):A U.S. Congressional panel concerned
with threats to the United States and its allies from weapons of mass destruction, including bioterrorism
and cyberterrorism. In 2000, Dr. Dorothy Denning gave testimony before the panel saying
that cyberspace is constantly under assault and vulnerable to cyberattacks against targeted individuals,
companies, and governments—a point repeated by White Hat hackers for the past 20 years.
See Also: Denning, Dorothy;Terrorism;White Hats or Ethical Hackers or Samurai Hackers.
Spider (general term):An automated program that reads Web pages from a Website and then follows
the hypertext (HTTP) links to other pages. Spammers use spiders to sift through Web
pages to look for (that is, harvest) email addresses.
See Also: Bot or Robot; Electronic Mail or Email; HTTP (HyperText Transfer Protocol);
Spammers.
Spoofing (general term): The cyberspace appropriation of an authentic user’s identity by
nonauthentic users, causing fraud or attempted fraud, in some cases, and causing critical infrastructure
breakdowns in other cases. Spoofing can also target nonuser-based entities. For instance,
an IP address can be spoofed to appropriate the identity of a server and not a human (user).
See Also: Cyberspace; Fraud; IP Address; Internet Protocol (IP).
Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime:A
Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004.
Spyware (general term) Covert software that captures data about online users’ Internet surfing
habits.Adware, a form of spyware, gathers information to target unsuspecting users with email
pop-up ads or other marketing tools.
System administrators are keenly aware that running their desktops while being logged on as
an administrator can cause serious security problems. Because administrators have total system
authority, any program beginning under this account can perform almost any activity. Recently,
spyware pushers have developed means of adding their covert programs to the Windows Firewall’s
list of so-called trusted applications. Although trusted applications generally transmit traffic out
from the said computer, adding a registry subkey that references the application under the subkey
storing trusted applications works only if someone is logged in as an administrator.Administrative
accounts should be using sparingly and with caution.
A white paper available from Symantec Security Response outlines various risks affiliated
with spyware and adware, cites tests available for discovering spyware, and offers security strategies
for dealing with these when discovered. The white paper is at http://enterprisesecurity
.symantec.com/content.cfm?articleid=5667.
See Also: Electronic Mail or Email; Firewall; Symantec Corporation.
Spamming/Scrolling 298
Further Reading: Edwards, M.J.Windows Firewall:Another Good Reason Not to Login as
an Administrator. [Online, February 22, 2005.] Penton Media, Inc. Website. http://list
.windowsitpro.com/t?ctl=3E02:4FB69; Symantec. Symantec’s Anti-Spyware Approach. [Online,
May 19, 2005.] Symantec Website. http://enterprisesecurity.symantec.com/content.cfm?
articleid=5667;Won, S. and Avery, S. Computer Hackers Step Up e-Commerce Attacks. The
Globe and Mail, September 20, 2004, p. B3.
SQL Injection (general term):A security vulnerability occurring in an application’s database layer
that is caused by the incorrect delimiting of variables embedded in SQL statements. It is an example
of a broader class of vulnerabilities occurring whenever a programming or scripting language
is embedded inside another.
SSH (general term): A command used to remotely log in to a UNIX computer that uses
encrypted communication and is therefore the protocol of choice for remote administration
of both UNIX and Linux systems.
See Also: Linux; Protocol; UNIX.
Stack frame (general term):A stack frame procedure, or heavyweight procedure, allocates space
for and saves on the stack its caller’s context—information about the part of a program that
invokes the procedure, so that this information can be reinstated when the procedure finishes
executing. Such a procedure not only saves and restores registers but also makes standard calls to
other procedures. The stack frame has both a fixed part (whose size is known at compile time)
and an optional, variable part. If the latter is not present, certain optimizations can be completed.
See Also: Buffer Overflows.
Further Reading: Microsoft Corporation. 3.1.2 Stack Frame Procedure. [Online, 2004.]
Microsoft Corporation Website. http://msdn.microsoft.com/library/default.asp?url=/library/
en-us/csalpha98/html/3.1.2_stack_frame_procedure.asp.
Stack Smashing (general term): Occurs when a cracker purposely overflows a buffer on stack
to get access to forbidden regions of computer memory. A stack smash is based upon the attributes
of common implementations of C and C++.
See Also: Buffer Overflows; Programming Lanugages C, C++, Perl, and Java.
Further Reading: Aleph One. Smashing The Stack For Fun And Profit. [Online, Nov 8,
1996.] Phrack,V 9, # 49, 14 http://www.phrack.org/archives/phrack49.tar.gz .
Stallman, Richard (person; 1953– ): In 1982, he founded the Free Software Foundation
(FSF) and dedicated himself to producing high-quality, free software. He began the programming
and implementation of a full clone of UNIX, written in C and available to the
hacker community for free. He succeeded—with the help of a large and active programmer
community—to develop most of the software environment of a typical UNIX system, but he
had to wait for the Linux movement to gain momentum before a UNIX-like operating system
kernel became as freely available as he (and like-minded others) had continuously demanded. In
2002, a book written by Sam Williams entitled Free as in Freedom: Richard Stallman’s Crusade for
Free Software, chronicles Stallman’s life, discusses his motivations for wanting free software, and
gives insights into his highly creative hacker personality. Stallman’s personal home page can be
found at http://www.stallman.org/.
299 Stallman, Richard
See Also: Free Software Foundation (FSF); Linux; UNIX.
Further Reading: Rothke, B. Stallman’s Crusade For Free Software. [Online, May 22,
2005.] CMP Media LLC Website. http://www.unixreview.com/documents/s=2425/
uni1017174098539/; Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Start of Authority (SOA) (general term): Defines global parameters for a DNS zone—
meaning a portion of the namespace on the Internet under a single administrative control—as
defined in RFC 1035. Only one SOA record is permitted in a zone file. Considered to be not
only the most critical but also the most complex record in the zone file, the SOA contains the
root name of the zone, the TTL values, the class of record, and the primary or Master Domain
Name Server for the zone.
See Also: Root.
Further Reading: Zytrax, Inc. Start of Authority Record (SOA). [Online, November 17,
2004.] Zytrax, Inc.Website. http://www.zytrax.com/books/dns/ch8/soa.html.
Stateful Inspection (general term): Also referred to as dynamic packet filtering. Check Point
Software is credited with creating the term stateful inspection when it was used in the company’s
1993 FireWall-1.Today, stateful inspection is generally known as firewall architecture working
at the network layer. Different from static packet filtering, which looks at a packet based on the
information in the packet header, stateful inspection tracks every connection traveling through
all firewall network interfaces to make sure that they are valid.
Moreover, a stateful inspection firewall looks at both the header information and the packet
contents on all protocol layers including the application layer to ascertain more about the packet
than merely its source and destination. A firewall with stateful inspection also monitors the connection
state and puts the data together in a state table.Thus, filtering decisions are based not just
on configured rules by the administrator (as is the case in static packet filtering) but also on
context established by the packets that have previously passed through the firewall.
See Also: CheckPoint Software Technologies Ltd.; Firewall; Packet; Packet Filters.
Further Reading: Jupitermedia Corporation. What is Stateful Inspection? [Online,
August 18, 2003.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/S/
stateful_inspection.html.
Stealth Scan (general term): Mechanism to perform reconnaissance on a network while
remaining undetected. Uses SYN scan, FIN scan, or other techniques to prevent logging of a
scan.
See Also: Synchronize Packet (SYN); Synchronize Packet Flood (SYN Flood).
Further Reading: Internet Security Systems. Port Scanning. [Online, 2004]. Internet
Security Systems Website. http://www.iss.net/security_center/advice/Underground/Hacking/
Methods/Technical/Port_Scan/.
Steganography (general term): The practice of hiding information in e-pictures, MP3 music
files, or any binary data format that can be changed without invalidating the data format as well
as retain the appearance of being unaltered. Steganography is successful because it is based on the
Stallman, Richard 300
fact that digital images and MP3 music files are comprised of thousands of pieces of binary code
instructing a computer to color a pixel or to produce a certain sound. Because of the large number
of digital information pieces involved, a few can easily be changed to convey secret messages
without having a significant impact on the overall effect produced for the normal eye or ear.The
secret information tends to be stored in the least important parts of a digital image or MP3 tune.
Consider the potential that steganography could have for terrorists trying to communicate
with each other over the Internet. In a holiday e-picture, for example, dozens of pixels in the
background could be altered to convey an airline’s schedule, and to some casual observer or to
an FBI agent, the picture would likely appear to be “innocent” because the majority of the pixels
would be left unchanged. However, anybody who was told where to look could access the
information hidden in the amended pixels, which could then be put together and read.
Steganography involves a simple procedure that can be performed with software purchased
from stores or downloaded from the Internet.The main reason for using steganography rather
than cryptography is that anything encrypted tends to draw attention to the fact that some
important information is deliberately being hidden.
See Also: Internet; Federal Bureau of Investigation (FBI).
Further Reading: Carter, S. Clinic:What is Steganography? [Online, 2004.] ITSecurity.com
Website. http://www.itsecurity.com/asktecs/oct2301.htm.
Stoll, Clifford Books (general term): In 1990, in his book The Cuckoo’s Egg, he suggested that
automated data mining techniques could be used by Black Hat cyberterrorists to look for
interesting patterns in large amounts of non-secure and apparently unrelated data.
Thus, a financial institution may assume that its electronic fund transfer (EFT) system is the
most vital information system to protect, but a cyberterrorist may want access to the financial
records of only targeted individuals over some period of time. After entry to a system has been
gained, the cyberterrorist may not alter data but simply decide to track funding sources (given
the deposit records) to harm the targeted individual. In such a scenario, going into the financial
institution to destroy information is only a short-term strategy that will do little more than garner
too much attention.
Following the popularity of Stoll’s The Cuckoo’s Egg, he wrote a second book entitled Silicon
Snake Oil: Second Thoughts on the Information Highway. Stoll’s home page can be found at http://
www.ocf.berkeley.edu/~stoll/.
See Also: Black Hats; Cyberterrorism.
Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:
Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002.
Store-and-Forward (general term): A mechanism in which a network device or server application
waits for each message or packet to arrive in its entirety before forwarding it on the next
location.
Stream Cipher (general term): Belong to a class of symmetric-key encryption algorithms operating
on the plaintext one byte (or one bit) at a time.
See Also: Algorithm; Byte; Encryption; Plaintext.
301 Stream Cipher
Structured Query Language (SQL) (general term):The most widely used programming language
to access and retrieve data from relational database management systems (RDBMS).
See Also: RDBMS; SQL Injection.
Structured Threats and Unstructured Threats (general term): Organized efforts to attack a
specific target; unstructured threats are not organized and do not target a specific host, network,
or organization.
See Also: Host; Network.
Further Reading: Informit.com. Chapter 2: Attack Threats Defined and Detailed. [Online,
2004.] Informit.com Website. http://www.informit.com/content/images/1587200724/sample
chapter/1587200724content.pdf.
Subnet and Subnet Mask (general term): Part of a larger network. Subnetting splits a larger
network into smaller, more manageable parts.A bit pattern called a subnet mask is used to determine
which host belongs to which part of the network.
See Also: Netmask.
Subscriber Identity Modules (SIMs) (general term): Sometimes referred to as smart cards,
whose basic functions in wireless communications are for roaming and subscriber authentication.
Although these features can be achieved using a centralized “intelligent” network (IN) solution or
a “smart” handset (such as a cellular phone), some important benefits that could not be obtained
without the use of a SIM card include improved security and more marketing opportunities. In
fact, the latter are considered to be primary features differentiating wireless service offerings.
Smart cards have microprocessors built into their design so that they can run small applications.
In March 2005, a Los Angeles security consulting firm conducted an experiment outside the
Academy Awards ceremony in Hollywood and showed that security risks can arise with smart
cards.Three employees of the company Flexilis placed themselves in a crowd of more than 1,000
people and watched celebrities from about 30 feet away as they entered the Kodak Theater.The
researchers said that they were able to detect that somewhere from 50 to 100 attendees had smart
card cell phones whose contents could be siphoned from the service providers’ centralized computers.(
Within weeks of the Academy Awards ceremony, some personal contents of Paris Hilton’s
T-Mobile phone were siphoned from the service provider’s computers and posted on the
Internet.)
Though the Flexilis researchers noted that the range of vulnerable phones seemed to be a bit
odd, some of the “vulnerable” cellular phones may have been detected more than once with the
researchers’ laptop computer, scanning software, and a powerful antenna used in their experiment.
Because the White Hat researchers did not tap into any of the scanned cell phones—which
would have then become a cracking exercise—they could not tell exactly whose cell phones
were vulnerable.The researchers said that the purpose of the experiment was to raise awareness
about the threat to privacy that is becoming increasingly common as advanced cell phones contain
more personal information such as passwords, credit card numbers, and Social Security
numbers. Celebrities such as film stars, musicians, executives, and politicians are especially vulnerable
to crack attacks because they tend to be early adopters of emerging technologies,
typically without fully understanding the security risks associated with any new technology.
Their personal information is a highly marketable item for cybercriminals.
Structured Query Language (SQL) 302
See Also: Cybercrime and Cybercriminals; Smart Cards, Social Security Number (SSN);
Wireless.
Further Reading: International Engineering Consortium. Smart Cards in Wireless Services.
[Online, 2004.] International Engineering Consortium Website. http://www.iec.org/online/
tutorials/smartcard/; Markoff, J. and Holson, L.M. An Oscar Surprise: Vulnerable Phones.
[Online, March 2, 2005.] The New York Times Website. http://www.nytimes.com/2005/
03/02/movies/oscars/02leak.html.
Superuser Privileges or Administrative Privileges (general term): An account with all
wheel bits on. “Wheel” is the name of security group zero in Berkeley Software Distribution
(BSD), to which the primary system internal users belong. Some vendors have modified UNIX
so that only members of group “wheel” can have root privileges.
See Also: Administrator; BSD (Free, Open, BSDI).
Supervisory Control And Data Acquisition (SCADA) (general term): Systems relied on by
most critical infrastructure organizations for adjusting and monitoring switching, for manufacturing
of goods, and for other kinds of process-control activities—based on feedback collected
by sensors. A number of security experts think that these systems may be vulnerable to crack
attacks; thus, their role in controlling the critical infrastructures may actually make them attractive
targets for cyberterrorists.
Though SCADA systems previously used only proprietary computer system software, with
their operations largely confined to isolated networks, today’s SCADA systems operate using
commercially available software, thus increasing their vulnerability to exploitation. Moreover,
more SCADA systems are being linked through the Internet directly into corporate headquarters’
computer systems. For these reasons, certain experts believe that the SCADA systems are not
sufficiently protected against a crack attack. Other security experts disagree, saying that the
SCADA systems are not only more robust than previously thought but also more resilient than
they were before.Thus, if the systems were attacked, they would recover quickly.
See Also: Critical Infrastructures; Critical Networks; Cyberterrorists; Internet.
Further Reading: Wilson, C. CRS Report for Congress: Computer Attack and
Cyberterrorism:Vulnerabilities and Policy Issues for Congress. [Online, October 17, 2003.] CRS
Report Website. http://www.fas.org/irp/crs/RL32114.pdf.
Switch (general term): A network device joining many systems together at a low-level layer of
the network protocol. The most widely used Ethernet switches operate at the second layer
(Data Link Layer) of the OSI model and look like hubs. Switches have more “intelligence” than
hubs, however, and are therefore more costly. Unlike hubs, switches can inspect data packets as
they are received, they can determine both the source and the destination device of the packet,
and they can then forward the packet correctly. By delivering messages to only the connected
device for which it was intended, network switches save network bandwidth and offer typically
better performance than hubs can.
Network switches offer varying port configurations, beginning with 4-port or 5-port models
and going up to stackable core infrastructure switches with several hundred ports.They support
10 Mbps Ethernet, 100 Mbps Ethernet, and 1GBit/s Ethernet, or all three.
See Also: Ethernet; Open Systems Interconnect (OSI) Model; Protocol.
303 Switch
Further Reading: About, Inc. Switch. [Online, 2004.] About, Inc.Website. http://compnet
working.about.com/library/glossary/bldef-switch.htm.
Symantec Corporation (general term): A security company that was founded in 1982 and has
headquarters in Cupertino, California.The company has more than 5,500 employees and operations
in more than 35 countries. Considered by many to be a global leader in information security,
the Symantec Corporation provides a broad range of IT security appliances, software, and services
for home computer users and businesses of all sizes. Moreover, Symantec’s Norton product brand
is a leader in consumer security solutions.
On March 21, 2005, Symantec Corporation issued a report noting that Internet attacks grew
by 28% in the second half of 2004, relative to the first half of the year. On average, businesses and
other agencies received 13.6 attacks on their computer networks daily in the second half of 2004,
the report said, in comparison to to 10.6 attacks in the first six months of that year.The financial
sector apparently was the favored hack attack target. Moreover, noted the security experts at
Symantec, crackers now seem to be setting their sights on mobile computers.
According to this same Symantec Corporation report, the favored attack tools included
adware and spyware, as well as phishing.The reported costs to U.S. firms in 2004 from phishing
scams alone was in excess of $1.2 billion.
See Also: Phishing; Spyware.
Further Reading: Avery, S. Hacker Alert: Report Finds Surge in On-line Attacks. The Globe
and Mail, March 21, 2005, p. B1, B5; Symantec Security Response. Symantec Corporate
Information. [Online, July 15, 2004.] Symantec Security Response Website. http://www.symantec
.com/corporate/.
Symantec Internet Security Threat Report (general term): In February 2003, the Symantec
Internet Security Threat Report said that during the second part of 2002, the highest rates for
computer exploits targeted critical infrastructure industry companies, such as energy, financial
services, and power, a finding that helped escalate the fears of an imminent cyber Apocalypse.
See Also: Critical Infrastructures; Critical Networks; Cyber Apocalyse. The findings of the
more recent report for the period between July 1, 2005, and December 31, 2005, indicate that
the threat landscape is now dominated by attacks and malicious code that are used to commit
cybercrime. Attackers have moved away from large,multipurpose attacks on network perimeters
and have moved toward smaller, more focused attacks on client-side targets.
Further Reading: Wilson, C. CRS Report for Congress: Computer Attack and
Cyberterrorism:Vulnerabilities and Policy Issues for Congress. [Online, October 17, 2003.] CRS
Report Website. http://www.fas.org/irp/crs/RL32114.pdf. Turner, D. (ed). Symantec Internet
Security Threat Report.Vol IX. [Online, March 2006]. Symantec Website. http://www.symantec
.com/enterprise/threatreport/index.jsp.
Symmetric Network (general term):A network in which all devices can send and receive data
at the same rates. Symmetric networks support more bandwidth in one direction as compared to
the other, and symmetric DSL offers clients the same bandwidth for both downloads and
uploads. A lesser used definition for symmetric network involves resource access—in particular,
the equal sharing of resource access. In contrast, asymmetric networks divide at least part of the
Symantec Corporation 304
resources unequally between devices. Pure P2P (Peer-to-Peer) networks such as Gnutella use
“perfect” symmetry, meaning that all computers on the network have equal opportunities to discover,
publish, and receive content.
See Also: DSL; Gnutella; Peer-to-Peer (P2P).
Further Reading: About, Inc. Symmetric. [Online, 2004.] About, Inc. Website. http://
compnetworking.about.com/library/glossary/bldef-asymmetric.htm.
Synchronize Packet (SYN) (general term):The first packet sent across the network when setting
up a TCP connection. For example, when an individual contacts the University of Ontario
Institute of Technology’s Website at http://www.uoit.ca, the first packet that the individual’s system
sends is a SYN packet to the HTTP port 80 on www.uoit.ca. The browser tells the Web
server that it wants to connect.
Most packet-filtering firewalls operate by blocking SYN packets, which then cause the connections
to not be initiated. An individual can still scan behind the firewalls using ACK or FIN
packets, but he or she will not be able to connect to any of those machines.
See Also: HTTP (HyperText Transfer Protocol);TCP/IP or Transmission Control Protocol/
Internet Protocol.
Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html.
Synchronize Packet Flood (SYN Flood) (general term): A type of Denial of Service
(DoS) attack. When a session is started between the Transport Control Protocol (TCP) client
and the network server, a tiny buffer space exists to deal with the fast “hand-shaking” exchange
of messages starting the session.The session-starting packets include a SYN field, identifying the
sequence in the message exchange.
A cracker can send many connection requests in a rapid pace and then not respond to the
reply.This activity leaves the first packet in the buffer so that other legitimate connection requests
cannot be completed. Although the packet in the buffer is dropped after a given period without
a reply (that is, the timeout period), the result of multitudes of these fake connection requests is
to make it very hard for legitimate requests for connections to get started. Generally, this problem
depends on the operating system’s ability to provide the correct settings or to allow the
network administrator to tune the buffer size and the timeout period.
In September 2000, to counter SYN Flood, a TCP intercept was released in IOS Version
11.3. This feature, available on all Cisco Systems, Inc. routers, was designed to stop known
SYN attacks against internal hosts.
To help readers better understand what a SYN attack is, first we describe the details for a SYN
Flood, then we describe how a TCP intercept feature works. In the TCP three-way handshake,
the initial packet has the SYN bit set. A host that gets this packet—asking for a particular service
to be provided—responds with a packet that has the SYN and ACK bits set. It then waits for an
ACK from the starter of the request. If the starter of the request never sends back this final
acknowledgement—the third part of the handshake—the host “times out” the connection (a
process that can take multiple seconds or even some minutes).During this waiting period, the halfopen
connection uses resources, which is the point of the attack.
305 Synchronize Packet Flood (SYN Flood)
Though thousands of these initiating SYN packets are sent to a host, not only is the source
IP address in these packets fake but also the source address of the fake packet is an unreachable
address.That is, most times the source address is either unregistered or is the address of a host that
does not really exist.The attacker does not want to complete the handshake; therefore, the system
under attack will not receive the final ACK packet completing the initial three-way
handshake. Rather, it waits for the “timeout” on thousands of connections to occur. Eventually,
the hosts’ resources are depleted. Because additional connections for legitimate requests cannot
be set up, the host becomes unusable.
The TCP intercept feature fulfills its function by intercepting and validating TCP connection
requests.This feature can work in two modes—the “watch only” mode and the “intercept”mode.
In the intercept mode, the router intercepts TCP requests directed to it and creates a connection
to the client on the behalf of the server, as well as to the server on the client’s behalf. If both connections
succeed, the router merges the two. The router has strong timeouts to stop its own
resources from being consumed by a SYN attack.
When in “watch mode,” the router watches half-open connections in a passive manner and
actively closes connections on the server after a length of time that is configured.Also, access lists
are defined to detail which source and which destination packets are subject to TCP intercepts.
See Also: Cisco Systems, Inc.; Denial of Service (DoS); Internet Operating System (IOS);
Routers;TCP/IP or Transmission Control Protocol/Internet Protocol.
Further Reading: Philippo, J. Preventing SYN Flooding with Cisco Routers. [Online,
September 6, 2000.] SANS Institute W