wikiinlet

tag:blogger.com,1999:blog-77082641854096425502012-02-16T17:25:13.408-08:00wikiinlet1U3.INnoreply@blogger.comBlogger21100tag:blogger.com,1999:blog-7708264185409642550.post-64533733250920504792009-06-23T16:18:00.000-07:002009-06-23T16:20:14.563-07:00Websters.New.World.Websters.New.World.Hacker.Dictionary.Hacking 148 See Also: Cracking; Eavesdrop; Privacy; Privacy Laws. Further Reading: Ishai,Y. Sahai, A. and Wagner, D. Private Circuits: Securing Hardware Against Probing Attacks. [Online, 2004.] University of California at Berkeley Computer Science Department Website. http://www.cs.berkeley.edu/~daw/papers/privcirc-crypto03.pdf. Hardware Setup (general term): A set of parameters such as data rate, modem type, and port/device used as a resource to launch a host or a remote session. See Also: Host; Modem; Port and Port Numbers. Hardware Vulnerabilities (general term): Generally caused by the exploitation of features having been put into the hardware to differentiate it from the competition or to aid in the support and maintenance of the hardware. Some exploitable features include terminals with memory that can be reread by the computer and downloadable configuration and password protection for all types of peripheral devices, including printers. It is the cracker’s creative misuse of these features that can turn a “feature” into a “vulnerability.” See Also: Exploit; Hardware Attacks Paper by Ishai, Sahai, and Wagner;Vulnerabilities of Computers. Further Reading: Pipkin, D.L. Halting the Hacker: A Practical Guide to Computer Security. Upper Saddle River, NJ: Prentice Hall, 2003. Harm to Property (legal term): Can occur in nonvirtual crimes such as vandalism as well as in virtual crimes such as Web page defacement. See Also: Harm. Hash, One-Way (general term):The output or end result value of data that has been processed by an algorithm, transforming messages, text, or binary data into a fixed string of numbers for security or data-management purposes.“One-way” suggests that it is almost impossible to figure out the original text or data from the numerical string.A one-way hash function is typically used for digital signature creation, which in turn identifies and authenticates the sender of a digital message or ensures the integrity of the binary data. On March 11, 2005, news stories reported that a month earlier, three Chinese cryptologists discovered how to crack a U.S. government–approved information security system called Secure Hash Algorithm-1, or SHA-1.The worry was that this encryption is prevalently used within the U.S. government, including the U.S. intelligence community and the Pentagon. SHA-1 is commonly used to verify the integrity of digital media and to ensure that secure email has not been altered during transmission. See Also: Algorithm;Text. Further Reading: Gertz, B. and Scarborough, R. Inside the Ring. [Online, March 11, 2005.] News World Communications, Inc. Website. http://washingtontimes.com/national/20050311- 123922-9537r.htm; Jupitermedia Corporation.One-way Hash Function. [Online, January 8, 2002.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/O/one-way_hash_ function.htm. Health Insurance Portability and Accountability Act of 1996 (HIPAA) (legal term): Focused on health protection for United States employees in a number of ways, with the Centers 149 Health Insurance Portability and Accountability Act of 1996 (HIPAA) for Medicare and Medicaid Services (CMS) having the responsibility to implement various unrelated provisions of HIPAA. Title I of HIPAA maintains that health insurance coverage for individuals and their families will carry on when they transfer or lose employment, and Title II requires the Department of Health and Human Services to develop and maintain national standards for e-transactions in health care.Title II also speaks to the security and privacy of health data. The developers of HIPAA felt that such standards would improve the efficiency and effectiveness of the U.S. health care system by encouraging the secure and private handling of electronic data. For information security purposes, HIPAA requires a double-entry or doublecheck of data entered by personnel. With a deadline of April 21, 2005, all U.S. health care organizations had to meet the new HIPAA Security Rule regulations by taking extra measures to secure protected health information. The final version of the Security Rule was published on April 21, 2003. See Also: Accountability; Privacy; Privacy Laws; Security. Further Reading: Centers for Medicaid and Medicare Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). [Online, October 16, 2002.] Centers for Medicaid and Medicare Services Website. http://www.cms.hhs.gov/hipaa/; Consul. Consul Insight and HIPAA. [Online, August 30, 2004.] Consul Website. http://searchSecurity.com/r/ 0,,38262,00.htm?track+NL-358&ad=506624&CONSUL. Helsingius, Johan (person; 1962– ): During the mid-1990s, hackers around the world were arrested for their exploits, and the media took every opportunity to color them as criminals. One of the highly publicized cases was that of Johan Helsingius (a.k.a. Julf), a Finnish hacker who ran the most subscribed anonymous remailer, penet.fi, on a run-of-the-mill 486 computer with a 200-megatbyte hard drive. In July 1995, his premises were raided by the police after the Church of Scientology filed a complaint that a penet.fi customer was posting the Church’s “secrets” on the Internet. The Finnish court eventually ruled that Helsingius must reveal the customer’s email address. In contrast to most hackers, Johan did not have a moniker and did not post himself anonymously on the Web. On May 20, 2005, Johan’s Web page was down.A note on this Web page pointed to the cracking efforts of spammers and virus writers: http://www.julf.com/. See Also: Anonymity; Anonymous Remailer; Electronic Mail or Email; Exploit; Hacker; Internet; Moniker. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Hexadecimal (general term): Refers to the base 16 numbering system, consisting of 16 unique symbols—the numbers from 0 through 9 and the letters from A to F.This system is useful because it represents every byte (that is, 8 bits) as two consecutive hexadecimal digits, which are easier for people to read than binary numbers.For example, 15 is represented as “F” in the hexadecimal numbering system. To translate a hexadecimal value to a binary one, an individual turns every hexadecimal digit into its 4-bit binary counterpart, such that hexadecimal numbers have either a 0x prefix or an h suffix. For example, the hexadecimal number 0x3F7A translates into this binary number: 0011 1111 0111 1010. Health Insurance Portability and Accountability Act of 1996 (HIPAA) 150 See Also: Bit and Bit Challenge. Further Reading: Jupitermedia Corporation. Hexadecimal. [Online, March 31, 2003.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/H/hexadecimal.html. Hijacking (general term):The cutting off of an authenticated, authorized connection between a sender and a receiver.Through hijacking, an attacker can take over the connection,“killing” the information sent by the original sender and sending “attack data” instead. See Also: Exploit. Himanen, Pekka (person; 1974– ): A University of Helsinki philosophy professor and previously a hacker. Himanen coauthored The Hacker Ethic and the Spirit of the New Economy, published in 2001, with Manuel Castells, a sociology professor at the University of California, and Linus Torvalds, the man behind Linux.The book advocated viewing a hacker primarily as an enthusiastic programmer—and not as some dangerous criminal—who shares his or her work with others. Pekka Himanen’s Web page can be found at http://www.pekkahimanen.org/. See Also: Linux;Torvalds, Linus. Hoffman,Abbie and Bell, Al Team (general term): In the 1970s, the publishing partner of Al Bell,Yippie guru Abbie Hoffman, amended the title of The Youth International Party Line newsletter to TAP, or Technical Assistance Program.The premise behind the newsletter was that phreaking did not hurt anyone because telephone calls emanated from an unlimited reservoir. At the time, hackers voraciously absorbed the rather technical articles found in TAP—which encompassed such “hot” topics as explosives formulas, electronic sabotage blueprints, credit card fraud, and so on. Peculiar forms of Computer Underground writing were started in this newsletter, such as spelling the word “freak” as “phreak,” substituting “z” for “s,” and substituting “0” (zero) for “O” (the letter). These trends within the hacker community continue. The last editor of TAP was phreaker Cheshire Catalyst. See Also: Cheshire Catalyst and TAP; Phreaking;TAP. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Homeland Security Act of 2002 (legal term): Brought by U.S. Representative Richard Armey, R-TX, to the Standing Committee in the House on July 10, 2002. Amendments were made by the Committee on Homeland Security on July 24, 2002.The legislation was passed by the House and Senate as of November 25, 2002 and was signed by President George W. Bush as Public Law 107-296 to establish the Department of Homeland Security. See Also: Department of Homeland Security (DHS). Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet. [Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/ legislation/107th/wiretaps/. Homeland Security Information Sharing Act of 2002 (legal term): In 2002, U.S. Senator Saxby Chambliss, R-GA, and U.S. Representative Jane Harman, D-CA, suggested that the United States should have a Homeland Security Information Sharing Act to assist in sharing with state and local authorities homeland security information by federal intelligence agencies. The Act would also have the President direct the coordination of various intelligence agencies.The 151 Homeland Security Information Sharing Act of 2002 Act was referred to the Committee on Intelligence and to the Committee on the Judiciary on April 25, 2002. It was sent to the Subcommittee on Crime,Terrorism, and Homeland Security on May 6, 2002, and on June 13, 2002, it was reported with changes by the House Judiciary. Finally, on June 25, 2002, it was passed by the House. After the September 11 terrorist attacks, other nations passed similar acts for the sharing of homeland security information by national intelligence agencies with local authorities and for determining the criteria as to who should be considered a terrorist risk.The terrorist risk criteria question has stirred considerable controversy, with people of Arab or Muslim backgrounds in particular claiming unfair labeling and unfair screening and civil liberties groups arguing that bills authorizing “watch-list” criteria do not adequately protect people’s privacy. As did the United States, after September 11, 2001, the Canadian parliament enacted extraordinary police and security measures, and the Canadian Security Intelligence Service (CSIS), headed as of this writing by Jim Judd, was charged with determining terrorist risk criteria. In March 2005, Liberal Senator Mobina Jaffer claimed that some members of identifiable groups have had to cope with the negative impact of nondiscreet activities used by some CSIS officers. She stated the case of a professor who was not in his office when a CSIS officer telephoned repeatedly, leaving the message that the agency wanted to speak with him.Though these activities led university colleagues to suspect that he was terrorist suspect, in the end the CSIS officer apparently wanted only to have some information about Afghanistan. In June 2006 terrorist headlines were made when the RCMP and CSIS rounded up 17 Canadian-bred terrorist suspects. Their targets allegedly included the Parliament buildings in Ottawa, the CBC Broadcasting Centre, CSIS offices, an unspecified military installation, the Toronto Stock Exchange, and the CN Tower in Toronto. See Also: Department of Homeland Security (DHS); Intelligence; Privacy; Privacy Laws; Risk;Terrorism; U.S. Intelligence Community. Further Reading: CBC: Indepth:Toronto Bomb Plot. [Online, June 5, 2006.] CBC Website. http://www.cbc.ca/news/background/toronto-bomb-plot/index.html; Center for Democracy and Technology. Legislation Affecting the Internet. [Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/legislation/107th/wiretaps/; Sallot, J. Building Terror-Watch System Slow Work, CSIS Chief Says. The Globe and Mail, March 8, 2005, p. A4. Homeland Security Strategy Act of 2001 (legal term): Introduced by U.S. Representative Ike Skelton, D-MO, on March 29, 2001, the Homeland Security Strategy Act, also known as H.R.1292, if passed, required the President of the United States to design and implement a strategy for providing security to the homeland. On March 29, 2001, this legislation was referred to the Committee on the Armed Services on Transportation and Infrastructure. On April 4, 2001, it was sent to the Transportation and Infrastructure Committee, and on April 19, 2001, it was sent by the Judiciary Committee to the Subcommittee on Crime. On August 10, 2001, it received unfavorable Executive Comment from the Department of Defense.The terrorist attacks of September 11, 2001, occurred one month later. See Also: Critical Infrastructures; Critical Networks; Department of Homeland Security (DHS); Security; September 11, 2001;Terrorism;Terrorist Events. Homeland Security Information Sharing Act of 2002 152 Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet. [Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/ legislation/107th/wiretaps/. Honeypots or Honeynets (general term): A computer or computer network set up to “pretend” that it offers some real service, such as a Web or Email service, on the Internet.The real purpose of a honeypot is, in fact, to lure crackers.The computer or network is closely monitored by an expert to find out how a cracker breaks into the system and what he or she does to compromise it. Generally, honeypots contain legal warnings in their banners advising crackers to leave. Honeypots can also observe individuals who run botnets, a network of compromised machines controlled remotely by crackers. In March 2005, a new honeypot was said to be able to trap crackers using Google queries to discover vulnerable systems. These crackers would normally use search engine queries to find sites whose URLs contain a particular string of words or phrases indicating that the site uses vulnerable applications. Legal issues about whether honeypots infringe on crackers’ privacy rights have arisen in recent years and will likely continue to emerge and be resolved in court. See Also: Bot or Robot; Crackers; Internet; Privacy; Privacy Laws. Further Reading: Honeypots.net. Intrusion Detection Articles, Links and Whitepapers. Honeypot.net Website. http://www.honeypots.net/ids/links/; Penton Media Inc. Google Hacking: No Longer a Sure Thing for Intruders. [Online, March 19, 2005.] Penton Media Inc. Website. http://list.windowsitpro.com/t?ct1=48C6:4FB69;The Honeypot Project and Research Alliance. Know Your Enemy:Tracking Botnets. [Online, March 13, 2005.] The Honeynet Project Website. http://www.honeynet.org/papers/bots. Hook (general term): An area in the message-handling mechanism of a computer system in which an application can install a subroutine to monitor the message traffic in the system.This application can also process certain kinds of messages before they can reach the targeted window procedure. Hooks significantly slow down computer systems because they increase the amount of processing that the system must perform for each message; therefore, they should be installed only when necessary. See Also: Message. Further Reading: Microsoft Corporation. Hooks. [Online, 2004.] Microsoft Corporation Website. http://msdn.microsoft.com/library/default.asp?url=/library/enus/winui/winui/ windowsuserinterface/windowing/hooks.asp; http://msdn.microsoft.com/library/default.asp? url=/library/en-us/winui/WinUI/WindowsUserInterface/Windowing/Hooks/AboutHooks.asp. HOPE: See Hackers on Planet Earth. Hopper, Grace Murray (person; 1906–1992): A Rear Admiral who wrote the computer language Cobol and was a woman of computing fame during the 1960s. She not only was a leader in software development concepts but also helped to catalyze the transition from early programming techniques to the utilization of sophisticated compilers. Dr. Hopper received a number of awards for her successes, and in 1969 she was the first recipient of the Computer Sciences Manof- the-Year Award given by the Data Processing Management Association. She died in 1992. 153 Hopper, Grace Murray See Also: Programming Languages C, C++, Perl, and Java. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Host (general term): A computer that permits users to communicate with other computers on a network by providing a service. Individual users access these services through application programs such as electronic mail (email), FTP, and telnet. See Also: Electronic Mail or Email; FTP (File Transfer Protocol); Network;Telnet. Further Reading: QUT Division of Technology, Information and Learning Support. Network Glossary. [Online, July 17, 2003.] QUT Division of Technology, Information and Learning Support Website. http://www.its.qut.edu.au/network/glossary.jsp. Hotspots or Drive-by Hacking (general term): A location from which wireless service is accessible. Although a number of service providers make wireless Internet access legal in such places as airline lounges, Internet cafes, and hotel lobbies, “drive-by hacking” occurs when crackers try to spoof mobile device credentials as they are seated in a parked car or in some building at a “safe” distance from some targeted company. In a move to curb drive-by hacking, in April 2003, Interlink Networks (a producer of wireless networks access control and security software) and Bluesoft (a producer of wireless security positioning platforms) announced a partnership.Together, they said, they would provide valueadded security software for Wi-Fi (IEEE 802.11) networks. Although Interlink Networks’ software secures access to both private and public wireless LAN networks (based on the standards-based 802.1x security solution that is also compliant with the Wi-Fi Protected Access or WPA specifications), Bluesoft’s system not only locates the mobile device but also has authentication information.This location-based authentication software adds a layer of wireless security by permitting companies to make sure that only authenticated users in a designated building, or on, say, a designated university campus would be allowed access to the network. Also, location-based policy management would be able to allow for differentiated services in different parts of the building or on different parts of the campus. For example, Internet access could be provided in the building’s lobby but denied in the remaining building areas. See Also: Crackers; Internet;Wardriving and Warwalking;Wireless. Further Reading: BWE, Inc. Interlink Networks and Bluesoft Partner to Deliver Wi-Fi Location-Based Security Solutions. [Online, 2003.] BWE, Inc.Website. http://www.wifizonenews .com/publications/page358-492296.asp. HTML or HyperText Markup Language (general term):The text format for the Websites of the World Wide Web (WWW). HTML is a language known for its ease of authoring. See Also: Internet;World Wide Web (WWW). Further Reading: Internet Highway, LLC. Internet Highway, LLC. Internet Terminology: HTML. [Online, 1999.] Internet Highway, LLC Website. http://www.ihwy.com/support/ netterms.html. HTTP (HyperText Transfer Protocol) (general term): Used to transfer WWW data over the Internet.This is why all Website addresses begin with http://. Hopper, Grace Murray 154 Whenever a user types a URL into the browser and presses the Enter key, his or her computer sends an HTTP request to the correct Webserver.The Webserver, developed to handle such requests, then sends the user the requested HTML page. Or to be entirely accurate, a Webserver can send HTML back to a browser dynamically and not necessarily in a page. Dynamic languages, such as PHP (PHP: Hypertext Processor), can generate HTML dynamically and not deal with it in a page. Some important Websites related to detecting and curbing cracking activities, cyberterrorism, and cybercrimes include http://www.2600.com, the Website for 2600: The Hacker Quarterly; http://www.antionline.com, the Website for Antionline (AO), a place where members share their knowledge to help others learn to identify and mitigate security issues regarding real-world events; and http://www.cert.org, the Website for the CERT Coordination Center (CERT/CC), a center of Internet security expertise located at the Software Engineering Institute at Carnegie Mellon University. See Also: HTML (HyperText Markup Language); Internet; URL or Uniformed Resource Locator;World Wide Web (WWW). Further Reading: Christensson, P. 2004. SharpenedNet.com: Glossary: HTTP. [Online, 2002.] Per Christensson Website. http://www.sharpened.net/glossary/definition.php?http. Hughes, Eric, Gilmore, John, and May, Tim Team (general team): Thinking that a need existed for privacy in an open-information society, Eric Hughes started the Cypherpunks with John Gilmore and Tim May. Calling themselves a wandering band of cryptographers, advocates for privacy, and anarchists in a digital world, the Cypherpunks have a prolific email list that purportedly synthesizes mathematical concepts with the practical issues of a cultural revolution. See Also: Cypherpunks. Further Reading: Wired Digital Inc. Eric Hughes. [Online, July 11, 1996.] Wired Digital Inc.Website. http://hotwired.wired.com/talk/club/special/transcripts/96-07-11.hughes.html. Human Factor or Social Engineering (general term):Typically, cracking activities include not only some degree of technological prowess but also human factor skills, known as social engineering. Simply put, even at the very basic level, a cracker needs to “social engineer” a computer system or another human being into thinking that he or she is the system administrator or a legitimate user.“Human factor engineering” and “social engineering,” therefore, are general terms used to describe how crackers manipulate a social situation to gain access to a network for which they are not authorized.This access could be permanent or temporary and could even employ as part of the scheme an organizational “insider.” Putting on a janitor’s outfit and pretending to be allowed access to a computer network would be one example of a low-end “human factor” or “social engineering” technique. See Also: Computer; Cracking; Social Engineering; Social Engineering Techniques. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. 155 Human Factor or Social Engineering IANA or Internet Assigned Numbers Authority (general term): One of the key bodies overseeing Internet networking. IANA governs top-level domains—represented by the final part of Web domain names, such as .com, .org, or .edu. It also governs IP address allocation and TCP and UDP port number assignment. See Also: Internet; IP Address;TCP/IP or Transmission Control Protocol/Internet Protocol; User Datagram Protocol (UDP). Further Reading: About, Inc. 2004. IANA. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/library/glossary/bldef-iana.htm. ICE (Intrusion Countermeasure Electronics or IC) (general term): In the Computer Underground (CU),“ice” is a fictional form of anti-cracker countermeasure, often depicted as a wall of ice.The term first appeared in William Gibson’s book Neuromancer, in which he described various means of protecting systems from intrusion. In other words, IC was a software program on the Matrix to stop illegal access to company or government computer systems and valuable information stores.A number of intrusion countermeasure electronics types were available, including lethal Black IC—which could kill the intruder—and Probe IC, which hunted for system trespassers and then shot back. Today, real world Intrusion Detection products, such as BlackICE, are modeled after the theoretical concepts. Nobody is killed and the shooting back—although technically illegal—targets the attacker’s computer system. See Also: Matrix; Probe. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; Clutton, R. Welcome to the Simple Guide of Cyberpunk. [Online, June 24, 2001.] http://tip.net.au/ ~rclutton/cdict.html. Icebreaker (general term): A software program that cracks corporate firewalls. See Also: Cracking; Firewall. Further Reading: Clutton, R. Welcome to the Simple Guide of Cyberpunk. [Online, June 24, 2001.] http://tip.net.au/~rclutton/cdict.html. id (identity) (general term): A UNIX command that identifies the user account executing the command—often an early command that crackers will run on the system when cracking remotely. In short, the intruder will remotely compromise a service running under a root account, an account set up for a special service, or a user’s account. The hope of crackers is to achieve root access immediately. If this is not achieved, the cracker will need to run a local exploit to elevate his or her privileges. See Also: Remote Attacks or Exploits or Intrusions. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Identd/auth (general term): A service on UNIX that can be used to identify a TCP connection owner.Though it was first developed to be used as an authentication mechanism, today it is used primarily to log who does what activities. See Also: Authentication; Log;TCP/IP or Transmission Control Protocol/Internet Protocol; UNIX. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Identity Theft or Masquerading (legal term):The malicious theft and consequent misuse of someone else’s identity to commit a crime. Identity theft often involves cracking into a system to obtain personal information, such as credit card numbers, birth dates, and social insurance or Social Security numbers of targets and then using this information in an illegal manner, such as buying items with the stolen identity or pretending to be someone else of higher professional status in order to gain special privileges. Identity theft is one of the fastest-growing crimes in the United States and elsewhere around the globe. On February 21, 2005, ChoicePoint Inc., a data warehouser having 17,000 business customers, had its massive database of client personal information cracked. Consequently, the company said that about 145,000 consumers across the United States may have been adversely impacted by the breach of the company’s credentialing process. The company said that the criminals who obtained access used stolen identities to create what seemed to be legitimate businesses wanting ChoicePoint accounts. The cybercriminals then opened 50 accounts and received abundant personal data on consumers, including their names, addresses, credit histories, and Social Security numbers. As a result of this case as well as of similar 2005 breaches at the LexisNexis Group (affecting 310,000 clients) and at the Bank of America (affecting about 1.2 million federal employees with this charge card), Discount ShoeWarehouse (affecting about 1.2 million clients), and more than 300,000 identities stolen from universities since January 2005,U.S. politicians, including two U.S. Senators, called for hearings and ramped-up regulations to protect consumers against identity theft. Moreover, the U.S. states are collectively proposing more than 150 bills to regulate online security standards, increased identity theft and fraud protection, increased data broker limitations, increased limits on data sharing or use or sales, and better security breach notification. On March 4, 2005,White Hat hackers surfed the Web at Seattle University with the intent of harvesting Social Security Numbers and credit card numbers. In less than 60 minutes, they found millions of names, birth dates, and Social Security and credit card numbers using just one Internet search engine,Google.They warned that the use of the right kind of sophisticated search terms could even find data deleted from company or government Websites but temporarily cached in Google’s extraordinarily large data warehouse.The problem did not lie with Google, they affirmed, but with companies allowing Google to enter into the public segment of their networks (called the DMZ) and index all the data contained there. Although Google does not need to be repaired, said the White Hats, companies and government agencies need to understand that they are exposing themselves and their clients by posting sensitive data in public places. See Also: Cybercrime and Cybercriminals; Social Security Number (SSN);Theft. id (identity) 158 Further Reading: Associated Press. Data Brokerages: LexisNexis Database Hit by ID Thieves. The Globe and Mail, March 10, 2005, p. B13; McAlearney, S. Privacy: How Much Regulation Is Too Much? [Online, May 2, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/ originalContent/0,289142,sid14_gci1083916,00.html?track=NL-358&ad=513148; Shukovsky, P. Good Guys Show Just How Easy It Is to Steal ID. [Online, March 5, 2005.] Seattle Post- Intelligencer Website. http://seattlepi.newsource.com/local/214663_googlehack05.html;Weber, H.R. Criminals Access ChoicePoint’s Information Data. The Globe and Mail, February 22, 2005, p. B15. IEEE 802.11 (general term): In 1977, the Institute of Electrical and Electronics Engineers, known as the IEEE, ratified the 802.11 specification as the standard for Wireless Local Area Networks (WLANs).The specifications originally defined 1 Mbit/s and 2 Mbit/s data transmission rates and a set of basic signaling methods.However, those earlier data transmission rates were too slow to support most business requirements and were ineffective in encouraging WLAN adoption. Therefore, in 1999 the IEEE ratified the 802.11b standard (or 802.11 High Rate), which provided for data transmission rates up to 11 Mbit/s. In June 2003 the 802.11g standard was ratified to allow for data transmission rates up to 54 Mbit/s. The 802.11 specification defines a pair of devices: (1) a wireless station—typically a PC with a wireless network interface card (known as NIC); and (2) an access point (known as AP)— which serves as a bridge between the wired and the wireless worlds. An AP usually has a radio, an Ethernet interface (such as IEEE 802.3), and software meeting the 802.1d “bridging” standard.The AP serves as the wireless network’s base station so that many wireless end stations can get access to the wired network. Wireless end stations, though they vary, typically include 802.11 PC cards and embedded solutions in useful items such as telephone handsets. The 802.11 standard also defines two modes: the infrastructure mode and the ad hoc mode. In infrastructure mode, the wireless network is made up of at least one AP connected to the wired network infrastructure as well as a number of wireless end stations.The latter is known as a Basic Service Set (BSS). An Extended Service Set (ESS) has two or more Basic Service Sets forming a subnetwork. Because most large companies’WLANs need access to the wired LAN for functional services (such as file servers, Internet links, and printers), they tend to operate in infrastructure mode. See Also: Internet; Local Area Network (LAN);Wireless. Further Reading: PCTechGuide.com. Wireless Networks. [Online, December 1, 2002.] PCTechGuide Website. http://www.pctechguide.com/29network_Wireless_networks.htm. IIA (general term): Stands for the Institute of Internal Auditors, an international organization based in Altamonte Springs, Florida. It was founded in 1941 and presently has more than 117,000 members worldwide. Because the organization’s mission includes education, research, and technological guidance for the auditing profession, it is an invaluable resource for everybody involved in computer forensic investigations. Further Reading: The Institute of Internal Auditors. [Online,April 8, 2006.] http.theiia.org. 159 IIA IIRC (general term): Chat room talk meaning “if I remember correctly.” ILOVEYOU virus (general term): Hit numerous computers in 2000 when it was sent as an attachment to an email message with the tempting text “ILOVEYOU” in the subject line.The virus was also altered to appear in email messages with the subject line FWD: JOKE. The ILOVEYOU virus came with the nice little message “kindly check the attached LOVELETTER coming from me,” and if the user opened the attachment in any of these messages, the malware was executed, sending a copy of itself to every address listed in the user’s Microsoft Outlook address book. The ILOVEYOU virus and many of its variants have been estimated to have targeted tens of millions of users over the life span of these viruses, costing billions of dollars in damage and service disruption. See Also: Electronic Mail or Email; Malware;Virus. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002;Yale University School of Medicine. ILOVEYOU, JOKE, and Susitikim shi vakara kavos puodokui. . .Viruses. [Online, March 9, 2001.] Yale University School of Medicine Website. http://its.med.yale.edu/software/ patch/win/iloveyou/iloveyou.html. IMHO (general term): Chat room talk meaning “in my humble opinion.” Incident (general term):The U.S.Department of Homeland Security (DHS) defines a computer security incident as a real or potential violation of an explicit or implied policy regarding information.The DHS has five incident types, based on incident outcomes: (1) increased access beyond authorization; (2) information disclosure; (3) information corruption; (4) Denial of Service (DoS); and (5) resource theft.The DHS notes that actual incidents often fall into multiple categories. For example, a Website defacement can involve increased access beyond authorization and information corruption, and a system compromise can involve increased access beyond authorization, information disclosure, and resource theft. See Also: Denial of Service (DoS); Department of Homeland Security (DHS); Exploit; Vulnerabilities of Computers. Further Reading: U.S. Department of Homeland Security. DHS Organization. [Online, 2004.] U.S. Department of Homeland Security Website. http://www.dhs.gov/dhspublic/theme_ home1.jsp. Incident Response (general term): How an organization handles a security incident. Events are supposed to be tracked and resolved in as expeditious a manner as possible. See Also: Exploit; Incident;Vulnerabilities of Computers. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Incident Response Checklist and Cycle (general term):According to the U.S. Department of Homeland Security (DHS), the purpose of the Incident Response Checklist and Cycle (that is, the period between when an incident is identified and when it is resolved and reported) is twofold: to minimize damage and exposure (that is, risk mitigation) as well as to facilitate an effective recovery. Moreover, within the risk mitigation goal, a hierarchy of priorities is suggested, arranged from IIRC 160 higher to lower priorities and including the following: human life and safety; sensitive or missioncritical systems and information; other systems and information; damage to systems or information; and disruption of access or services. The items on the checklist include a series of sequential, high-level steps grouped into three phases: (1) Detection, Assessment, and Triage (for which the objective is to limit the risk and damage in such a way that if the problem does escalate, investigation can proceed promptly and with evidence intact); (2) Containment, Evidence Collection,Analysis, and Investigation; and (3) Remediation, Recovery, and Post-Mortem. Based on this three-phase scheme, the Department of Homeland Security’s recommended steps are as follows: Phase 1-1. Document Everything; Phase 1-2. Contact Primary IRC (Incident Response Capability); Phase 1-3. Preserve Evidence; Phase 1-4.Verify the Incident; Phase 1-5. Notify Appropriate Personnel; Phase 1-6. Determine Incident Status; Phase 1-7. Assess Scope; Phase 1-8. Assess Risk; Phase 1-9. Establish Goals; Phase 1-10. Evaluate Options; Phase 1-11. Implement Triage; Phase 1-12. Escalation and Handoff. Phase 2-1.Verify Containment; Phase 2-2. Revisit Scope, Risk, and Goals; Phase 2-3. Collect Evidence; Phase 2-4. Analyze Evidence; Phase 2-5. Build Hypotheses and Verify; Phase 2-6. Intermediate Mitigation. Phase 3-1. Finalize Analysis and Report; Phase 3-2. Archive Evidence; Phase 3-3. Implement Remediation; Phase 3-4. Execute Recovery; Phase 3-5. Conduct Post-Mortem. See Also: Department of Homeland Security (DHSW); Incident Response; Risk. Further Reading: U.S. Department of Homeland Security. Incident Handling Checklists. [Online, 2004.] U.S. Department of Homeland Security Website. http://www.fedcirc.gov/ incidentResponse/IHchecklists.html. Incident Team (general term): A specially trained team within a business, government agency, or institution responsible for responding quickly to cyber attacks. See Also: Incident Response; Risk. Inetd (general term): A UNIX daemon software program that responds to connection requests on a defined list of ports and then starts the executable program to deliver the services associated with those ports.This software program is sometimes known as “netd.” Inetd is a frequent target of crack attacks because of its capability to launch arbitrary programs listed in its configuration files under any desired user account, including root. See Also: Attacks; UNIX;Vulnerabilities of Computers. Further Reading: Farlex, Inc. The Free Dictionary: Inetd. [Online, 2004.] Farlex, Inc. Website. http://computing-dictionary.thefreedictionary.com/inetd. Infection (general term):A description for a computer system or a program is said to be infected if a worm or virus has copied itself into some part of the system. Usually the goal of such an infection is to propagate to other systems or programs. Infection can also cause the system or program to expose some other unwanted behavior or secretly alter data. See Also: Means of Infection;Virus;Worm. 161 Infection Information Security Act (legal term): On October 16, 2002,U.S. Representative Christopher John, D-LA, introduced a public sector bill called the Information Security Act. Its purpose was to increase secure information sharing and communications sharing among the agencies affiliated with the Department of Homeland Security (DHS). On October 16, 2002, the Act was sent to the House Committee on Government Reform. It has not been passed in this form. See Also: Department of Homeland Security (DHS); U.S. Intelligence Community. Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet. [Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/ legislation/107th/wiretaps/. Information Warfare (general term): A modern kind of warfare whereby information and attacks on information and/or on the enemy’s computer network are used as a way to wage war against some chosen enemy. Information warfare may include giving the enemy special information (commonly referred to as “propaganda”) to persuade the enemy to surrender, or withholding from the enemy important information that might result in the enemy’s resistance. Information warfare may also include feeding “disinformation” to one’s own people, either to build support for the war effort or to counter the effects of the enemy’s propaganda campaign. Finally, information warfare may include designing a strategic plan for a multiple-stage attack against an adversary’s information systems while protecting one’s own information network and capitalizing on one’s own information “edge.” In contrast to traditional wars fought on soil, information warfare has no front line or boundaries. Potential battlefields can consist of any networked system that can be accessed. For this reason, the United States and other countries are concerned about information wars focusing on Information Technology controlling critical infrastructures targets—oil and gas pipelines, electric power grids, nuclear power stations, and telephone switching networks, to name a few.The vulnerability of networked systems is why security experts in the United States and elsewhere fear an impending cyber Apocalypse. Information warfare damage can manifest in countless ways. For example, railroad trains and jets could be rerouted and caused to crash; stock exchanges could be cracked and then sabotaged by “sniffers”—thereby corrupting international networks for funds transfer; and radio and television signals could be taken over and used for “misinformation” campaigns. Finally, recent events have confirmed that information warfare has been implemented. During the Gulf War, for example, Dutch crackers exploited U.S. Defense Department computers and seized troop-movement information.They then tried to offer, for a handsome price, the secret information to the Iraqis, who turned down the offer, thinking the plot was a hoax. Moreover, in January 1999, U.S. Air Intelligence computers were hijacked by a coordinated attack, a portion of which appeared to be Russian driven. See Also: Coordinated Terror Attack Crackers;; Cyber Apocalypse; Intelligence; Sniffer Program or Packet Sniffer. Further Reading: A&E Television Networks. Science at War: Information Warfare. [Online, October 13, 2004.] A&E Television Networks Website. http://www.historychannel.com/ exhibits/science_war/iwar.html; GNU_FDL.[Online, 2004.] Information Warfare. GNU Free Documentation License Website. http://www.wordiq.com/definition/Information_warfare. Information Security Act 162 InfraGuard (general term): In an effort to create greater cooperation between the U.S. government and the private sector in protecting information of critical infrastructures and in motivating companies and institutions to more reliably report intrusions on their networks, after the September 11 attacks the FBI began to offer both identity protection and important exploit information to the private sector in exchange for information regarding cyber attacks and security breaches. The reporting, it was said, would be done under an enhanced program called InfraGuard. The FBI enhanced its call for cooperation from industry after the number of firms attending Infraguard meetings (held quarterly) tripled following the terrorist attacks. It was clear, said the FBI, that there was a greater willingness for the FBI, information systems security experts, and business leaders to communicate more freely about the security issues they were experiencing. The FBI said that the threat of a major cyber attack is not fictional, for many cyber attacks occur in industry daily. Also, every day new worms and viruses are reported by security firms such as SANS, and therefore many more solutions must be developed by those in the information security field to save information systems from being severely adversely impacted—or from being shut down altogether. Though more than 90% of enterprise security survey respondents have consistently reported having computer security breaches with substantial financial losses within the past few years, companies and information security experts are keen to get information about the security problems other companies are experiencing but seem reluctant—as the CSI/FBI survey repeatedly confirms—to report their own breaches. The reasons cited are that companies fear giving their competitors an advantage by “owning up” to the breaches, and they worry about the bad publicity and lack of consumer confidence that will ensue with the release of such information. For these reasons, the FBI is now asking companies to work with consultants in InfraGuard to prevent such breaches by sharing information. Trust seems to be the big key in advancing the information-sharing push. The basic premise, of course, is that increased information sharing between business enterprises and federal authorities will enhance efforts to thwart crackers. FBI agents have noted that the situation existing today is indeed a dynamic one, for crackers and cybercriminals continually improve, amend, and disguise their means of operating. So, the more “eyes” there are “on the scene,” so to speak, the better the security should become.The consultants in InfraGuard said that for the companies choosing to work with them, they will provide up-to-the-minute technical information on how to cope with detected and reported security breaches. See Also: Crackers; CSI/FBI Survey; Federal Bureau of Investigation (FBI); Intrusion; Security;Trust. Further Reading: Bruck, M.The Key to Eradicating Viruses and Bugs. [Online, August 5, 2002.] Entrepreneur.com Inc.Website. http://www.entrepreneur.com/article/0,4621,302155,00 .html. Infrared or Electro-Optint or Laser Intelligence (general term): Intelligence derived by monitoring the electromagnetic spectrum from ultraviolet (0.01 micrometers) through far infrared (1,000 micrometers). Infrared intelligence was used for the 2004 Summer Olympics.The $312 million U.S. security system received audio and visual images from an electronic Web having greater than 1,000 163 Infrared or Electro-Optint or Laser Intelligence high-resolution and infrared cameras, a sensor-equipped blimp, mobile command centers, patrol boats, and numerous vehicles. Cameras with speech-recognition software collected spoken-word information and transcribed it into text, searching for particular word patterns. See Also: Intelligence; Laser Intelligence (LASINT). Further Reading: About Inc.U.S. Military: electro-optical intelligence. [Online, 2004.] About Inc. Website. http://usmilitary.about.com/library/glossary/e/bldef02164.htm; In Brief. Security Rings Olympics. The Globe and Mail, August 12, 2004, p. B7. Infrared or IrDA Port (general term): An abbreviated form for Infrared Data Association (IrDA), a group of device manufacturers who have worked on the development of a standard device for transmitting data via infrared light waves, the IrDA port. Because of the availability of this device, computers and printers have increasingly come with IrDA ports, enabling users to transmit information from one device to another without using cables. For example, if both a laptop computer and a printer have IrDA ports, a user can simply put his or her computer in the line of sight of the printer and print a document without needing cable to connect the two devices. IrDA ports support transmission rates similar to those of the original parallel ports, except that there is a restriction on the IrDA ports. The devices simply need to be close enough together, and a clear line of sight is needed between the two devices. See Also: Computer; Port and Port Numbers. Further Reading: Jupitermedia Corporation. What is IrDA? [Online, October 30, 2001.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/I/IrDA.html. Infringing Intellectual Property Rights and Copyright (legal term): Can occur online and thus falls in the broad-based category of “cyberspace theft.” An example is copying another’s work, such as songs, articles,movies, or software, from an online source without being authorized to do so. In January 2000, one of the cases to make headlines in the United States was the Internet free speech and copyright civil court case involving 2600: The Hacker Quarterly, Universal Studios, and members of the Motion Picture Association of America. Here, legal issues emerged around 2600’s alleged violation of the Digital Millennium Copyright Act (DMCA) when in November 1999 the hacker publication linked to and discussed a computer program called DeCSS, which is DVD decryption software. The complainants objected to the publication of DeCSS because, they argued, it could be used as part of a process to infringe copyright on DVD movies. In their defense, representatives of 2600 claimed that decryption of DVD movies is necessary for a number of reasons, including to make “fair use” of movies. In the end, the hacker magazine lost the case. The social issue of infringing intellectual property rights and copyright has drawn considerable debate from those who fight for freedom of information and from those who fight against abuses of artists’ rights. For this reason, during the 2004 U.S. Presidential campaign, the INDUCE Act, or Inducing Infringement of Copyright Act of 2004,was proposed by Senator Orrin Hatch (R-UT). If passed, the Act could have killed the market for digital music devices such as Apple iPods, which copy music from users’ computers.The INDUCE Act would have criminalized digital music technologies because they could be viewed as inducing others to infringe copyright. When news about the INDUCE Act surfaced, hacktivists went to work, constructing Websites such as www.Savetheipod.com to motivate music lovers to send letters of opposition to Infrared or Electro-Optint or Laser Intelligence 164 Congress.The electronics Industry and the Electronic Frontier Foundation (EFF) also lobbied against it. The INDUCE Act met its demise in October 2004, but if it had passed, this far-reaching piece of legislation could have forced electronic companies and Internet services to get permission for each new technology developed. See Also: Digital Millennium Copyright Act (DMCA); Electronic Frontier Foundation (EFF); Hacker Quarterly Magazine (a.k.a. 2600). Further Reading: Dixon, G. Proposed Act Could Have Killed Digital Music Devices. The Globe and Mail, December 4, 2004, p. R12; Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002; Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004; www.Savetheipod.com. Save the ipod, Stop the INDUCE Act. [Online, May 3, 2005.] Savetheipod.com Website. http://www.savetheipod.com/index1.php. Initialization Vector (general term): Used in cryptography to ensure that an encryption mechanism, such as a stream cipher or a block cipher in a streaming mode, generates a unique stream that is independent of all other streams encrypted with the same key without reapplying the (computationally expensive) cryptographic keying process. The Initialization Vector must be known by the receiver and can be exchanged as part of the session setup or transmitted independently. Further Reading: Ferguson,N, Schneier,B. Practical Cryptography.New York,NY: John Wiley & Sons, 2003. Input Validation, Omitting (general term): A classic programming error leading to exploits. Because programmers do not always verify that input data are correct, crackers can carefully create input that compromises the system. See Also: Crackers; Exploit;Vulnerabilities in Computers. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Insider Hacker or Cracker (general term):An employee of a company who performs exploits within the company’s networks. Hackers are authorized to find vulnerabilities in a company’s networks and to fix them, whereas crackers exploit the flaws without having the authorization to do so—usually for some personal gain. Insiders who crack the system to cause damage are often angered employees who have been fired from their jobs and have the computer skills to cause damage.They can, for example, plant logic bombs that do damage after the employees leave. One of the most discussed “insider” crack attacks happened in 1996 at Omega Engineering, where an employee,Timothy Lloyd, sabotaged the company’s network with a logic bomb. He apparently did this as an act of revenge for being fired.That exploit cost the company $12 million in network damages and forced the eventual layoff of about 80 employees. Because of all the money it took to recover from this incident, Omega Engineering said it lost its lead in the marketplace. More recently, on March 11, 2005, Kaiser Permanente notified 140 patients that an angry former employee put on her Weblog confidential information from the firm’s electronic files. The ex-employee, Elisa D. Cooper, calling herself the “Diva of Disgruntled,” said in her defense 165 Insider Hacker or Cracker that the company included private patient information on its Website.All she was doing, she said, was informing the company of its self-created problem. Under the HIPAA legislation, the Diva of Disgruntled, if found guilty, could be made to pay $250,000 in fines and spend 10 years behind bars for unauthorized disclosure of clients’ personal data.To date, a fine of $200,000 was imposed on the company by California State Regulators for illegally disclosing patient’s personal information on the Internet.The case against Cooper has not been finalized. Another way that insiders may take revenge on a company is not to exploit the company’s network but to send over the Internet proprietary information to competitors. One such example was reported in 2005 when Shin-Guo Tsai, a permanent resident in the United States and an employee of Volterra Semiconductor Corporation in San Francisco, emailed computer chip design data from his company’s computers to a potential rival company in Taiwan.Though Tsai announced to his employer that he was returning to Taiwan to get married, when FBI agents appeared at his door in February 2005, he admitted that he had sent proprietary information to CMSC, Inc., a Taiwanese start-up company involved in a business line similar to Volterra’s. If convicted of the charges,Tsai could find himself behind bars for 10 years. He pleaded guilty and is awaiting sentencing. Given these incidents, it is not surprising that even back in 1998, the CSI/FBI survey findings disclosed that the average cost of successful computer cracks by outsiders was $56,000, whereas the average cost of malicious acts perpetrated by insiders was $2.7 million. While the average cost has gone down to $24,000 in the 2005 CSI/FBI survey, the number of incidents has risen sharply. Three-quarters of the surveyed organizations reported a financial loss. Insider crackers appear to do far more damage to companies’ computers than do outsider crackers. So what personal traits do these damage-causing insiders have? After analyzing a pool of more than 100 cracking cases provided by computer crime investigators, prosecutors, and security specialists over the 1997–1999 time period, researchers Eric D. Shaw, Jerrold M. Post, and Kevin G. Ruby said that insider computer criminals tend to be: • Troubled by family problems in their childhoods • Introverted individuals who admit to being more comfortable solving cognitive problems than interacting with others in the workplace • More dependent on online interactions than on face-to-face interactions • Ethically flexible individuals who can easily justify ethical violations • Of the opinion that they are somehow special and thus deserving of special privileges • Lacking in empathy and thus seeming not to reflect on the impact their behaviors have on others or on the company • Less likely to seek assistance from supervisors or from workplace support groups such as Employee Assistance Programs (EAPs) when they have personal issues See Also: Crackers; CSI/FBI Survey; Exploit; Hackers; Logic Bomb; Shaw, Eric Team. Insider Hacker or Cracker 166 Further Reading: Ostrov, B.F. 140 Kaiser Patients’ Private Data Put Online. [Online, March 11, 2005.] Knight Ridder Website. http://www.siliconvalley.com/mld/siliconvalley/ 11110907.htm; Rogers, M. The Insider Threat: Debunking the ‘Wagon Wheel’ Approach to Information Security. [Online, March 3, 2005.] TechTarget Website. http://searchsecurity .techtarget.com/columnItem/0,294698,sid14_gci1064080,00.html?track=NL-358&ad=506624; Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002;Tanner, A. Man Charged with Passing Chip Design Information. [Online, March 1, 2005.] Reuters Website. http://www.reuters.com/audi/ newsArticle.jhtml?type=technologyNews&storyID=7766193. Integrity (general term): Assuring accuracy and completeness, and adequately performing to some set of specifications. See Also: Ethic,White Hat Hacker. Further Reading: Pipkin, D.L. Halting the Hacker: A Practical Guide to Computer Security. Upper Saddle River, NJ: Prentice Hall, 2003. Intellectual Property (IP) (legal term):A legal concept that treats and protects the creative products of the human mind as carefully as the law would treat and protect one’s physical property, such as a home and the land that it sits on. In short, IP laws grant certain kinds of exclusive rights to the developers of creative products such as software, games, hardware, movies, books, songs, and so on. According to IP laws, the developers of creative products should have the first rights to the sale and/or distribution of these products, just as an owner of a property should have the first rights to the sale and/or distribution of his or her property. A number of cases have been publicized in recent years regarding infringements of IP, particularly around online song swapping and the denial of royalties to artists.An alleged crime against IP does not always have an artistic aspect, however. For example, on February 3, 2005, Andrew Mata, a government employee charged with cracking the Department of Social Services Website in 1999,was cleared by a jury of any wrongdoing.Though Mata was charged with illegally entering the computer system to upgrade his access privileges after he left the Department of Social Services for a job in the Department of Health and Hospitals—a crime, it was argued, against Intellectual Property—Mata said in his defense that he changed his access back to where he thought it should have been when he moved to the Department of Health and Hospitals, though he was supposed to have the same privilege status on both departments’ computer systems.The jury believed Mata. He walked away from a potential five-year jail term. See Also: Computer; Intellectual Property Rights and Copyright Infringement; Property Paradigm in Cybercrime. Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004;The Associated Press. State Worker Acquitted of Hacking Government Computer. [Online, February 3, 2005.] Tuscaloosa News Website. http://www.tuscaloosanews.com/apps/pbcs/d11/article?AID=/20050203/APN/ 502030742. Intellectual Property Rights and Copyright Infringement (legal term): Protecting Intellectual Property Rights (IPR) from abuse is as important for companies today as is 167 Intellectual Property Rights and Copyright Infringement protecting computer networks from crackers. Infringement can cost millions of dollars of lost revenues to entertainment companies and computer companies alike. For this reason, the Digital Millennium Copyright Act (DMCA) was passed in October 1998 in the United States.This Act’s purpose was to implement global copyright laws to deal with the Intellectual Property Rights challenges caused by present-day digital technology. In particular, the DMCA provided protections against technical measures that could be used to disable or bypass the encryption devices used to protect copyright, thereby encouraging authors of copyrighted material to place their work on the Internet in a digitalized presentation. The DMCA penalties were to be applied to any individual who attempted to or was successful in disabling an encryption device that protected copyrighted material. Stated simply, Intellectual Property infringement is theft—the taking of something that does not belong to the perpetrator of the encryption bypass and thereby depriving the true copyright owners of royalties for the sale of their human mind products. Reports of a case of IPR infringement surfaced on May 22, 2005. Counterfeiters in Beijing, China, were selling illegally copied DVDs of the Star Wars: Episode III: Revenge of the Sith movie just days after the film opened in theaters in North America.The price charged for the pirated movies, sold from vendors wearing shoulder bags on the streets of Beijing,was a mere $3.05.The street sales occurred despite numerous Chinese government promises to clamp down on the thriving black market industry that movie companies have argued cost them billions of dollars in lost revenue yearly. About 9,000 cases of piracy were brought to court in China in 2004. See Also: Copyright; Copyright Laws; Digital Millennium Copyright Act (DMCA); Intellectual Property (IP). Further Reading: Associated Press. Entertainment: Counterfeiters Move Fast On Illegal Star Wars DVD. The Globe and Mail, May 23, 2005, p. B7; Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004. Intelligence (general term): According to Jeffery T. Richelson in his tome The U.S. Intelligence Community, “intelligence” is the product of an information search and analysis about some foreign nation or about that nation’s operation areas of particular interest. In the United States, the Central Intelligence Agency (CIA) collects overseas intelligence, whereas the Federal Bureau of Investigation (FBI) collects domestic intelligence.Today, the collection of intelligence includes employing hacking skills to access information stored in computer systems around the world. Legally, the CIA cannot collect intelligence against a U.S. citizen unless the investigation began overseas. For these kinds of cases, the CIA communicates with and shares intelligence with the FBI. See Also: U.S. Intelligence Community. Further Reading: Milnet.com. MILNET: Intelligence Defined. [Online, November 4, 1997.] Milnet.com Website. http://www.milnet.com/definei.htm. Intelligence Community (general term): See U.S. Intelligence Community. Interactive Logon and Network Logon (general term):Modern networked operating systems, such as Microsoft Windows, Mac OS X, and the UNIX family of operating systems, allow users to log on to their machines locally by using them directly, or by connecting to a file server Intellectual Property Rights and Copyright Infringement 168 remotely through a network logon. Because both logons tend to happen simultaneously after users enter their usernames and passwords, they do not usually perceive much of a difference between the two logons. Network logons can be disabled by administrators, thus preventing individuals from robbing passwords and remotely taking over the machine. See Also: Administrator; Password. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website: http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Internal Threat (general term): A threat originating inside a company, government agency, or institution, and typically an exploit by a disgruntled employee denied promotion or informed of employment termination. Such exploits also can be launched by an attacker who has sought temporary employment with a target and uses social engineering skills to get on the inside. See Also: Exploit; Insider Hacker or Cracker. International Data Encryption Algorithm (IDEA) (general term):Developed by Xuejia Lai and James Massey in 1992. A block cipher, IDEA operates on 64-bit blocks with a 128-bit key and is considered to be very secure. IDEA is used by Pretty Good Privacy (PGP), a very secure public key encryption application for MS-DOS,UNIX, and VAX/VMS. Originally written by Philip Zimmermann, PGP was later improved by Hal Finney, Branko Lankester, and Peter Gutmann. See Also: Algorithm; Pretty Good Privacy (PGP); UNIX. Further Reading: Farlex, Inc. The Free Dictionary: International Data Encryption Algorithm. [Online, 2004.] Farlex, Inc.Website. http://computing-dictionary.thefreedictionary .com/International%20Data%20Encryption%20Algorithm. International Telecommunications Union (ITU) (general term):Advises suppliers on technical recommendations for telephone and fax communication systems. Before March 1, 1993, the ITU was known as the CCITT, or Consultative Committee for International Telephony and Telegraphy. Every four years, the ITU, located in Geneva, Switzerland, convenes plenary sessions with the intent of adopting new telecommunications standards and communicating with other standards organizations to develop a global uniform standards system for communications. See Also: Telecom. Further Reading: Webster’s Dictionary. Definition of International Telecommunications Union. [Online, 2004.] Webster’s Dictionary Website. http://www.webster-dictionary.org/ definition/International%20Telecommunications%20Union. Internet (general term):A network.Today, Internet refers to a collection of networks connected by routers. The Internet is the largest network in the world and comprises backbone networks such as MILNET, mid-level networks, and stub networks. The Internet had its seeds planted with ARPANET, the information-exchange platform created for researchers in universities around the world by the U.S. Defense Advanced Research Project Agency in 1969. The Internet’s major growth spurt occurred after Tim Berners-Lee developed the HTTP protocol in the early 1990s, allowing users to access and link information through a simple and intuitive user interface—the Internet browser. Technically speaking the 169 Internet Internet is just the transportation medium over which data packets are transmitted. The World Wide Web is one of the applications using the Internet as a base infrastructure. Because of the overwhelming success of the World Wide Web, the term “Web” is often used to signify the Internet as such. At first, universities were the early adopters of the Internet, but before long tech wizards with an entrepreneurial spirit realized that a commercial application could produce millionaires and billionaires. By the early 2000s, there was virtually no medium- or large-sized organization without a presence on the Internet, with the bulk having a Website and communication connectivity with email. As of 2005, tumbling computer and Internet connectivity prices have made it possible for the majority of households in the developed world to access the Internet through high-bandwidth lines. Though currently information is generally obtained on the Internet for free, the day could arrive in the near future when the “free ride on the information highway” comes to a halt. In fact, more and more Websites are beginning to charge for access to information content. Developing countries around the world are also buying into the Internet craze, for technology can assist in leveling the economic playing field. However, not all developing nations believe that Internet use should be available to citizens of all ages. During October to December 2004, for example, China closed more than 12,575 existing Internet cafes for allegedly permitting illegal operations. Though the Chinese government said that it promotes active Internet use for business and appropriate educational purposes, the communist authorities maintained that Internet cafes can harm public morality by giving minors access to such undesirable information as violent games and sexually explicit content. For example, the Web site www.chronicle.com, which is a prime site for academics seeking jobs, now charges a subscription rate for access to administrative salary data and other special interest topics. In recent times, other morally questionable Internet practices have been challenged in the United States as well.An “interactive Internet logon” animal-killing case surfaced in the United States during the first week of May 2005.“Computer assisted remote hunting” is defined as the use of a computer or any similar device, equipment, or software to remotely control the aiming and discharge of archery equipment, a crossbow, or a firearm to hunt and kill an animal or bird. In California, the Fish and Game Commission ordered wildlife officials to create emergency laws to ban the practice of hunters using the Internet to shoot animals.This piece of legislation, passed by California’s Senate in April 2005, was in response to a Texas hunter Website that intended to let users fire at real animals using their computers. In particular, the legislation prevented the use of computer-assisted hunting sites and banned the import or export of any animal killed using computer-assisted hunting. Other states, such as Texas and Maine, and Congress have also then considered passing similar bills. See Also: Advanced Research Projects Agency Network (ARPANET); HTTP (HyperText Transfer Protocol); Network. Further Reading: In Brief. China Cracks Down on Public Internet. The Globe and Mail, February 17, 2005, p. B10; Kapica, J. Cyberia. The Globe and Mail, February 17, 2005, p. B10; In Brief. No Remote Hunting, Regulators Say. The Globe and Mail, May 5, 2005, p. B25; QUT Division of Technology, Information and Learning Support. Network Glossary. [Online, July 17, 2004.] QUT Division of Technology, Information and Learning Support Website. http://www .its.qut.edu.au/network/glossary.jsp. Internet 170 Internet Browser (general term): A software application used to locate and display Web pages. Two popular Internet browsers are Netscape Navigator and Microsoft’s Internet Explorer. Both of these are classified as graphical browsers; they display both graphics and text. Internet browsers can also provide sound and video. See Also: Browser;Text. Internet Control Message Protocol (ICMP) (general term): An extension to the Internet Protocol (IP) permitting error messages, information messages, and test packets to be generated. The code types and message types are shown in Figure 9-1. Figure 9-1. The Internet Control Message Protocol (ICMP) Typical messages are as follows: Type 3: Destination unreachable Code 0: Net unreachable Code 1: Host unreachable Code 2: Protocol unreachable Code 4: Fragmentation needed and don’t fragment flag set Code 5: Source route failed Type 11:Time exceeded message Code 0:Time to live exceeded in transit Code 1: Fragment reassembly time exceeded Type 5: Redirect message Code 0: Redirect datagrams for the network Code 1: Redirect datagrams for the host Code 2: Redirect datagrams for the Type of Service and network Code 3: Redirect datagrams for the Type of Service and host Type 8 and Type 0: Echo and echo reply 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Message Type (8 bit) Msg. Code Type (8 bit) Checksum (16 bit) Data (if any) 171 Internet Control Message Protocol (ICMP) Code 0: No code Type 4: Source quench Type 12: Parameter problem Type 13 and 14:Timestamp request and timestamp reply Type 15 and 16: Information request and information reply The ICMP protocol is heavily used by crackers as a reconnaissance tool to map a target’s network. Echo messages are sent to a computer on a network. If the host sends back an Echo Reply, the cracker knows not only of the computer’s existence but also that it potentially can be exploited. For this reason, network administrators have started blocking incoming “icmp data” on their network’s firewalls. Consequently, crackers have reacted by using other tricks. For example, an http connection to a target is attempted, but the TimeToLive field is set so that a destination-unreachable ICMP message will be triggered.Typically, outgoing ICMP messages are allowed by network administrators as a legitimate function of the ICMP protocol; thus, the attempted reconnaissance succeeds. Redirect messages can also be used to sabotage routing tables. Correctly used Redirect messages tell the routers that there are better paths through the network to a destination, and they do so by announcing, “Next time you try to reach the destination, use this IP address instead.” This feature is put to malicious use by crackers sending wrong announcements to the routers to disrupt traffic, redirect it to a compromised machine to gather further intelligence, or to tamper with the message before it is sent on. See Also: Administrator; Internet Protocol (IP); Network. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; IANA: ICMP Type Numbers, [Online, September 21, 2005.] http://www.iana.org/assignments/icmp-parameters; QUT Division of Technology, Information and Learning Support. Network Glossary. [Online, July 17, 2004.] QUT Division of Technology, Information and Learning Support Website. http://www.its.qut.edu.au/network/glossary.jsp. Internet Corporation for Assigned Names and Numbers (ICANN) (general term): Created in 1998 by Jon Postel in response to the U.S. Department of Commerce’s call for a private sector, nonprofit agency to be formed to administer the Internet name and address system policy. ICANN is responsible for the management of the DNS system, the administration of the IP address space, the management of the root servers, and the assigning of protocol parameters. ICANN’s board consists of 19 directors and nine at-large directors having one-year terms. See Also: Domain Name System (DNS). Further Reading: Jupitermedia Corporation. What is ICANN? [Online, January 8, 2004.] Jupitermedia Website. http://www.webopedia.com/TERM/I/ICANN.html. Internet Engineering Task Force (IETF) (general term): A global network of designers, operators, researchers, and vendors interested in the growth and development of the Internet, Internet Control Message Protocol (ICMP) 172 including its architecture and operations.Though open to anyone with such interests, the IETF’s technical work is conducted in work groups that are topic generated, such as routing, transport, and security. See Also: Internet. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Internet Fraud (legal term): Encompasses a wide range of online criminal activities that deliver harm to the targets such as credit card fraud, online auction fraud, unsolicited email (Spam) fraud, and online child pornography. In the United States, the Internet Fraud Complaint Center (IFCC), a partnership between the FBI and the National White Collar Crime Center (NW3C), was created to address Internet fraud. See Also: Child Pornography; Federal Bureau of Investigation (FBI); Fraud; Spam; Spammers; Spamming/Scrolling. Further Reading: Internet Fraud Complaint Center. IFCC 2002 Internet Fraud Report. [Online, 2003.] Internet Fraud Complaint Center Website. http://www1.ifccfbi.gov/strategy/ 2002_IFCCReport.pdf. Internet Fraud Complaint Center (IFCC) (general term):A partner of the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), now referred to as the Internet Crime Complaint Center, or IC3.The IFCC’s role is to deal with Internetrelated fraud by providing a user-friendly reporting mechanism to alert law enforcement agents of a likely criminal or civil breach. As a service to law enforcement and regulatory bodies, the IFCC maintains a centralized repository for Internet fraud complaints and maintains statistics related to fraud trends. In 2002, the IFCC referred more than 43,000 complaints of online fraud to the law enforcement authorities, a three-fold increase over that of 2001, and the number of complaints continues to grow annually. For example, the total dollar loss from the 2002 referred fraud cases was $54 million, an increase in total dollar loss from $17 million in 2001. In 2005, IC3 referred 97,076 complaints of crime to federal, state, and local law enforcement agencies around the U.S. for further investigation. The majority of cases concerned fraud and resulted in financial losses for victims.The total fraud dollar loss from all referred cases was $183.12 million with a median dollar loss of $424.00 per incident.This total amount was up from $68 million in 2004. See Also: Federal Bureau of Investigation (FBI) ; Fraud. Further Reading: Internet Crime Complaint Center. IC3 2005 Internet Crime Report. [Online, June, 20, 2006.] IC3 Web Site. http://www.ic3.gov/media/annualreport/2005_ IC3Report.pdf. Internet Fraud Complaint Center. IFCC 2002 Internet Fraud Report. [Online, 2003.] Internet Fraud Complaint Center Website. http://www1.ifccfbi.gov/strategy/2002_ IFCCReport.pdf; Internet Fraud Complaint Center.Welcome to IFCC. [Online, August 11, 2004.] Internet Fraud Complaint Center Website. http://www1.ifccfbi.gov/index.asp. Internet Mail or Internet Message Access Protocol (IMAP) (general term): Mark Crispin made IMAP to be a present-day alternative to the prevalently used POP3 email-retrieval protocol. IMAP is an application-layer Internet protocol used for accessing email on a remote 173 Internet Mail or Internet Message Access Protocol (IMAP) server from a local client. IMAP and POP3 are the two most widely used Internet protocols for retrieving email. IMAP’s main advantage over POP3 is that messages can remain on the server and be accessed from more than one client (for example, a stationary office computer and a PDA) while keeping track of which messages have already been read. Both IMAP and POP3 are supported by modern email clients and servers.The present version of IMAP, known as IMAP version 4, revision 1 (IMAP4rev1), is defined by RFC 3501. See Also: Email or Electronic Mail; Protocol. Further Reading: GNU_FDL. Internet Message Access Protocol. [Online, 2004.] GNU Free Documentation License Website. http://www.wordiq.com/definition/IMAP. Internetwork Operating System (IOS) (general term):An operating system software that runs on Cisco routers and switches comprising the majority of the Internet. IOS was first developed by William Yeager at Stanford University’s Knowledge Systems Laboratory.Yeager licensed the code to Cisco in 1987. IOS brought together a comprehensive collection of routing, switching, internetworking, and telecommunications functionality running on top of a full fledged multitasking operating system. See Also: Internet; Operating System Software; Routers; Switch. Further Reading:Triple Fiber Networks. [Online, 2006.] 3Fn Website. http://www.3fn.net/ cisco.php. Internet Piracy (legal term): Using the Internet to illegally copy and/or distribute software, which is an infringement of the Digital Millennium Copyright Act (or DMCA) in the United States. On June 11, 2003,Verizon told four of its Internet service customers that they could soon be hearing from the Recording Industry Association of America (RIAA) regarding allegations that they traded copyrighted music online—in violation of the DMCA and an illustration of Internet piracy.Though Verizon challenged a subpoena requested by the RIAA to give it the identities of the alleged violators,Verizon lost in an appeals court and was given two weeks to comply with RIAA’s request.The subscribers were traced by the RIAA through their Internet Protocol (IP) addresses, which led the RIAA to the users’ Internet Provider,Verizon. See Also: Copyright; Copyright Laws; Digital Millennium Copyright Act (DMCA); Intellectual Property (IP); Intellectual Property Rights and Copyright Infringement. Further Reading: Graham, J. Privacy V. Internet Piracy. [Online, June 11, 2003.] Gannett Co., Inc.Website. http://www.usatoday.com/life/music/2003-06-11-privacy_x.htm. Internet Protocol (IP) (general term): Defined in STD 5, RFC 791, is the network layer for the TCP/IP Protocol Suite, a packet-switching protocol that has address and control information so that packets can be routed (see Figure 9-2). Both the Transmission Control Protocol (TCP) and the Internet Protocol (IP) are important. IP provides connectionless, high-level datagram delivery as well as fragmentation and datagram reassembly to support data links having varying maximum-transmission unit (MTU) sizes. Internet Mail or Internet Message Access Protocol (IMAP) 174 Figure 9-2. Internet Protocol (IP) The Internet Protocol itself contains the following information: IP Version: Either 4 for the currently used version 4 of the protocol or 6 for the forthcoming version of the protocol. Header Length:The number of 32-bit words in the header (or four times the number of bytes).The header length is 20 bytes (value 5) if no IP options are set. TypeOfService: Rarely used; designed to implement quality of service properties in routing. Total Length: Length of the complete packets (including header and data). Because this is a 16-bit field, the maximum IP packet size is 65535. IP Packet ID: Identifier for a packet. It is incremented by the sender. If packets with identical IP Packet IDs are received, intrusion analysts assume that these packets were crafted by a reconnaissance or attack tool and do not contain regular data. Flags (3bit): First: Unused. Second: DF (do not fragment), signaling that the packet must not be fragmented in transition. Used by crackers for reconnaissance by setting it to too high a number for certain network types, thus trying to trigger an ICMP error message. Third: MF (more fragments), indicating whether the datagram contains more fragments to come. 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 DTS/ Type of Service Header Length (*4) IP Versions Total Length (in bytes) IP Packet ID Fragment Offset Flags Options (up to 40 byte) Destination Address (32 bit) Source Address (32 bit) Time To Live (TTL) Embedded Protocol Opcode (16 bit) Data 175 Internet Protocol (IP) Fragment offset: Used to direct reassembly of a fragmented datagram. Crackers craft the package with unexpected offsets and with overlapping fragments, trying to crash recipients’ network protocol stacks. TimeToLive(TTL): A timer field used to track the lifetime of the datagram. Each router decrements this field when it forwards a packet to the next router.When the field is decremented to zero, the datagram is discarded. Embedded Protocol: Contains information about which protocol is included in the data portion: 1:ICMP (Internet Control Message Protocol) 4:IP (IP in IP encapsulation) 6:TCP (Transmission Control Protocol) 17:UDP (User Datagram Protocol) 41:IPv6 over IPv4 58:ICMP for version 6 89:OSPF Open Shortest Path First Routing Protocol Header Checksum: Used for error checking of the IP header. It is calculated as a 16-bit complement of IP header and IP options. Each router has to calculate the checksum because it has to decrement the TTL field. Source Address and Destination Address: IP Addresses of the sender and the intended receiver. The IP addressing setup is critical to the effective routing of IP datagrams through the Internet because every IP address, having specific components and following a given format, can be subdivided and used to generate addresses for sub-networks. Each device on a TCP/IP network is given a unique numerical address (32 bit in IP version 4) that can be divided into two parts: the host number and the network number.The host number identifies a computer on the network and is given by the administrator of the local network, whereas the network number identifies a network and must be given by one of the local Internet Registries (that is,ARIN, RIPE,APNIC, AfriNIC, or LACNIC) if the network is to be connected to the Internet. An Internet Service Provider (ISP) can get blocks of network addresses and thereby assign address space to clients. See Also: Internet Control Message Protocol (ICMP); TCP/IP or Transmission Control Protocol/Internet Protocol; User Datagram Protocol (UDP). Further Reading: QUT Division of Technology, Information and Learning Support. Network Glossary. [Online, July 17, 2004.] QUT Division of Technology, Information and Learning Support Website. http://www.its.qut.edu.au/network/glossary.jsp. Internet Protocol Security (IPSec) (general term): A set of standards for ensuring that communications delivered over the Internet Protocol (IP) networks are private as well as secure.This Internet Protocol (IP) 176 objective is completed using cryptographic services. The Microsoft Windows XP IPSec, for example, was developed using the standards of the Internet Engineering Task Force’s (IETF) IPSec working group. IPSec provides secure networking via end-to-end security (that is, from sender to receiver). In Windows XP, IPSec protects communications between LAN computers, branch offices, domain clients and servers, extranets, and roving clients. Furthermore, the IPSec protocol is supported on a variety of UNIX and Linux platforms. According to the British-based National Infrastructure Security Coordination Centre (NISCC) in a statement released in May 2005, crackers could exploit a major flaw in IPSec framework to get the plaintext version of IPSec-protected communications with just moderate attempts. See Also: Cryptography or “Crypto”; Internet Engineering Task Force (IETF); Linux; UNIX. Further Reading: Dickinson, P. High-Severity Vulnerability in IPSec. [Online, May 10, 2005.] Guardian Digital, Inc.Website. http://www.linuxsecurity.com/content/view/119089; Microsoft Corporation. Internet Protocol Security Defined. [Online, 2004.] Microsoft Corporation Website: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ sag_ipsec_ov1.mspx. Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6) (general term):Though the present Internet Protocol version is IPv4, with the tremendous growth of the Internet in recent years the need has surfaced for a more robust Internet Protocol version; the IPv4 addressing and routing mechanisms are being stretched to their limits. Moreover, IPv4 lacks the proper security and authentication techniques critical to meeting today’s business needs. For these reasons, the Internet Protocol version 6, or IPv6, has been developed. IPv6 has not been implemented widely.This can be attributed to two major factors; the first is that the implementation is a major undertaking that has an effect on the whole Internet, its backbone providers, local ISPs, and customers.The second reason, some experts believe, is a reluctance to go forward in North America and Europe, where the pressure of shortage of the address space is much lower than in the rapidly developing East-Asian regions. The transition process from IPv4 to IPv6 requires considerable thought to compatibility issues and appropriate methods for the deployment of IPv6. In a document written by Juha Lehtovirta, a Finnish telecommunications expert with Tascomm Engineering Oy, the requirements and techniques for satisfying such constraints are provided. Also, the transition process from the network and application levels are delineated. See Also: Internet; Internet Protocol (IP). Further Reading: Estala, A. Internet Protocol Version 6 ( IPv6 ) The Next Generation. [Online, March 9, 1999.] Geocities.com Website. http://www.geocities.com/SiliconValley/ Foothills/7626/defin.html; Lehtovirta, J.Transition from IPv4 to IPv6. [Online, 2004.] Tascomm Engineering Oy Website. http://www.tascomm.fi/~jlv/ngtrans/; Grami,A. and Schell, B. Future Trends in Mobile Commerce: Service Offerings, Technological Advances and Security Challenges. Proceedings of Second Annual Conference on Privacy, Security and Trust. University of New 177 Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6) Brunswick, New Brunswick, Canada, October 13–15, 2004. [Online, October 2004.] Privacy, Security,Trust 2004 Website. http://www.unb.ca/pstnet/pst2004/. Internet Relay Chat (IRC) (general term):A software tool that makes real-time conversations online (in what is known as chat rooms) possible.Though chat rooms form an important, positive communication link for hackers, many females and children in particular have filed complaints to authorities about being cyberharassed or cyberstalked in them. As one example, in Toronto, Canada, in May 2005, Canadian police infiltrated an Internet chat room and found disturbing cyber child pornography evidence that resulted in the arrest of Andrew Gelfand, age 19. After the police obtained a search warrant and raided the suspect’s home, they seized his computers and reviewed the hard drives. Gelfand faced a number of charges involving the possession and distribution of child pornography. See Also: Chat Room; Child Pornography; Cyberhassment; Cyberstalkers and Cyberstalking. Further Reading: Internet Highway, LLC. Internet Terminology: IRC. [Online, 1999.] Internet Highway, LLC Website. http://www.ihwy.com/support/netterms.html; Moore, O. Computer User Arrested in Child-Porn Sting. The Globe and Mail, May 12, 2005, p.A14; Schell, B.H., and Lanteigne,N.M. Stalking, Harassment, and Murder in the Workplace: Guidelines for Protection and Prevention.Westport, CT: Quorum, 2000. Internet Service Provider (ISP) (general term): Also sometimes called an Internet Access Provider (IAP), it is a company that provides clients access to the Internet. For a fee, clients receive a software package, a username, a password, and an access phone number. Equipped with a modem or ISDN device, the client can then log on to the Internet.The client can browse the World Wide Web (WWW) or send and receive email. ISPs offer both dial-up service and highspeed services using DSL or cable-modem technology. ISPs are connected to each other through Network Access Points, or NAPs. See Also: DSL; Electronic Mail or Email; Internet; Internet Usage Policy;World Wide Web (WWW). Further Reading: Jupitermedia Corporation. What is ISP? [Online, March 12, 2004.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/I/ISP.html. Internet Telephony (general term): Placing telephone calls over the Internet using protocols such as VoIP. Internet telephony is rapidly evolving and has become a serious competitor for conventional telephony with the advent of high-speed Internet access technologies (such as cable and DSL). Many traditional telephony providers are in the process of switching their internal delivery systems to Internet telephony–based systems in order to provide these services on the same platform as their data services (convergence). See Also:Voice over Internet Protocol. Internet Usage Policy (general term): Companies, government agencies, medical institutions, and universities and colleges typically have Internet users sign a required Internet Usage Policy form to make users accountable for their online activities. Such a form may look similar to that shown in Figure 9-3. Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6) 178 Figure 9-3. Typical Internet Usage Policy form There is usually a form for the supervisor to sign (see Figure 9-4). Figure 9-4. Typical Internet Usage Policy form for supervisors’ use See Also: Internet;White Hat Ethic. Further Reading: Institute of Government. Acceptable Internet Usage Policy. [Online, 2004.] Institute of Government Website. http://www.iog.unc.edu. Intranet Site (general term):The information system internal to an organization and built with Web-based technology. An intranet site is often referred to as a portal and has typically been found in large companies (having 15,000 or more employees) able to afford this information technology “luxury.” An intranet site is actually a mini-Internet accessed through Web browsers. It is typically run on private local area networks (LAN) rather than public Web servers. Intranet sites have a variety of functions but most are intended to keep employees informed about a company’s important events, distribute software or company newsletters online, and provide routine company information online—such as policy manuals.Also, intranet sites can be accessed through the Internet. Thus, when employees are off-site they can still access company information using a secure login. I have received a written copy of Company X’s Internet Acceptable Use Policy. This employee ________ [name cited] has a legitimate workrelated purpose for accessing the Internet. As this employee’s supervisor, I am aware of both the responsibilities and the possible misuses of Internet access. I acknowledge that this employee will be held accountable for inappropriate usage of the Internet according to this company’s Internet Acceptable Use Policy. Supervisor Signature Date: I have received a copy of Company X’s Internet Acceptable Use Policy. I understand this policy’s terms and conditions and agree to follow them. I understand that Company X’s software may record for management’s review the Internet addresses of all the Websites I visit. I also understand that management may maintain a record of all of my network activity (including the sending and receiving of e-files). I acknowledge that all e-files and e-messages sent or received by me may be recorded and stored in an archive file for management’s review. I fully understand that if I violate this policy, I can receive disciplinary action, ranging from the revoking of my Internet privileges to firing. If I violate this policy in a criminal way, I understand that I may also face criminal charges. Employee Signature Employee Name (Print) Date: 179 Intranet Site New intranet site software made by Microsoft Corporation and Plumtree Software Inc. has made the technology affordable even for small- and medium-sized enterprises.A number of open source software solutions such as XOOPS (http://xoops.org) or the JBOSS (http://labs.jboss .com/portal/jbossportal/index.html) portal are available as well. See Also: Local Area Network (LAN). Further Reading: Palmer, I.Workplace: It’s Not Just the Big Boys Using Intranets Any Longer. The Globe and Mail, May 5, 2005, p. B27. Intrusion (general term):To compromise a computer system by breaking the security of such a system or causing it to enter into an insecure state.The act of intruding—or gaining unauthorized access to a system—typically leaves traces that can be discovered by intrusion detection systems. One of the goals of intruders is to remain undetected for as long as possible so that they can continue with their malicious activity undisturbed. Security professionals need to take steps when a system breach is suspected. First, suspicious accounts should be disabled immediately.Then, the suspicious accounts need to be reviewed to assess who set up the account and for what reasons. Because audit logs will indicate who created the account, finding the time and date on which the account was created will be very useful information. If the account is the outcome of a crack attack, the system reviewer will have a particular time frame in which to determine whether other audit log events are “of interest.” If the reviewer wants to determine whether a suspicious application is indeed being used by a cracker to listen for incoming connections—a potential “back door” into the system—the reviewer is well advised to consider using a tool such as TCPView.The TCPView tool will tell the system reviewer what applications are using open system ports. Because crackers can put Trojan horses in place of the netstat and Isof programs, the reviewer should scan the attacked system from a different computer.This feat can be accomplished by using a service such as the free insecure.org nmap port scanner. Malware can also be triggered from the operating system’s job scheduler. A system reviewer can see what jobs—legitimate or otherwise—are scheduled to be executed in the system by typing AT at the command prompt. See Also: Audit Trail; Back or Trap Door; Cracking; Exploit; Log; Malware;Vulnerabilities of Computers. Further Reading: Haberstetzer,V.Thwarting Hacker Techniques: Signs of a Compromised System. [Online, March 21, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/tip/ 0,289483,sid14_gci1069097,00.html?track=NL-35. Intrusion Detection System (IDS) (general term): A security appliance or software running on some device that tries to detect and warn of ongoing computer system cracks or attempted cracks in real time or near-real time. Intrusion detection systems fall into three broad categories: anomaly based, pattern based, and specification based. The first two are the most widely used types; the last one is still in its infancy. Anomaly-based IDSes treat all exposed behavior of systems, or the network that is unknown to them, as a potential attack. These systems require extensive training of the IDS so that it can distinguish good from bad traffic. Pattern-based IDSes assume that attack patterns are previously known and therefore can be detected. Because these IDSes cannot detect new attack types, they Intranet Site 180 require constant maintenance to incorporate new attacks. Specification-based IDSes look for states of the system known to be undesirable, and upon detection of such a state, they report an intrusion. Common in all systems is that intrusion-detection analysts review the logs that are generated and other available network information (such as traffic patterns, unusual open ports, or unexpected running processes) to look for suspected or real intrusions.This process is time consuming and requires considerable expertise on the part of the security analysts.A trend toward more automated Intrusion Prevention Systems that actively step in and limit systems access can be observed. In March 2004, Hewlett-Packard Company officials said that their software engineers had developed software that they believed could slow the spread of Internet worms and viruses. Tentatively dubbed “Virus Throttler,” this software not only identified and alerted professionals to suspicious network traffic but also caused some of the computer’s functions to slow down so that the worm or virus is impeded.This capability was meant to give the professional the needed time to remove the cyber intruder. Shortly after announcing the package, Hewlett-Packard shelved it for several months because of insurmountable difficulties with integrating it into Microsoft’s Windows operating systems.The difficulties were resolved. See Also: Audit Trail; Exploit; Forensics; Intrusion; Log;Virus;Vulnerabilities of Computers; Worm. Further Reading: In Brief. HP Strikes at Worms. The Globe and Mail, December 2, 2004, p. B11; Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Intrusion Prevention (general term): Because targeted crack attacks on enterprises’ networks have been increasing in recent years, intrusion prevention is gaining greater importance for companies. Thus, companies are tending to shift from the time-consuming process of detecting intrusions and having security administrators react manually to them to implementing automated mechanisms found in Intrusion Prevention Systems. Research firm Gartner Inc. has defined three criteria for providing a useful network- and host-based intrusion-prevention application: (1) It must not disrupt normal operations—meaning that when it is put online, an intrusion-prevention system must not place unacceptable or unpredictable latency into a network. A host-based intrusion-prevention system should not consume more than 10% of a system’s resources so that network traffic and processes on the servers can continue to run. Blocking actions must take place in real time or almost-real time, with latencies placing in the tens of milliseconds rather than in seconds. (2) It must block exploits using more than one algorithm—to operate at the application level as well as at the firewall-processing level. (3) It must have the capability to ascertain “attack events” from “normal events.” As intrusion-prevention systems continue to evolve, their capacities will also improve. They will be better able to identify and therefore block significantly more crack attacks than today’s intrusion-prevention systems can. Because firewalls are not 100% effective, trained analysts will continue to have to flag and more thoroughly investigate suspicious traffic activity. See Also: Attack; Exploit; Firewall. Further Reading: Pescatore, J. Enterprise Security Moves Toward Intrusion Prevention. [Online, September 25, 2003.] CXO Media. Inc.Website. http://www.csoonline.com/analyst/ report1771.html. 181 Intrusion Prevention Intrusion Recovery (general term): Reports have consistently indicated that supposed techsavvy firms have a long way to go in terms of implementing effective system security measures to enable them to more effectively recover from system intrusions—known simply as intrusion recovery. For example, a recent IBM Corporation study found that although 86% of companies surveyed said they used firewalls, 85% said they used anti-virus software, and 74% said they used authentication procedures, only 63% of the companies surveyed said they used encryption software—and less than 50% said they used intrusion detection and prevention systems. Taken as a composite, these survey statistics suggest that there is considerable opportunity for serious data loss or data manipulation incidents to occur in companies today. Accepting that computer system downtime equates to high revenue losses for companies, a 2002 recent survey of Fortune 1000 companies conducted by the Find/SVP consulting company indicated that the average downtime resulting from network intrusions lasted, on average, four hours, at an average cost of $330,000. Moreover, according to this survey, a “typical” company experienced, on average, nine downtimes per year. The losses incurred were almost $3 million per year —not including the losses associated with a total lack of employee productivity. The initial step in preventing unauthorized access is the deployment of intrusion-prevention systems that actively and automatically limit access to systems. Attacks that cannot be blocked by the prevention systems typically would be detected by intrusion-detection systems, defined as applications that monitor operating system software and network traffic for real or probable security breaches. If these systems fail and an attack is successfully completed, other steps need to be in place—including having an appropriate disaster recovery plan. By definition, a disaster recovery plan is a strategy outlining both the technical and organizational factors related to network security. Such a plan should start with a comprehensive assessment of the network to determine acceptable risk levels to the system. These results can then be utilized to produce a set of security policies and procedures for assisting employees and workgroups in case a network disruption or stoppage occurs. Moreover, decisions can also be made by system administrators as to which particular methods and systems will be required by the organization so that it can implement its security policies and procedures quickly and effectively—the primary goal of intrusion recovery. See Also: Encryption or Encipher; Firewall; Intrusion Detection System (IDS); Operating System Software; Risk; Security. Further Reading: Peddle, D. Identifying Vulnerabilities In Networked Systems. [Online, June 29, 2004.] CBL Data Recovery Website. http://www.cbltech.com/article-identify.html. IP Address (general term): An identifier required for any machine to communicate on the Internet. The IP address looks something like this: 123.123.123.123—for numerical segments separated by dots.Any computer is reachable through its IP address. An IP address is divided into a part identifying a network as belonging to a university, a government agency, or a company and another part identifying each computer in that network.The IP address is comparable to a “nonvirtual” street address with its street name and house number. See Also: Internet Protocol. IP Address Spoofing (general term):A technique used by crackers to gain unauthorized access to computers and from which newer routers and firewall arrangements can offer some protection. Intrusion Recovery 182 IP address spoofing is accomplished when the cracker sends messages to a system with an IP address identifying these messages as originating at a trusted host. To spoof an IP address, a cracker must first use a combination of methods and tools to identify the IP address of a trusted host and then change the packet headers so that it appears as though the packets are coming from a trusted host. See Also: Crackers; IP Address; Spoofing. Further Reading: Jupitermedia Corporation.What is IP Spoofing? [Online,April 14, 2004.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/I/IP_spoofing.html. IRL (general term): Chat room talk meaning “in real life.” ISACA (Information Systems and Control Association) (general term): Provides education, training, and research for professionals in the areas of IT governance, security, and auditing. It was founded in 1967 and now has more than 50,000 members worldwide in more than 60 countries. Further Reading: ISACA Website. [Online, April 8, 2006.] http://www.isaca.org. (ISC)2 (International Information Systems Security Certification Consortium) (general term):A nonprofit organization created to provide an international standard for information security practitioners. The (ISC)2 developed both the SSCP (Systems Security Certified Professional) certification and the CISSP (Certified Information Systems Security Professional) certification.These certifications indicate the Common Body of Knowledge (CBK) required by information security practitioners. Because the SSCP and CISSP certifications focus on the practices, responsibilities, and roles of information security practitioners, they are seen as being useful for advancing practitioners’ careers and adding to their credibility. The CISSP Certification examination has 250 questions and assesses 10 information systems security domains relating to the CBK (such as access control systems and methodology; applications and system development; business continuity planning; cryptography; and law, investigation, and ethics). On top of the basic CISSP Certification, professionals in good standing can obtain certifications in one of three concentration areas: Security Engineering, Security Architecture, and Security Management. The corresponding certificates are, respectively, ISSEP, ISSAP, and ISSMP. The SSCP examination has 125 questions and assesses seven information systems security domains relating to the CBK (such as Access Controls, Administration, Audit and Monitoring, Cryptography, and Response and Recovery). See Also: Access Control; Administrator; Cryptography or “Crypto”; SANS Institute. Further Reading: Systems Security Certified Practitioner. About SSCP Certification. [Online, 2004.] ISC2 Website. https://www.isc2.org/cgi-bin/content.cgi?category=20. Island-hopping (general term):To crack one system and then use it as a “launching pad” for cracking other systems. University computer systems tend to be a hotbed of compromised systems from which crackers launch DoS attacks. Home computers attached to DSL (Digital Subscriber Lines) and cable modems are frequently exploited by crackers and used to launch Denial of Service (DoS) attacks.The primary reason these exploits occur is that home computers tend to lack key security features and anti-virus software. Given the huge customer base 183 Island-hopping of Internet Service Providers (ISPs) offering cable modems or DSL services, it is very difficult to track the origin of such DoS exploits. See Also: Denial of Service (DoS); DSL (Digital Subscriber Lines); Exploits; Internet Service Provider (ISP);Vulnerabilities of Computers. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. ISO (International Organization for Standardization) (general term): A federation of the national standards bodies that forms a nongovernmental,multinational organization. In 2005, 149 countries collaborated under the ISO umbrella.Working groups from the member countries continue to develop standards that are adopted as national standards by the member countries. Through the standardization effort, duplication of work is avoided and the seamless transfer of technology is thus enabled. ISO 17799 (general term):A detailed security standard that is organized into the following areas: asset classification and control; business continuity planning; compliance; computer and operations management; personnel security; physical and environmental security system access control; security organization; security policy; and system development and maintenance. Because ISO 17799 is very thorough, it requires a methodical and measured approach to system security as well as access to essential tools and products.To assist firms and agencies wanting to improve their ISO 17799 compliance status, a directory can be found at http://www .iso17799software.com/index.htm.The latter provides links to products and tools geared to making the compliance process less difficult and including downloadable trial versions. See Also: Download; Risk; Security. Further Reading: Risk Associates. ISO 17799: What is it? [Online, 2004.] Risk Associates Website. http://www.iso17799software.com/index.htm. ITAR (International Traffic in Arms Regulation) (general term): The United States government controls the export and import of defense-related materials and technology through this regulation. Many IT security-related technologies—particularly encryption technologies—fall under ITAR and are therefore restricted from export. Ivanov, Alexey and Gorshkov,Vasiliy Case (legal case): The real-life case of Alexey Ivanov and Vasiliy Gorshkov was discussed at the Black Hat Security Conference in Las Vegas in July 2004. It involves two crackers who were smart enough to crack into computer systems but naïve concerning the social engineering talents of FBI agents. Following is a summary of events in the case. On October 10, 2001, in Washington, a jury returned a guilty verdict against Vasiliy Gorshkov, age 26, of Russia, on 20 counts of conspiracy, numerous computer crimes, and fraud.The targets included Speakeasy Network (Seattle,Washington), the Nara Bank (Los Angeles, California), the Central National Bank of Waco (Waco, Texas), and the online credit card payment company PayPal (Palo Alto, California), among others. For these crimes, Gorshkov faced a maximum prison term of five years on each count, resulting in a possible sentence of 100 years in prison and a fine of $250,000 on each count.The jury sentenced him to a three-year prison term. Island-hopping 184 Gorshkov was one of two Russians persuaded to go to the United States through an FBI sting operation.The sting came from an investigation of Russian computer intrusions directed at these targets. Apparently the pair used the targeted computers to steal clients’ personal financial information. They then attempted to extort money from the targeted firms with threats to either show the sensitive data to the public or to damage the firms’ computers.The pair also defrauded PayPal with stolen credit card numbers used to get money to pay for computer parts ordered from U.S. vendors. The FBI’s sting operation was formulated to seduce the Russian criminals to arrive on U.S. soil so that they could be caught and charged. As part of the sting, the FBI created a computer security company named Invita.Then, pretending to be Invita personnel, during the second half of the year 2000 the FBI agents communicated with the Russian pair by phone and email.The pair eventually agreed to a personal meeting in Seattle, where Invita was theoretically based. Before the FBI agents would bring the pair to the U.S., however, the team had to pass a special test.They had to crack a test network—an exploit they successfully completed. Gorshkov and Ivanov landed in Seattle,Washington, on November 10, 2000, to attend the prearranged meeting at Invita.The Russian men did not know that the Invita meeting participants were actually FBI agents. The Russians also were not aware that the meeting was recorded on tape. During the meeting, Gorshkov and Ivanov bragged about their cracking prowess and took responsibility for their cracking exploits. Gorshkov shrugged off any concerns about the FBI’s catching them, maintaining that the FBI could not get the pair while they were in Russia.When asked how they got the U.S. credit cards, Gorshkov said that he was not prepared to discuss that issue while they were in the United States. He then suggested that such questions would better be addressed in Russia. At the end of the Invita meeting, the two Russians were arrested and Ivanov was sent to Connecticut to face charges for a cracking incident regarding the Online Information Bureau of Vernon (in Connecticut). Several days after the arrests, the FBI agents got access through the Internet to the men’s computers in Russia.The FBI copied considerable data from their accounts and obtained a search warrant from a U.S. judge.The data provided a wealth of cracking evidence.The pair had huge databases of stolen credit card information: More than 56,000 credit cards’worth of information was on their computers, as was the personal financial information of online banking clients. The data also showed that the crackers gained unauthorized control over numerous computers, including those of a school district in Michigan.The crackers then used those computers to commit fraud against PayPal and other online firms. See Also: Black Hats; Federal Bureau of Investigation (FBI); Internet. Further Reading: U.S. Department of Justice. Russian Computer Hacker Convicted by Jury. [Online, October 10, 2001.] U.S. Department of Justice Website: http://www.usdoj.gov/ criminal/cybercrime/gorshkovconvict.htm. 185 Ivanov, Alexey and Gorshkov, Vasiliy Case J. Random Hacker (general term): The archetypal hacker. Although the hacker world is predominantly male and no records of the exact numbers of both genders exist, the percentage of women engaging in hacking and cracking activities seems to be greater than the single-digit range typically reported for the technical professions. In the United States, the hacker community is predominantly Caucasian, with strong pockets of Jewish hackers on the East Coast and strong pockets of Oriental hackers on the West Coast. Among hackers, ethnic distribution is understood to be simply a function of which groups tend to seek and value education, particularly in cyberspace. Hackers say that prejudice—whether gender, racial, or ethnic—is notably uncommon among them. In fact, prejudice, they affirm, tends to be met with freezing contempt in the computer underground (CU). Hackers’ notorious umbilical ties to Artificial Intelligence (AI) research writings and science fiction literature may have helped them to develop a “personhood” concept that is inclusive rather than exclusive. Geographically, in the United States hackerdom seems to center along a Bay Area–to–Boston axis, with about half of the hard-core hackers living within a hundred miles of Cambridge, Massachusetts.Another hacker magnet is Berkeley, California. Other hackerdom clusters include university towns such as ones in the Pacific Northwest, as well as Washington, D.C.; Raleigh, North Carolina; and Princeton, New Jersey. See Also: Artificial Intelligence (AI); Hackers. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. J/K-J/P (general term): Chat room talk meaning “just kidding/just playing.” Java and JavaScript (general terms):Though these terms sound alike, they have different meanings. When computer experts discuss the Java programming language, they often mention that browsers include a type of virtual mechanism (or “sandbox”) encapsulating the Java program and preventing it from gaining access to local machines.The theory behind Java has been that a Java “applet” is actually content-like graphics and not full-application software. But as of 2000, all major browsers have been found to have bugs in the Java virtual mechanisms, allowing hostile applets to break free of the “sandbox” and gain access to other system parts. Most security experts now browse with Java disabled on their computers, whereas other security experts encapsulate it with many more sandboxes. Java is used as a full-fledged programming language in which many of the server-side applications on the Internet are written. JavaScript, on the other hand,was developed by Sun Microsystems and Netscape to be a userfriendly complement to the Java programming language that could be added to basic HTML pages to create considerably more interactive documents. It is little wonder, therefore, that JavaScript is often used to create interactive Web-based forms. Most modern-day browsers, including those from Microsoft and Netscape, have JavaScript support. Although Java and JavaScript are different, to be able to take market advantage of the negative marketing hype around Java, Netscape renamed its JavaScript “LiveScript.” See Also: Browser; Programming Languages C, C++, Perl, and Java. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website: http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; www.cnet .com. JavaScript. [Online, December 2, 2004.] www.cnet.com Website: http://www.cnet.com/ Resources/Info/Glossary/Terms/javascript.html. Jobs, Steve (person; 1955– ): Along with Steve Wozniak, started the well-known company Apple Computer, Inc. After studying physics, literature, and poetry at Reed College in Oregon, Steve sold his Volkswagen minibus in 1976 for funds to start a computer company. Jobs and Wozniak took the company public just four years later at $22 a share, and by 1984, they reinvented the personal computer with the Macintosh. He left Apple, and from 1986 through 1997, Jobs founded and ran NeXT Software, Inc., a company that created hardware to exploit the full potential of object-oriented technologies. Jobs then sold NeXT Software, Inc., to Apple in 1997, at which time he again associated himself with Apple Computer, Inc. In 1986, Steve Jobs discovered and bought an animation company called Pixar Animation Studios.This company became the creator and producer of a number of top-grossing animated films such as A Bug’s Life; Monsters, Inc.; Toy Story; and Toy Story 2. Since 1997, Steve Jobs has helped Apple Computer, Inc. to create innovative products such as iMac, iBook, iMovie, and iPod. He was also part of the team that positioned Apple to venture onto the Internet. See Also: Internet;Wozniak, Steve. Further Reading: Jobs, S. “Resume.” [Online, December 1, 2003.] Steve Jobs’ Home Page Website: http://homepage.mac.com/steve/Resume.html; Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Johansen, Jon Lech (person; 1984– ):A Norwegian cracker famous for designing software that could crack the encryption of DVDs. He resurfaced during August 2004, making media headlines when he cracked Apple Computer, Inc.’s wireless music streaming technology and then released on his Website a key for decoding the encryption used for the AirPort Express streaming media device. His blog can be found at http://www.nanocrew.net/blog/. See Also: Blog; Encryption or Encipher; Key;Wireless. Further Reading: In Brief. Hacker Cracks Apple. The Globe and Mail,August 12, 2004, p. B7. Jurisdiction (legal term): Jurisdiction and power accorded to judges are intimately related. Power is constitutionally conferred on a judge to decide whether there has been a breach of law, the causes of the breach, and the kind of prison sentence or penalty that is appropriate for such a breach.The physical land area or geographical district within which a judge has jurisdiction is called his or her “territory.”Thus, a judge’s power relative to the territory is called “the territorial jurisdiction.” Judges have power only in their jurisdictions, and the decisions of judges in upper courts preside over decisions of judges in inferior courts. Java and JavaScript 188 Further Reading: The ’Lectric Law Library. The ’Lectric Law Library’s Lexicon On Jurisdiction. [Online, 2004.] The ’Lectric Law Library Website: http://www.lectlaw.com/def/ j013.htm. Just In Time (JIT) Compiler (general terms): Translates JAVA bytecode into machine language while the bytecode is being executed.This technology ensures high execution speeds by doing the translating into machine code while maintaining platform independency.The translation is done “on the fly” while the program is already running. Several security issues have been reported as a result of using the technology, particularly through the improper configuration of the security settings of the compiler. See Also: Java. 189 Just In Time (JIT) Compiler Kerberos (general term):A network authentication protocol using symmetric cryptography to provide authentication for client-server applications.The core of Kerberos architecture is the KDC (Key Distribution Server), storing authentication information and using it to securely authenticate users and services. Authentication is called “secure” because it does not occur in plaintext, it does not rely on authentication by the host operating system, it does not base trust on IP addresses, and it does not require physical security of the network hosts. For these reasons, the KDC acts as a trusted third party in performing authentication services. See Also: Authentication; Cryptography or “Crypto”; Host; IP Addresses; Key; Security. Further Reading: The Tech FAQ.What is Kerberos? [Online, 2004.] The Tech Faq Website: http://www.tech-faq.com/cryptology/kerberos.shtml. Kernel (general term):The heart or essential component of any operating system.When computer users say something like, “Oh no, my computer crashed!” what they are really saying is, “Oh, no, my kernel has crashed!”The primary function of the kernel is to coordinate different parts of the operating system—the disk drive, access to memory, the programs and processes, input/output devices such as the mouse and the keyboard, as well as networking. See Also: Computer. Key (general term):The value needed to encrypt or decrypt a message. Keys can be symmetric or asymmetric. If someone wanted to keep information secret from another, he or she could utilize one of two strategies: either hide the fact that the information exists, or make the information that exists unintelligible to another. Cryptography is the act of securing information by encrypting it, and cryptanalysis is the act of decrypting encrypted data to make a message intelligible. Cryptology is the area of mathematics that includes both cryptography and cryptanalysis. Modern cryptography uses algorithms, or complex mathematical equations, and secret keys to decrypt and encrypt information. A key is a number or a string that is typically fewer than 20 characters. Symmetric keys use the same key for decryption and encryption, whereas asymmetric keys are produced in pairs—one key encrypts the information and the other,“mirrored” key decrypts it.Thus, someone having only one key could not figure out the other key. A common question in security pertains to differences between 40-bit and 128-bit encryption in Internet browsers. The easiest way to break encryption in order to read the plaintext is simply to try all possible keys.To help indicate the relative degree of difficulty in carrying out this task, it is important to realize that a 40-bit key has one trillion combinations. So, it would take a lone computer many weeks to attempt all these combinations. A cracker with considerable time on his or her hands would likely need just a few weeks to decrypt a message sent across the Internet with a 40-bit browser. Furthermore, every increase in key length means that the key will take double the time to crack. For argument’s sake, if a computer needs one week to crack a 40-bit key, it will take twice as long to break a 41-bit key—and for a 128-bit key, it will need an estimated 309,485,009,821,345,068,724,781,056 times longer to break it. See Also: Cryptography or “Crypto”; Decryption or Decipher; Encryption or Encipher. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website: http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; Simpson, S. Cryptography Defined/Brief History. [Online, Spring, 1997.] University of Texas Economics Website: http://www.eco.utexas.edu/faculty/Norman/BUS.FOR/course.mat/SSim/history .html. Key Escrow (general term): A cryptographic key entrusted to a third party, meaning that the key is kept “in escrow.” Normally a key would not be released to anyone but the sender or receiver without proper authorization.The purpose behind the key escrow is to serve as a backup if the parties with access to the cryptographic key lose the data, such as through some natural disaster or a crack attack. Picture this realistic scenario. Company A supplies software that Company B sells embedded in its hardware. Company B, worried that Company A may go out of business, requests that Company A place in escrow the source code for the software.Then, if Company A does go out of business, Company B is still able to sell products. The public became aware of the controversial side of key escrow at the time of the U.S. Clipper Proposal in the early 1990s.The Clipper Proposal suggested that to prevent abuse, there should be two separate escrow agents, each holding half of the key.The controversy began when the U.S. government suggested in a set of proposals that there should be a broader utilization of cryptography without intelligence officers and law enforcement agents’ abilities to read encrypted traffic being hampered. The idea was that key escrow would allow U.S. agents, subject to certain legal controls, to access copies of cryptographic keys protecting information exchanges.Although these proposals were publicly stated as being voluntary in nature, they produced much protest from citizens groups who saw key escrow not only as the first step toward placing domestic controls on cryptography but also as a step that would undermine the constitutional freedoms given to U.S. citizens—particularly privacy and freedom from unwarranted government intrusion into citizens’ private lives. Those on the other side of the debate maintained that widespread use of strong cryptographic information protection had certain risks associated with it, such as key loss. For this reason and particularly in times of emergency, end users needed some way of recovering the key. The stated objective of key escrow was to find a compromise so that all parties making concessions would get something in return. After much effort by those who stood more toward the center, a consensus was eventually reached on the concept of key recovery. See Also: Clipper Proposal or Capstone Project; Cryptography or “Crypto”; Privacy; Privacy Laws; Risk. Further Reading: Gladman, B. Key recovery—meeting the needs of users or key escrow in disguise? [Online, 2004.] B. Gladman Website: http://www.fipr.org/publications/key-recovery .html; Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website: http://www .linuxsecurity.com/resource_files/documentation/hacking-dict.html. Key Exchange (general term):The protocol used to set up a security association in the Internet Protocol Security (IPSec) protocol suite.Although IPSec, or IKE (Internet Key Exchange), is Key 192 an optional part of the IPv4 standard, it is a mandatory part of the new IETF IPv6 standard, which is soon to be adopted throughout the Internet. The IKE command can perform several functions, including activating, removing, or listing IKE and IP Security tunnels. IKE uses a Diffie-Hellman key exchange to set up a shared secret from which cryptographic keys are derived in a partial implementation of the so-called Oakley protocol. Public key techniques or pre-shared secrets are used to authenticate communicating parties. See Also: Algorithm; Diffie-Hellman Public-Key Algorithm (DH); Internet Engineering Task Force (IETF); Internet Protocol Security (IPSec); Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6). Further Reading: Farlex, Inc. Internet Key Exchange. [Online, 2004.] Farlex, Inc.Website: http://encyclopedia.thefreedictionary.com/Internet%20key%20exchange. Key Recovery, User-Controlled (general term): A means of recovering cryptographic keys when the usual means for obtaining them is unavailable. User-controlled key recovery, in particular, means that the owner of the information being protected can choose to enable the key without otherwise altering the cryptographic protection strength available to him or her. As Gladman suggests, it is important to recognize that ownership of key recovery is retained by the information owner. Ownership of key recovery is not retained by the government or the end user. Key recovery, particularly that which is user controlled, is a controversial topic, with arguments from the government’s side and those from the companies’ side explained in a 2004 article by Brian Gladman. In a business scenario, the business-owned information is at risk. Therefore it is crucial that key recovery decisions are made by the business and not by consumers. In contrast, in the utilization of cryptography by private citizens, the interests of the user and the information owner coincide; thus, the end user should have control of key recovery actions. See Also: Cryptography or “Crypto”; Key. Further Reading: Gladman, B. Key recovery—meeting the needs of users or key escrow in disguise? [Online, 2004.] B. Gladman Website: http://www.fipr.org/publications/key-recovery .html. Keystroke Logger (general term): A hardware device or small program monitoring each keystroke a user types on a computer’s keyboard. It is sometimes called a system monitor. As a hardware device, a keystroke logger is a small plug serving as a connector between the user’s keyboard and computer. Because the device resembles an ordinary keyboard plug, it is relatively easy for someone who wants to monitor a user’s behavior—a hacker or a cracker—to physically hide such a device. (It helps that most workstation keyboards plug into the back of the computer.) As the user types, the hardware device collects each keystroke and saves it as text in its own miniature storage device. Later, the person who installed the keystroke logger can return and remove the device to access the gathered information. A keystroke logger program does not require physical access to the user’s computer. It can be downloaded by someone who wants to monitor activity on a particular computer, or it can be downloaded unwittingly as spyware and executed as part of a rootkit or remote administration (RAT) Trojan. 193 Keystroke Logger According to reports, a crack attack on Sumitomo Mitsui Bank in March 2005, involved the use of inexpensive keyboard logging devices. Apparently, cleaning staff or individuals posing as cleaning staff attached the devices to computers.When the exploit was discovered, bank investigators found some of the devices still attached to some of the PCs.To prevent such crack attacks, many banks are now believed to permanently connect keyboards into their computers or to ban wireless keyboards.The Sumitomo Bank—post exploit—is said to now use sophisticated software to monitor the electrical current in computer systems to determine whether the computers have been compromised. A keystroke logger program for a Microsoft Windows Operating System typically consists of two files installed in the same directory: a dynamic link library (DLL) file, which does all the recording, and an executable file (.EXE), which installs the DLL file, triggering it to work.The keystroke logger program records each keystroke the user types and uploads the information over the Internet periodically to whoever installed the logger program. Although keystroke logger programs are promoted for benign purposes, such as to let parents keep track of their kids’ travels on the Internet, most privacy advocates argue that the potential for abuse is so large that laws should be passed to make the unauthorized use of keystroke loggers a criminal offense. Businesses, too, are becoming concerned about the legal ramifications of using keystroke loggers to track employees’ computer behaviors during workdays. See Also: Internet; Privacy; Rootkit; Spyware;Trojan. Further Reading: TechTarget. Keystroke Logger. [Online, July 19, 2004.] TechTarget Web Site. http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_gci962518,00.html; Warren, P. Bank Attack Used Key-Loggers Costing Just 20 Sterling. [Online, April 21, 2005.] vnu.net europe Website: http://www.vnunet.com/news/1162595. Kilobyte (KB) (general term): Equal to 1,024 (or 210) bytes. Knight,Tom and Kotok, Alan Team (general term):Two of the original hackers at MIT in the 1960s.Then, a “hack” meant a prank of the kind that students played on their MIT faculty or their rivals—”out of the box” fun tricks such as wrapping the entire roof of the MIT building in tinfoil. See Also: Good Hack. Known-Plaintext Attack (general term): The simplest means to “brute-force” a key using a sample of both the encrypted message and the original plaintext.A known-plaintext attack is a cryptographic attack in which an individual has the plaintext and its encrypted version (ciphertext), thereby allowing him or her to use both to reveal further secret information—such as the secret key. Encrypted archived ZIP files are said to be prone to known-plaintext attacks because using software available on the Internet, crackers are able to determine the key needed to decrypt the archived files. See Also: Ciphertext; Encryption or Encipher; Cryptography or “Crypto”; Plaintext. Further Reading: GNU_FDL. Known-Plaintext Attack. [Online, 2004.] GNU Free Documentation License Website: http://www.wordiq.com/definition/Known-plaintext_attack. Keystroke Logger 194 L (general term): Chat room talk for “laugh.” L0pht bulletin (general term): For decades, neophyte crackers and hackers have obtained much of their required information from books, documents, and online mailing lists such as the L0pht bulletin and Phrack. One of the founding members of the L0pht Heavy Industries team responsible for producing the L0pht bulletin was Peiter Zatko, more commonly known in the Computer Underground as Mudge. Mudge gained notoriety in 1998 when he and other L0pht members testified before a Senate committee that they could take down the Internet in 30 minutes.Thus, the members argued, sound computer system security is a must in a wired (and now wireless) world. A highly sought-after computer security consultant, Mudge not only left the security firm @stake Inc. several years ago but also stayed away from the security industry for a while. Finally, in February 2005, Zatko decided to come back to the security field by joining BBN Technologies Inc. Zatko had, in fact, been employed there in the 1990s. BBN Technologies Inc. is best known as the contractor responsible for building ARPANET. See Also: Crackers; Hackers; Newbies or Scriptkiddies; Phrack. Further Reading: Fisher, D. Hacker ‘Mudge’ Returns to BBN. [Online, February 2, 2005.] Ziff Davis Publishing Holdings, Inc.Website. http://www.eweek.com/article2/0,1759,1758913,00 .asp?kc=EWRSS03119TX1K0000594. LACNIC (general term):An acronym for the Latin American and Caribbean Internet Addresses Registry. It is one of five Internet registries serving different world regions by assigning and administering IP addresses. See Also: AfriNIC;ARIN; IANA; IP Address; RIPE NCC. Lag Time (general term):The time that it takes for data to come back from a server. See Also: Server. LambdaMOO (general term): A sort of (at least it turned out to be) Black Hat equivalent of the present-day popular online game Sims Online.To be more precise, LambdaMOO was a subspecies of MUD (a multi-user dungeon) known as a MOO, an abbreviated form of “MUD, object-oriented.” LambdaMOO was a type of database giving users the rather realistic feeling that they were moving through space. When users dialed into LambdaMOO, the program immediately presented users with a short text description of one of the database’s fictional rooms in a fictional mansion. The rooms, the things in them, and the characters were able to interact according to rules imitating laws in the real world. In general,LambdaMOOers were allowed the positive freedom “to create.”They could describe their characters in any way, decorate rooms, and build new objects. The combination of all this user activity with the physics of the database could induce an illusion of “presence.”What the user really saw when he or she visited LambdaMOO was a form of slow-moving text, dialogue, and stage directions that moved up the screen. One of the controversial cases around LambdaMOO involved a cyber perpetrator by the name of Mr. Bungle, who, with an online voodoo doll and a piece of programming code, could spoof other players by taking over their identities and performing offensive actions against them. The closest thing to this kind of action today would be called identity theft.Though some of the users of LambdaMOO felt that Mr. Bungle virtually raped them—or at least cyberstalked them—the claims could not be legally upheld because Mr. Bungle caused the users in LambdaMOO to commit offensive actions against themselves. Mr. Bungle was not himself virtually involved in the offensive acts. See Also: Black Hats; Identity Theft or Masquerading; MOO; MUD. Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime:A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004. Laser Intelligence (LASINT) (general term): Is technical and geo-spatial intelligence obtained with laser technology and is therefore a sub-category of electro-optical intelligence. See Also: Intelligence; U.S. Intelligence Community. Further Reading: U.S. Military: laser intelligence. [Online, 2004.] About, Inc. Website. http://usmilitary.about.com/library/glossary/l/bldef03545.htm. Layers of Networks (general term): The international standards organization for the Open Systems Interconnection (or OSI) has defined the following seven layers of networks: • Physical Layer—Defining the electrical and mechanical interfaces to the network, it determines the upper limit of the transmission speed needed for audio and video information. • Data Link Layer—Comprising the access protocol to the physical layer, it deals with error correction, flow control, frame synchronization, and the transmission of data frames. • Network Layer—Containing switches and router packets, it establishes logical associations of remote stations and provides services such as addressing, congestion control, error handling, internetworking, and packet sequencing. • Transport Layer—Provides a program-to-program connection. • Session Layer—Coordinates interactions between user application processes on different hosts, including multi-cast (defined as one to many, multi-drop), many-to-one sessions, and point-to-point. • Presentation Layer—Manages abstract data structures and converts different data formats and codes. • Application Layer—Contains protocols such as ftp, SMTP, telnet, and email. The TCP/IP protocol used on the Internet collapses layers 5, 6, and 7 of the above OSI Model to a single application layer, thus forming a five-layer protocol. LambdaMOO 196 See Also: Encapsulation;TCP/IP. Further Reading: Tanenbaum, A. Computer Networks, 4th ed. Upper Saddle River, NJ: Prentice Hall, 2003. Leach (general term): A derogatory term in the warez underground community that refers to self-serving individuals who download an abundance of information for free but never give back to the community. Following the passage of the Digital Millennium Copyright Act (DMCA) in 1998 and particularly since 2004, violators of copyright law have been taken to court by the recording industry for infringement of the Act—a form of leaching. Many of those targeted by the recording industry included U.S. students who downloaded music from Napster and shared files with their friends for free, depriving the recording artists of their royalties and failing to give back to the entertainment community.The courts generally made each of the student violators pay thousands of dollars in damages. See Also: Digital Millennium Copyright Act (DMCA); Napster;Warez Software. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Least-privilege (general term):A security principle holding that users should be allocated the least possible set of privileges on a computer system. For security reasons, users should be given only the amount of privileges needed to complete their tasks. Without question, least-privilege is a critical area in security.Accepting that organizations, university and medical institutions, as well as government agencies have in recent years adopted the Internet as a key means of conducting important transactions—often involving sensitive information—one important factor these organizations and agencies have had to address is an unprecedented demand for security measures to guarantee the confidentiality, integrity, and availability of sensitive online information. A great place to begin building sound security measures to protect information assets, note security experts, is to install network perimeter-based protection with capabilities consistent with the security expectations of the organization. See Also: Integrity; Internet; Security;Type Enforcement Technology. Leetspeak (general term):A word that derives from the hacker elites, leetspeak not only relies on humor and improvisation but also is a new kind of language now popular in the hacker community. Leetspeak, generally also known as L33T speak, incorporates layers of computer underground references—slang words such as warez (meaning pirated software), for example— and transforms the letters in the slang words into numbers and symbols (called visual puns or icons). As examples, the letter E is written as a 3 and the letter A is written as a 4. Also, L is written as a 1 and an S is written as a 5. Consistent with earlier TAP methodology, the letter O is written as a 0. Technically speaking, leetspeak is a cipher on top of jargon: Slang words that are incomprehensible to those outside the hacker community are further rearranged into symbols. Other fun consists of alternating uppercase and lowercase letters and deliberately misspelling common-usage words. For example, porn will often be written as pr0n and the as teh. 197 Leetspeak Hacker community jokes are designed to fool not only people but also machines.The technique called “fat-finger typing” is what spammers use to circumvent filters on email. Fat-finger typing makes a word usually readable to a human (who can mentally adjust for errors in the typing and “see” the word as it should be) but unreadable to a search engine. Because search engines are not blessed with the cognitive flexibility and adaptation of humans, fat-finger typing often lets undesirable things such as pornography ads get through software filters. See Also: Electronic Mail or Email;TAP;Warez Software. Further Reading: Smith, R. Virtual Culture: Hackers Devise Their Own Language Literacies. The Globe and Mail, July 22, 2004, p. R1, R3. Levin,Vladimir (person; 1971– ):A graduate of St. Petersburg Technology University in Russia, mathematician Vladimir Levin supposedly masterminded the Russian cracker gang’s exploit that tricked Citibank’s computers into relinquishing $10 million. Levin apparently used a laptop computer in London to crack the Citibank network in order to get a list of the bank clients’ passwords. He then logged on to the network 18 times over several weeks with the intent of transferring money to accounts his group had in the United States, Finland, the Netherlands, Germany, and Israel. Levin was arrested at Heathrow Airport in 1995 and was sentenced to a three-year prison term in the United States.He was also ordered to pay back more than $240,000 of the stolen money to Citibank—supposedly his share. After this incident, Citibank began using the dynamic encryption card, an extremely tight security system possessed by other financial institutions worldwide. See Also: Black Hats; Cracking; Exploit; Network;Vulnerabilities of Computers. Further Reading: Discovery Communications, Inc. Hackers: Outlaws and Angels. [Online, 2004.] Vladimir Levin. Discovery Communications, Inc. Website. http://tlc.discovery.com/ convergence/hackers/bio/bio_09.html; Flohr, U. Bank Robbers Go Electric. [Online, May 20, 2005.] CMP Media, LLC.Website. http://www.byte.com/art/9511/sec3/art11.htm. Levy, Steven and His Books on Hackers (general term): In 1984, Steven Levy wrote the book Hackers: Heroes of the Computer Revolution, which is held in high regard in the Computer Underground. Levy not only discussed many important talents in the hacker world in this book but also detailed the tenets of the Hacker’s Ethic—the foundation of hacker culture. Levy’s more recent books include Unicorn’s Secret, Artificial Life, Insanely Great, and Crypto. He is a senior technology editor for Newsweek magazine. See Also: Computer Underground (CU);White Hat Ethic. Further Reading: Levy, S. Steven Levy’s Home Page. [Online, 2004.] Steven Levy’s Website. http://mosaic.echonyc.com/~steven/index.html. Lightweight Directory Access Protocol (LDAP) (general term):A communication protocol used to transport and format messages in order to access information in an X.500-like directory.A directory able to be accessed with LDAP is known as an LDAP directory.The LDAP Version 3 (LDAPv3) protocol has become the standard used by large firms to access user and resource directory data. The shortcoming of LDAPv3 is its lack of access control and back-end enterprise integration extensions (such as replication) that are widely adopted and necessary for integrating disparate directories and for constructing a distributed directory service. Today within most enterprises, Leetspeak 198 meta-directories tend to resolve the issue. Endeavors are underway to address shortcomings of LDAP, ironically by reintroducing features that were stripped out in the transition of the more complex X.500 standard to make it more “lightweight.” See Also: Protocol. Link (general term):Typically used as a short form of hyperlink, which is used in Web documents written in the HyperText Markup Language (HTML) to enable navigation from one Web page to another by the user’s clicking the link. Links can cause concern for security experts, particularly when the text describing the link does not correspond with its destination and is a deliberate attempt to lure an unsuspicious user to a Website that might contain malicious code or trick the user into revealing personal data. See Also: HTML; HTTP. Link Virus (general term):A computer virus that is downloaded and launched by clicking a link embedded in a Website. The link usually seems to point to a harmless destination and is frequently obscured so that an unwary user believes that nothing bad can happen. It is often used in phishing or spear phishing attacks to smuggle attack code through the perimeter defenses of an organization. See Also: Link; Phishing;Virus. Linux (general term): An operating system widely used on Internet servers and embraced by large corporations as an alternative to the Microsoft operating system software. Linux was named after a Finnish man, Linus Torvalds, who started the community development process of this UNIX-compatible operating system. Linux is also viewed as an alternative to commercial flavors of UNIX. See Also: Internet; Operating System Software;Torvalds, Linus; UNIX. LMAO (general term): Chat room talk meaning “laughing my ass off.” Local Area Network (LAN) (general term):A computer network contained in one or more buildings that are physically close to one another. See Also: Computer; Network. Local Exploit or Intrusion (general term): Requires that the cracker has access to a machine. The cracker then runs an exploit script granting him or her administrator or root access.A number of sites on the Internet give newbies in the Computer Underground (called scriptkiddies) an idea of how vulnerabilities can be exploited in just a few steps. Though a number of techniques can be used to accomplish this task, the most common are misconfiguration, poor SUID, buffer overflows, and temp files. See Also: Buffer Overflows; Exploit; Misconfiguration Problems; Poor SUID;Temp Files. Further Reading: Nomad Mobile Research Center. The Hack FAQ: UNIX Local Attacks. [Online, 2004.] Nomad Mobile Research Center Website. http://www.nmrc.org/pub/faq/ hackfaq/hackfaq-29.html. Local Loop (general term): A logical network interface on a computer having TCP/IP networking software. A local loop interface is used for the interprocess communication of two 199 Local Loop processes on the same machine. Modeled within the kernel memory, it is faster than a connection made through a real-network interface. See Also: Network;TCP/IP or Transmission Control Protocol/Internet Protocol. Local Loop,Wireless (WLL) (general term): Often referred to as Radio in the Loop (RITL), Fixed-Radio Access (FRA), or Wireless Local Loop (WLL), these are systems connecting customers to the public-switched telephone network (or PSTN). Radio signals are used as a copper substitute to provide part or full connection between the user and the switch. This system includes cordless access systems, fixed cellular systems, and proprietary fixed-radio access. Today’s industry analysts predict that the worldwide WLL market will soon attract millions of users, with considerable growth in emerging economies that reach only a very limited percentage of their population with traditional wire-based telephone service. For example, analysts suggest that China, India, Brazil, Russia, and Indonesia might adopt WLL technology as an efficient means of deploying telephone service to multitudes of subscribers without having to undergo the expense of burying tons of copper wire. Moreover, say analysts, in developed countries WLL technology will assist in unlocking competition in the local loop, thus enabling operators to bypass existing wire-line networks in order to deliver telephone services and data access. So the question, say analysts, is not “will the local loop go wireless?” but “where and when?” See Also: Local Loop. Further Reading: International Engineering Consortium.Wireless Local Loop. [Online, 2004.] International Engineering Consortium Website. http://www.iec.org/online/tutorials/wll/. Log (general term): A record of actions and events occurring on a computer when a user is active. Many components of a computer’s operating system and numerous applications generate logs.Web servers generate traffic and usage logs in a common logfile format (CLF) that can be used as input to a variety of statistical tools. See Also: Computer. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Log Subsystem (general term): System administrators must analyze numerous types of log entries not only from multitudes of sub-systems within each system but also from multitudes of systems in order to detect system intrusions. For example, an FTP server will write an entry for every connection it gets, the kernel will generate entries for failures of hardware (such as in a disk drive), and a DNS server might regularly report usage statistics. Some of these log entries might require the immediate attention of a system administrator or of someone having expertise in a particular type. Still other entries simply need to be recorded for future reference.To deal with these important matters, most UNIX systems have a log sub-system facility called Syslog, implemented as a daemon program named “Syslogd.” This program listens for messages on a socket called /dev/log. By classifying information in the entries and in the contents of the config file (typically /etc/syslog.conf), Syslogd routes the information—such as “print to the system console,”“mail to a specific user,”“create entry in a logfile,”“forward to another daemon,” or “discard.” Syslogd can also listen for information on the Syslog UDP port and on the local socket.Though Syslogd can Local Loop 200 operate on information from the operating system, the kernel does not write to /dev/log. Instead, another daemon (named Klogd) receives information from the kernel and forwards it to Syslogd. Syslogd must receive a two-part classfication piece of information from each process consisting of “facility” and “priority.” A facility/priority number is one indicating both the facility and the priority. Facility ascertains the source—such as the kernel, the mail subsystem, or an FTP server. Priority ascertains the importance of the contents—such as debug, informational, warning, or critical. Except for the fact that priorities have a defined order, the real meaning of these is determined by the system administrator. See Also: Administrator; Daemon; Domain Name System (DNS); /etc/syslog.conf; FTP (File Transfer Protocol); Kernel; Logfile; Socket; UNIX; User Datagram Protocol (UDP). Further Reading: GNU Organization. Overview of Syslog. [Online, 2004.] GNU Organization Website. http://www.gnu.org/software/libc/manual/html_node/Overview-of- Syslog.html. Logfiles (general term): The area on a computer system where, according to crackers, “interesting” events are stored. Interesting events can include the logging in and logging out of users, access to certain applications (such as mail, FTP, and Web pages), system startup, system shutdown, and error messages. Crackers typically try to hide their tracks by altering the contents of logfiles to delete entries caused by their malicious acts. See Also: Computer; Crackers; Cracking; Logs; Logging In. Logging In (general term): Gaining access to a computer system through an authentication process.Typically, a username and a secret password are used to authenticate a user in the login process. Increasingly, because of security concerns biometric means such as fingerprints or access cards are being used instead of passwords. See Also: Authentication; Fingerprinting; Password. Logic Bomb (general term): Hidden code instructing a computer virus to perform some potentially destructive action when specific criteria are met. See Also: Code or Source Code; Malware;Virus. Logon Procedures (general term): Identifying someone trying to establish a connection to a computer. During logon procedures, two requests are made from the individual trying to gain access: a preauthorized account (or user) name and a preset password. On a computer system used by more than one individual, the logon procedure identifies the authorized users and the protocols of users’ access time. These logon procedures are meant to uphold system security by managing access to sensitive files and operations. See Also: Access Control; Computer; Logging In. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. LOL (general term): Chat room talk meaning “laughing out loud.” Loop Carrier System (general term): Uses programmable remote computers to integrate voice and information communications for an efficient transmission over a fiber-optic cable. In many ways, loop carrier systems act as circuit breaker boxes in homes. 201 Loop Carrier System See Also: Fiber-Optic Cable; Loop Carrier System. Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime:A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004. Lotus Domino (general term): A popular commercial groupware service providing e-mail, collaboration, and data exchanges to its registered users. See Also: Microsoft Exchange. lsof Tool (general term): A UNIX-specific diagnostic tool whose name means “LiSt Open Files.” It lists all files that processes running on the computer system have opened. It also lists the communications opened by each process. For these reasons, lsof is used by system administrators to figure out whether all the processes running are legitimate. See Also: Administrator; UNIX. Further Reading: Abell, V. lsof 4.68 (Default). [Online, March 22, 2004.] Open Source Technology Group Website. http://freshmeat.net/projects/lsof/?branch_id=6029&release_id= 127461. Lynx (general term): A text-based Web browser that does not require a graphical user interface to display Web pages.Although the World Wide Web becomes more and more media rich in content, the number of purists who prefer text-only renderings of Web pages does not seem to shrink. Often, Lynx is the only solution for displaying Web pages over low bandwidth lines and on slow client computers. See Also: Browser. LZW (general term): Stands for Lempel-Ziv-Welch (Algorithm).The authors,Abraham Lempel and Jacob Ziv, presented the algorithm in 1977 as a lossless universal algorithm for sequential data compression. In 1984,Terry Welch improved the algorithm to its present form. See Also: Compression. Loop Carrier System 202 Macro (general term): A sequence of commands in an application that can be recorded or directly programmed to repeatedly execute this sequence. Macros have access to resources such as disks and networks on the computer. They are stored within the document format of the application.Typical examples are macros in Office Applications such as MS Word or Excel, where they are used extensively. Newer versions of these applications include options to turn off the execution of macros for security reasons. See Also: Macro Virus. Macro Virus (general term): A computer virus that uses the macro capabilities of an application to execute code or programming steps that are embedded in data files associated with specific applications. Because users have learned not to execute programs from unknown sources for security reasons, attackers have turned to using macro viruses to embed malware in innocuous data files. Modern virus scanners detect macro viruses, as well. See Also: Macro;Virus. Mafiaboy (person; 1985– ): As has the United States, Canada has generated its share of spectacular crack attacks and crackers. In February 2000, the high-profile case of Mafiaboy (his identity was not disclosed at the time because he was a 15-year-old minor) raised Internet security concerns in the United States, Canada, and elsewhere. In fact, say legal analysts, Mafiaboy’s computer cracking trial had the potential to redefine “reasonable doubt” in a relatively unexplored area of Canadian law. What could have been a lengthy trial ended when Mafiaboy pleaded guilty on January 18, 2001, to charges that he cracked Internet servers and used them as launching pads for extremely costly DoS attacks on several high-profile Websites, including Amazon.com, eBay, and Yahoo!. As is typical of most young crackers facing the prospect of a long and expensive trial, Mafiaboy admitted his part in the DoS attacks before the Youth Court of Quebec in Montreal. He pleaded guilty to a number of counts of mischief and illegal access to a computer as well as one count of breaching bail conditions. In September 2001, the judge hearing the case ruled that the teenager committed a criminal act and sentenced him to eight months in a youth detention center. The judge also ordered Mafiaboy to have one year of probation after his detention ended and fined him $250. Nowadays, Mafiaboy writes high tech pieces for Canoe, an online news and information company based in Toronto, Canada. One of his interesting columns, entitled “Hacking becoming even easier,” details his strategy for the exploits that got him detention time. See Also: Crackers; Cracking; Denial of Service (DoS); Exploit; Internet. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Magnetic Strip (general term):Though most adults have plastic credit cards or debit cards that they use for purchasing goods and services, few likely know how the magnetic strip on the back of the card works. The magnetic strip actually comprises very small iron-based magnetic particles in a plastic-like film. Each particle is a tiny bar magnet designed so that the magnetic strip can be written in either a north pole– or a south pole–direction. (They must be one or the other.) The magnetization can then be “read” when the user swipes the credit card through a particular machine. To be more specific, the magnetic strip is actually split into three tracks “understood” by a magnetic strip reader (that is, the particular machine). Each track holds a specific number of characters with defined functions.The characters contain information about the cardholder and his or her account, but they can be “read” only in a certain order, and they are encrypted. So, even if someone did access the heavily guarded communication lines between banks and retailers, the cracker would also have to determine the encrypted code before he or she could use the card’s details to commit fraud. Three methods are commonly used to determine that a user’s credit card is legitimate and will pay for what he or she is charging. First is the conventional means of using a touch-tone phone to dial in for permission. Second is a virtual terminal on the Internet.Third is the card-swiping machine—today’s most frequently used method for purchasing goods and services in stores. In the card-swiping method, information held on the magnetic strip is picked up by Electronic Data Capture, or EDC.After the plastic card has been swiped, the EDC software contacts an acquirer by dialing a stored telephone number through a modem. An acquirer is the organization collecting credit authentication requests from retailers and providing them with a payment guarantee.When the acquirer receives an authentication request, it checks the transaction for validity and the magnetic strip record for important particulars. If a user’s credit card appears to be dysfunctional at the time that an attempted purchase is made, often the problem is that the magnetic strip has become damaged or obscured. See Also: Encryption or Encipher; Internet. Further Reading: Cardy, L. The Credit Card Strip: How Does It Work? [Online, 2004.] Crystal Guides Limited Website. http://www.theanswerbank.co.uk/Article361.html. Mail Bomb (general term): A massive amount of email that is sent to a specific person or system, consuming the recipient’s disk space on the server or creating an overload situation for the server, which causes it to slow down considerably or stop functioning altogether. In the past, mail bombs have been used to punish Internet users who are netiquette violators (such as those who spam others on the Internet). See Also: Electronic Mail or Email; Internet; Spam; Spammers. Further Reading:TechTarget. Mail Bomb. [Online, October 28, 2003.] TechTarget Website. http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_gci212514,00.html. Mail Subsystem (general term): A software package responsible for receiving, delivering, and forwarding email.The mail transport protocol used throughout the Internet is the Simple Mail Transfer Protocol (SMTP). Implementations of this protocol are available from different vendors and public-domain sources.The oldest and still most popular is sendmail. Mail access from client programs such as Outlook, Outlook Express, Eudora, and others can be handled through IMAP and POP3. See Also: Internet; Internet Mail or Message Access Protocol (IMAP); SMTP (Simple Mail Transfer Protocol). Magnetic Strip 204 Malicious Code (general term): Programs such as viruses and worms designed to exploit weaknesses in computer software replicate and/or attach themselves to other software programs on a computer or a network. Because they are designed to cause harm to a computer’s or a network’s operation, viruses and worms are known as malicious code. In short, malicious code not only propagates itself but also typically causes damage to a computer system—such as denying access to legitimate users, altering or deleting data, or deleting complete file systems and disks. See Also: Exploit;Virus;Worm. Malware (general term): Comes in many forms and can be any program or source code producing output that the computer owner does not need, want, or expect. For example, malware can be a remote access Trojan horse that can not only open a back door to a remote computer but also control someone’s computer or network from a remote location. Malware includes viruses, worms,Trojan horses (that can, for example, spy on the system and display ads when the user least expects it), and malicious active content arriving through email or Web pages visited. These forms of malware normally run without the knowledge and permission of the user. See Also: Back or Trap Door; Electronic Mail or Email;Trojan;Virus;Worm. Further Reading: Spy Sweeper. Malware: Are you running malicious software? [Online, 2004.] Spy Sweeper Website. http://www.spysweeper.com/malware.html. Man-in-the-Middle Attack (general term): An attack in which a cracker intercepts data and replies to it, making it look as though the reply came from the intended recipient. A victim thus attacked might expose private data—such as credit card or bank account information—that can later be used to defraud the victim. See Also: Attack; Crackers; Exploit; Fraud; Identity Theft or Masquerading. Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime:A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004. Markoff, John (person; 1949– ): John Markoff ’s journalistic stories about Kevin Mitnick’s cracking exploits led to a book called Takedown. The book was written by Markoff and elite hacker Tsutomu Shimomura after Shimomura assisted U.S. federal agents in finding Mitnick. When Kevin Mitnick’s trial for cracking-related crimes was scheduled to begin April 20, 1999, the “Free Kevin” supporters became angered on two fronts. First, they argued that Takedown exaggerated Mitnick’s alleged crimes. Second, they were mad that the book was about to become a movie produced by Miramax—furthering the negative propaganda disseminated by the media about computer hackers. The movie also called “Takedown” was released in 2000 and was directed by Joe Chappelle. For a fuller discussion of the case leading to Mitnick’s arrest, see The Hacking of America: Who’s Doing It, Why, and How (p. 13–19) by Schell and Dodge with Moutsatsos. John Markoff is now an adjunct faculty member at Stanford University. His Web page can be found at http://communication.stanford.edu/faculty/markoff.html. See Also: Cracking; Exploit; Mitnick, Kevin (a.k.a. Condor); Shimomura, Tsutomu; Vulnerabilities of Computers. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. 205 Markoff, John Mask (general term): See Nemasks. Matrix (general term): Means many things. It is, for one, the world’s telecommunications network. Because of its importance to the world, a number of artists have been drawn to the concept of a matrix and have incorporated it into their creative works.Thus, The Matrix is the name given to a book, a movie, and a computer game—all describing a virtual world of information similar in some ways to the Internet but completely different in other ways. “The Matrix,” upon which fiction novels, movies, and games have been based, is a computergenerated three-dimensional world in which users can do anything because the world comprises ICons, or IC (pronounced “ice”). IC, known more formally as Intrusion Countermeasure electronics, are programs stopping illegal access by intruders to computers and highly sensitive information. For example, IC might look like a bull with guns or a moose with guns, depending on what type of IC it is and what its function is. IC comes in many forms, including Black IC (the lethal form) and Probe IC (which searches for intruders and then fires back with some nasty stuff intended to stop the intruder in his or her tracks). Moreover, in “The Matrix,” a node (actually part of a host, such as a sub-system, and usually represented by a virtual landscape) might be seen as a hole or a gas pump. If that node is destroyed, the hole might suddenly disappear, or the gas pump might quickly explode. In this virtual world, a user will look like whatever he or she asked the Cyberdeck to identify him or her as.What is more, users in a nonsubmersive system cannot be hurt because the user is represented by an Icon and is not physically there.The ICon represents a computer system, and any attacks directed at the user’s ICon can damage his or her system. Since 2001, the term matrix has gained a whole new meaning.The Florida police department operated an anti-terrorism information system called the Multistate Anti-Terrorism Information Exchange, or Matrix, to locate patterns among people and events by pooling police records with commercial data on U.S. adults. The Justice Department provided $4 million to broaden the Matrix program on a national basis, and the Department of Homeland Security pledged $8 million to assist with the Matrix program expansion—so that Virginia, Maryland, Pennsylvania, and New York could join the Matrix network. See Also: Department of Homeland Security (DHS); Internet; Network;Telcom;Terrorism; Terrorist-Hacker Links; The Matrix of 1999. Further Reading: Clutton, R. The Matrix. [Online, November 26, 1999.] R. Clutton Website. http://tip.net.au/~rclutton/matrix.html; Wilson, C. CRS Report for Congress: Computer Attack and Cyberterrorism:Vulnerabilities and Policy Issues for Congress. [Online, October 17, 2003.] CRS Report Website. http://www.fas.org/irp/crs/RL32114.pdf. Mauchly, John (person; 1907–1980):The co-inventor with Presper Eckert of the first electronic computer, the ENIAC (Electrical Numerical Integrator and Calculator). In 1935, he was a physics professor at Ursinus College in Pennsylvania. From 1968 until his death, Mauchly was president of Dynatrend Inc., a company he created. He was also president of Marketrend Inc. from 1970 until his death. He received many awards for his pioneering work in computing, including the Emanual R. Pione Award, the Harry M. Goode Memorial Award, the Philadelphia Award, the Potts Medal, and the Scott Medal. Mauchly was elected a member for life of the Franklin Institute, the National Academy of Engineering, and the Society for the Advancement Mask 206 of Management. In his later years, Mauchly received advanced honorary degrees from the University of Pennsylvania and Ursinus College. See Also: Antonelli, Kay McNulty Mauchly; Computer. Further Reading: O’Connor, J. and Robertson, E. John William Mauchly. [Online, October, 2003.] University of St. Andrew’s Scotland Website. Department of Computer Science Website. http://www.gap.dcs.st-and.ac.uk/~history/Mathematicians/Mauchly.html. Maximum Transmit Unit (MTU) or Maximum Transmission Unit (general term): A packet-size property of physical network interfaces. For example, for Ethernet the MTU is 1500 bytes.The MTU can also be specified for higher-level protocols such as TCP/IP and set to higher values. Furthermore, a network’s MTU has major performance implications. For example, in Microsoft Windows, the maximum packet size for the TCP protocol is specified in the Registry. If this value is set to too small a number, data will be fragmented into a relatively high number of smaller packets—with an overall negative impact on performance. On the other hand, if the maximum TCP packet size is set too high, it will exceed the physical layer’s MTU and, again, reduce performance.The reason for reduced performance under these circumstances is that each message on the TCP layer is split into at least two smaller ones—a process called fragmentation. For owners of home PCs, setting an optimal TCP packet size can be a bit tricky.For LAN, leaving the MTU setting at 1500 bytes works well with Ethernet and is considered to be a wise bet. For communications over a dial-up connection to the Internet, the suggested MTU setting is 576 bytes. Finally, high-speed connections (including cable service, DSL, and home LANs) typically perform better at higher values. See Also: Ethernet; Internet; Local Area Network (LAN); Network; Packet; Registry; TCP/IP or Transmission Control Protocol/Internet Protocol. Further Reading: About, Inc. MTU. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/library/glossary/bldef-mtu.htm. McAfee, Inc. (general term):With headquarters in California, McAfee Inc. (MFE on the New York stock exchange) develops computer security solutions to stop network intrusions and to protect computer systems from evolving malware (such as worms, viruses, and blended attacks). McAfee, Inc. offers two families of products: McAfee System Protection Solutions for securing desktops and servers, and McAfee Network Protection Solutions for protecting corporate networks. McAfee has a wide-ranging client base, including governments, small and large businesses, and home computer users. See Also: Anti-Virus Software; Blended Threats; Computer; Malware;Virus;Worm. Further Reading: McAfee, Inc. About Us. [Online, June 6, 2006.] McAfee, Inc.Website. http://www.mcafee.com/us/about/index.html. McAfee, John (person, 1946– ): A controversial personality and former Silicon Valley entrepreneur, John McAfee,well-known as the developer of the McAfee anti-virus software company, returned to the San Francisco Bay Area on April 24, 2004, for a rare appearance. McAfee was there to headline a dynamic weekend experience—not for a computer security conference but for one named “Journey into The Self with Two Masters—John McAfee and Yogi Amrit Desai.” 207 McAfee, John At this event, McAfee was joined by Yogi Amrit Desai, the founder of Kripalu Yoga and the Kripalu Center for Yoga and Health.Yogi Amrit Desai is considered to be one of the earliest pioneers of yoga in the United States. McAfee left Silicon Valley in the early 1990s. He currently resides in the Rocky Mountains of Colorado, far from the fast-paced, high-tech, boom-and-bust scene of which he is considered to be one of the pioneers. In recent years, John founded Relational Yoga and the Relational Yoga Mandiram in Woodland Park, Colorado. He has been teaching self-discovery and breath-work techniques for more than fifteen years. McAfee has written life-change books such as The Secrets of the Yamas and Into the Heart of Truths. McAfee’s high-tech career self-destructed in March 1992 when the Michelangelo virus failed to destroy the cyber world as he had predicted. Consequently, McAfee Associates Inc. first demoted the then Chief Executive Officer to Chief Technology Officer.The company then eliminated his company presence entirely. Rumors place McAfee’s “golden parachute” buyout from McAfee Associates Inc. at or near $100 million. See Also: Anti-Virus Software. Further Reading: PR Web. John McAfee: From High Tech to Ancient Tech-nique. [Online, March 25, 2004.] PR Web Website. http://www.prweb.com/releases/2004/3/prweb113660.php; Rosenberger, R. The Return of John McAfee. [Online, October 9, 2000.] Rhode Island Soft Systems, Inc.Website. http://vmyths.com/rant.cfm?id=160&page=4. Means of Infection (general term): The technique a virus uses to achieve its execution. Malicious code typically tries to achieve two things: first, to propagate by infecting other systems, programs, or data; and second, to perform some malicious activity such as deleting or altering data, or to gather some intelligence on the attacked system. Some of the more common Means of Infection are the following: • Opening an infected e-mail attachment • Exploiting a security vulnerability of the operating system or an application • Executing programs from untrusted sources, such as those on the Internet • Sharing infected floppy disks, memory sticks, or other forms of mobile media • Receiving infected attachments (either programs or data) through IRC, Instant Messaging, or file-sharing applications • Visiting Websites containing malicious code • Accessing systems locally with the intent to install a virus See Also: Means of Transmission;Virus;Worm. Means of Transmission (general term): One goal of malicious code is to propagate, meaning that it needs to find and spread to other potential hosts (systems or programs) that it can infect. Some of the more common Means of Transmission for malicious code are by the following: McAfee, John 208 • Email as an attachment, using either harvested email accounts or collecting e-mail accounts from address books of infected systems.The actual sending of the e-mail can be achieved either by using existing mail server infrastructures or embedding the mail server in the payload of the malicious code. • Sharing programs infected with a Trojan horse. • Accessing Websites embedding malware. • Remaining in the computer memory and causing itself to be embedded in every program that is executed. • Infecting the boot sector of a computer’s hard disk so that the virus code is launched every time the computer is started. • Actively searching for data or programs on a computer’s storage device that the virus code can embed itself in. • Accessing shared resources such as shared file systems on file servers. • Actively using network connections to propagate (computer worms). See Also: Means of Infection;Virus;Worm. Media Access Control Address (MAC Address) (general term):An identifier stored inside a network card or similar network interface that is used to give unique addresses in the OSI model layer 2 networks and in the physical layer of the Internet Protocol suite.The MAC Addresses, assigned by the IEEE, are global in nature and used in a number of network technologies, including but not limited to Ethernet,Token ring, Bluetooth, and 802.11 wireless networks. Because the developers of Ethernet had the vision to use a 48-bit address space, there are a potential 248 (or 281 trillion) MAC addresses. Ethernet MAC addresses are typically given as a string of 12 hexadecimal digits. The first six digits identify the manufacturer of the card (comprising the Organizational Unique Identifier, or OUI), and the last six digits are assigned by the manufacturer (comprising the Burned-In Address, or BIA). The IEEE assigns the 24-bit OUI prefixes to organizations by allocating blocks of 224 (that is, about 16 million) MAC addresses at one time. In short, MAC addresses can be used for the authentication of computers. MAC addresses of modern network cards can be changed to arbitrary values. Thus, mechanisms based solely on MAC authentication are susceptible to spoofing attacks. See Also: Authentication; Bit and Bit Challenges; Computers; Ethernet; Internet. Further Reading: Farlex, Inc. MAC Address. [Online, May 13, 2005.] Farlex, Inc.Website. http://encyclopedia.thefreedictionary.com/MAC%20address. Megabyte (MB) (general term): Equal to 1024 KB or 1020 bytes. See Also: Bit and Bit Challenge; Byte; Kilobyte. Meinel, Carolyn (person; 1946– ): A computer security professional and engineer who has written many articles on hacking, worms, and viruses for Scientific American and is the author of several books, including The Happy Hacker: A Guide to Mostly Harmless Computer Hacking (2001) 209 Meinel, Carolyn and Uberhacker! How to Break Into Computers (2000). She started the online Happy Hacker Newsletter and has been a strong advocate of bringing women into computer security. Carolyn wrote the piece in Appendix A of this book entitled “How do hackers break into computers?” Her Website can be found at http://verbosity.wiw.org/issue6/meinel.html. See Also: Computer; Security; Uberhackers. Melissa worm (general term): In 1999, it took down much of the Internet for days, and at that time, the world had never seen a computer virus move so fast. Melissa, a Microsoft Word–based worm, replicated itself through email and came out of nowhere to take over computer systems in businesses, governments, and the military.The FBI commenced the biggest Internet personhunt ever to find Melissa’s developer. Eventually, the person suspected of creating the malware was a New Jersey resident by the name of David L. Smith. In 2002, Smith was sentenced to 20 months of jail time, a fine of $5,000, and 100 hours of community service upon his release. Many computer security technologies—including anti-virus software, firewalls, and mobile code—are based on the concept of querying the user with the question,“There is a security issue here; are you sure you want to continue?” Security professionals have long warned that this kind of dependency is unreliable because users have to be “lucky” in answering the questions right all the time—whereas a cracker needs to “get lucky” only a few times. In the case of the Melissa virus, every user who spread the virus was first prompted with the query, “This document contains macros; do you want to run them?” Inevitably, the users answered incorrectly, that is, they answered “yes.” See Also: Electronic Mail or Email; Federal Bureau of Investigation (FBI); Internet; Malware; Virus;Worm. Further Reading: Melissavirus.com. Melissa Virus. [Online, August 14, 2004.] Melissavirus.com Website. http://www.melissavirus.com; Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/ hacking-dict.html. Message (general term): Recorded information or a stream of data in plain or encrypted language put in a format specified for transmission in a telecommunication system. In the computer field, certain object-oriented programming languages such as Smalltalk and Objective-C use messages—actually instructions to an object—to perform particular tasks. In this context, a message is similar to a member function. In the Objective-C runtime environment, messages can still be forwarded even if an object does not recognize (that is, respond to) a particular message. See Also: Programming Languages C, C++, Perl, and Java. Further Reading: GNU Free Documentation License. Message. [Online, April 30, 2005.] GNU Free Documentation License Website. http://en.wikipedia.org/wiki/Message. Message Authentication Code (MAC) (general term): An ANSI standard in cryptography for a short piece of information used to authenticate a message based on DES. A message authentication code involves an algorithm (often a one-way hash function or a block cipher) that accepts a secret key and a message as input; it then produces a MAC (sometimes known as a tag). This process provides both an integrity check (by ensuring that a different MAC will result if the message has been altered) and an authenticity check (because only the person knowing the secret key could have produced a MAC). Meinel, Carolyn 210 See Also: American National Standards Institute (ANSI); Authenticity; Data Encryption Standard (DES); Hash, One-Way; Integrity. Further Reading: GNU Free Documentation License. Message Authentication Code (MAC). [Online, April 21, 2005.] GNU Free Documentation License Website. http://en.wikipedia.org/ wiki/Message_authentication_code. Message Digest MD5 (general term): A checksum confirming that the information has remained unchanged by computing a hash algorithm with the information after it is received.A hash function is a one-way operation changing any length of information string into a shorter one with a fixed length so that no two strings of information result in the same hash value.The resulting hash value is then compared to the hash value sent with the information. If the two values match, this result suggests that the information has not been changed; therefore, its integrity may be trusted. In August 2004, researchers reported that they found weaknesses in the prevalently utilized encryption tools thought to be secure, including Message Digest MD5. This is a big worry because MD5 is frequently used with digital signatures and to secure the open source Apache Web server products. It has also been adopted for use in programs such as PGP or SSL and in the only digital signature algorithm accepted by the U.S. government’s Digital Signature Standard.The flaws, warned the researchers, could allow powerful computers to read or potentially alter encrypted documents thought to be secure. See Also: Digital Signature; Hash, One-Way; Integrity; Pretty Good Privacy (PGP); Secure Sockets Layer (SSL). Further Reading: In Brief. Popular Crypto Flawed. The Globe and Mail, August 12, 2004, p. B7; Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Metcalfe’s Law (general term): Dr. Bob Metcalfe, inventor of Ethernet, once said that the network’s power grows exponentially by the number of computers linked to it. According to him, every computer added to the network not only utilizes the network as a resource but also adds more choice and value.This is Metcalfe’s Law. By the same token, it has been argued by security experts that the power of crack attacks grows exponentially as more crackers from developed, developing, and third-world countries get on the Internet, the information highway. See Also: Ethernet; Network. MI5 (general term): The United Kingdom’s security intelligence agency, which is based in Thames House, London. Its Director General is Eliza Manningham-Buller. The MI5 is responsible for protecting the country against threats to national security including terrorism, espionage, and the proliferation of weapons of mass destruction (such as biological warfare).This security service supports law enforcement agencies in fighting crime and provides security advice to a range of institutions and organizations so that they are better able to reduce their vulnerability to threats. See Also: Terrorism. Further Reading: Crown Copyright. MI5. [Online, 2004.] MI5 Website. http://www.mi5 .gov.uk/output/Page18.html. 211 MI5 Michelangelo virus (general term): In 1992, a virus scare centered on the Michaelangelo virus. Up to five million computers were estimated to be targets for infection by the virus, according to John McAfee, producer of McAfee’s virus-scan software. Millions of dollars were spent by companies, institutions, and government agencies to prepare for this possible cyber Apocalypse— which turned out to be no more than a minor virus scare.The virus received its name from the day on which it was expected to strike—Michelangelo’s birthday. Because of McAfee’s obvious error in predicting a potential cyber Apocalypse, his IT career ended. However, McAfee left with a nice “golden parachute” from the anti-virus software company he founded. See Also: Anti-Virus Software; Cyber Apocalypse; Malware; McAfee, John Company;Virus. Further Reading: Colgate University Computer Science.The Virus Scare. [Online, 2004.] Colgate University Computer Science Website. http://cs.colgate.edu/faculty/nevison.pub/ web150/virus/Helenfolder/virusscarelink.htm. Microsoft Exchange Server (general term) Microsoft’s implementation of an Internet mail server. It serves as a central communication platform for organizations with its calendar, meeting scheduling, and form-handling functionality. It works best with the specialized client program Outlook. See Also: Electronic Mail or Email; Internet; Mail Subsystem; Server. Middleware (general term): An application connecting two separate applications. Middleware systems provide functionality such as distribution of components, deployment, and transaction services that developers can integrate into their own applications without having to worry about implementation details. In 2006, Microsoft’s .NET architecture and various implementations of Sun Microsystems’ J2EE Standard were popular forms of middleware. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. MIME or Multipurpose Internet Mail Exchange (general term): A protocol that permits users to send and receive files using email via the Internet. Since its inception, MIME has been adopted in other domains as well.Web servers use MIME extensively to establish the type of data to be served out to clients.This establishment is typically done via server-side MIME settings and the “Content Type” field in the HTTP header, informing the Web client (browser) about the type of data to be sent.The information about the content type allows the client to launch an appropriate application to display the content. See Also: Electronic Mail or Email; Internet. Misconfiguration Problems (general term): A major cause of field problems with network appliances, meaning that the system configuration is not perfect.This is an odd event because, in principle, an appliance is supposed to be a simple computer system specially designed to perform a single task, and an appliance system is supposed to be relatively easy to configure and use. However, making appliances work well in a network in a variety of application environments often has considerable configuration complexity. One reason for the complexity is that an appliance in use is only part of a complex, distributed system. For example, the performance of a file server is contingent on the performance of a distributed system.A distributed system is made up Michelangelo virus 212 of a client system (usually an all-purpose computer system) connected to the file server through a potentially complicated network fabric (including cables, routers, switches, patch panels, and so on).These components commonly come from various vendors, meaning that they all need to be configured and function well together if the file server is to function at its best. Unfortunately, this positive outcome does not occur for a number of technical reasons, as outlined in the 2000 technical piece by G. Banga. See Also: Computer; Network; Routers; Switch. Further Reading: Banga, G. Misconfiguration. [Online, April 24, 2000.] Gaurav Banga Website. http://www.usenix.org/publications/library/proceedings/usenix2000/general/full_ papers/banga/banga_html/node4.html. MIT Tech Model Railroad Club (general term): In the 1960s, the MIT all-male computer geeks had an incurable curiosity about how things worked in the real world and in the cyber world. Back then, computers were huge mainframes stored in temperature-controlled, glassed-in lairs. These slow machines were expensive hunks of metal (called PDP) that allowed computer programmers only very limited access. Nevertheless, the Signals and Power committee of MIT’s Tech Model Railroad Club chose the PDP-6 and PDP-10s as their favorite “tech toy.” Because of the computer’s slow pace, the smarter programmers created what back then were called “hacks,” or creative programming tricks, to complete their jobs faster. Sometimes their shortcuts were more beautiful than the original programs. See Also: Good Hack. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Mitnick, Kevin (a.k.a. Condor) (person; 1963– ): Born in 1963, he is one of the most famous American crackers to serve time in prison. He is now a security consultant and author of security books, including the popular The Art of Deception: Controlling the Human Element of Security. In 2003, at the DefCon hacker convention in Las Vegas, Mitnick networked with the young hacker community and wound up winning the Hacker Jeopardy contest. In July, 2004, Mitnick signed books at the HOPE 5 hacker convention in New York City and at the Black Hat Briefings and Training in Las Vegas. Mitnick is a cult figure in the Computer Underground. Whenever he is scheduled to speak on various computer security issues at hacker conventions, he usually draws a large crowd and much publicity. Once on the FBI’s most-wanted criminal list and a past cyber colleague of cracker Susan Thunder, Mitnick was imprisoned in February 1995 on charges of wire fraud and possessing computer files stolen from Nokia, Motorola, and Sun Microsystems. His capture was detailed in the book and movie Takedown (described in more detail in the Schell, Dodge with Moutsatsos book The Hacking of America). See Also: Black Hat Briefings; Cracker; Federal Bureau of Investigation (FBI); HOPE (Hackers On Planet Earth); Security; Shimomura,Tsutomu;Thunder, Susan and Kevin Mitnick Case. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. 213 Mitnick, Kevin Mobile Code (general term): Software that is transmitted from a host to a client (that is, another computer) so that it can be executed, or run. A virus and a worm are two common types of malicious mobile code. Applets that are embedded in Web sites to perform some computation on behalf of the user (such as a stock tracker) are examples of nonmalicious mobile code. See Also: Code or Source Code; Host; Malware;Virus;Worm. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Modem (general term):Acronym for Modulator Demodulator, which changes information from analog form (such as that used on telephone lines) to digital form (such as that used on computers) for computer-to-computer communications. Though modems can transmit information at maximum rates of 56,000 bits per second (bps) or 56 kbps, limitations in the telephone system realistically produce modem speeds at 33.6 kbps or lower in practice.Today, modems for cable and DSL service are called digital modems, whereas those used for dial-up service are called analog modems. This terminology is somewhat misleading because all modems actually involve analog signaling. “Digital” relates to enhanced digital processing in the service provider’s systems and not within the modem per se. Cable modems and DSL modems utilize broadband signaling methods to obtain dramatically higher network speeds than traditional modems were able to obtain. See Also: Cable Modem; DSL; Modem. Further Reading: About, Inc. Modem. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/library/glossary/bldef-modem.htm. MOO (general term): Acronym for MUD, Object-oriented. See Also: LambdaMoo; MUD. Moore’s Law (general term): In the late 1960s, Gordon Moore, one of the founders of Intel, said that computer power doubles roughly every 12 to 18 months.This statement—now known as Moore’s Law—has been amazingly accurate for more than four decades. See Also: Computer. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Morris Worm (general term): Unleashed on November 3, 1988, it—named after its developer, Robert Morris—crashed the Internet by exploiting bugs in several UNIX programs, including sendmail and finger. See Also: Exploit; Sendmail; UNIX;Virus;Worm. Mosquito Virus (general term): Made the rounds in August 2004, forcing some cell phones based on the Symbian operating system software to produce very expensive text messages for its owners.The virus resided in an illegal copy of the cell-phone game “Mosquito” and was available for free on the Internet and on peer-to-peer (P2P) networks. See Also: Internet; Network; Operating System Software; Peer-to-Peer (P2P). Further Reading: In Brief. Mosquito Virus Bites Phones. The Globe and Mail, August 12, 2004, p. B7. Mobile Code 214 Moss, Jeff (a.k.a.The Dark Tangent) (person; 1970– ):A computer security professional who is the founder and CEO of Black Hat (Security) Briefings and Training in Las Vegas, Asia, and Europe. Moss is also a computer security book author and the organizer of DefCon. Besides being a hacker, he is an entrepreneur with a vision for marketing computer security issues of concern to companies, government agencies, and medical and educational institutions. He habitually opens the Black Hat Briefings and Training in Las Vegas at the end of July in each year. An interview with Jeff regarding Black Hat Europe 2004 can be found at this Website: http:// www.itvc.net/blackhat04/moss.asp. See Also: Black Hat Briefings; DefCon; Hacker. Further Reading: Black Hat, Inc. Black Hat Briefings Upcoming Conventions. [Online, June 6, 2006.] Black Hat, Inc.Website. http://www.blackhat.com/html/bh-link/briefings.html. MUD (general term):A multi-user dungeon scenario used in computer gaming. See Also: LambdaMOO. Multicast (general term):To send an online message simultaneously to a list of recipients on the network. See Also: IP Address; Ethernet; Network. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Multi-Homed Hosts (general term): Refers to systems with more than one network interface that do not function as routers because they do not forward packets. Multi-Homed Hosts are sought-after targets for crackers, because they connect to a number of different segments of a local network and, therefore, can serve as an excellent plotform for further attacks. See Also: Host; Packet; Routers. Further Reading:Wasserman, M. Multi-homed host. [Online,August 15, 2004.] Hypermail Development Center Website. http://dict.regex.info/ipv6/multi6/2002-10.mail/0000.html. Multipartite Virus (general term): Uses more than one Means of Transmission or more than one Means of Infection. An example is the infection of an executable program and the boot sector, such that a mutual re-infection can take place after one of the two infections is detected and removed, thus keeping the virus alive. See Also: Means of Infection; Means of Transmission;Virus. Mutex (Mutual Exclusion Object) (general term): A programming concept that serializes access to a shared resource, such as a file or data in memory. Frequently, this serialization is necessary to protect the resource from being changed in an inconsistent manner. Poorly designed Mutual Exclusion Objects are targets of crackers looking for a possible path for an attack. Mydoom and Doomjuice Worms (general term): Around January 27, 2004, the MyDoom worm wreaked havoc on computer systems by leaving a back door—thereby permitting a cracker to gain access to computers infected by the worm at some later time. Several forms of the worm roamed the Internet in July 2004. Malicious programs related to Mydoom had been released under the names Doomjuice and Zindos. At the height of the release of these worms, 215 Mydoom and Doomjuice Worms Microsoft issued alerts urging users to take action to remove these worms and to keep their computers safe from other malicious intrusions by installing security features such as anti-virus software and firewalls. See Also: Back or Trap Door; Intrusion;Worm. Further Reading: Microsoft Corporation.What You Should Know About the Mydoom and Doomjuice Worms. [Online, July 30, 2004.] Microsoft Corporation Website. http://www .microsoft.com/security/incident/mydoom.mspx. Mydoom and Doomjuice Worms 216 Name Server (general term): A network server that provides the Domain Name Service (DNS). See Also: Domain Name System. Napster (general term): Once boasting millions of registered users, Napster Inc. was one of the hottest network software applications in history because it allowed its members to exchange music files over the Internet for free. Napster Inc. implemented a quite simple IP-based protocol for communicating information as well as control operations, and it used a custom-name space that was in some ways similar to but in other ways sufficiently different from DNS. Shawn Fanning and Sean Parker developed Napster Inc. in their Northeastern University dormitory room, and they must have been pleased to see that their vision became a huge success in the late 1990s. However, Napster’s success was rather short lived. Because the network traffic generated by Napster downloads flooded some university networks, a few institutions prevented it from entering their networks by blocking ports. Challenges brought about by DMCA—costing millions of dollars to the music industry—eventually put the original Napster Inc. out of business. The original Napster Inc. helped, however, to popularize peer-to-peer (P2P) network computing. Because of its popularity, Napster was reestablished in 2004 as a commercial music-download service through which users pay for downloaded songs.This made the service compatible with the particulars of the DMCA.Working with some of the original Napster Inc.’s employees and investors, Shawn Fanning, now in his mid-twenties, formed Snocap, Inc.The new company has a registry that allows recording companies to set the pricing terms under which their music can be sold to online consumers. See Also: Digital Millennium Copyright Act (DMCA); Domain Name System (DNS); Flooding; Internet Protocol (IP); Online File Sharing; Peer-to-Peer (P2P); Record Industry Association of America (RIAA) Legal Cases. Further Reading: About, Inc. Napster. [Online, 2004.] About, Inc.Website. http://compnetworking. about.com/cs/napsterp2p/g/bldef_napster.htm; Wingfield, N. Napster’s Fanning Back in Business. The Globe and Mail, December 3, 2004, p. B10. National Center for Supercomputing Applications (NCSA) (general term): Created by the National Science Foundation (NSF) in 1986 as one of five centers for supercomputing research in the United States. The NCSA is based at the University of Illinois in Urbana- Champaign. Researchers at NCSA created Mosaic, one of the very first Web browsers, and HTTP server programs. See Also: Browser. National Cybersecurity Defense Team Authorization Act (legal term): Allowed the U.S. President’s Advisor for Cyberspace Security to set up a National Cyber Security Defense Team to identify Internet infrastructures vulnerable to terrorist attacks and to recommend ways of eliminating such vulnerabilities. On March 5, 2002, the Act was referred to the Committee on the Judiciary. On May 23, 2002, the bill was placed on the Senate Legislative Calendar under General Orders, but was not passed in this form. See Also: Cyberspace; Internet;Vulnerabilities of Computers. Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet. [Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/ legislation/107th/wiretaps/. National Cyber Security Division (NCSD) (general term): In 2003, the U.S. Department of Homeland Security (DHS) started the National Cyber Security Division, or NCSD, under the jurisdiction of the Department’s Information Analysis and Infrastructure Protection Directorate. Its purpose was to oversee a Cyber Security Tracking, Analysis and Response Center (CSTARC). CSTARC’s role was to conduct analysis of cyberspace threats and vulnerabilities, improve information sharing, issue alerts and warnings for cyber threats, respond to major cyber security incidents, and aid in national-level recovery efforts. See Also: Analysis and Response Center; (CSTARC); Cyber Security Tracking; Department of Homeland Security (DHS). Further Reading: Wilson, C. CRS Report for Congress: Computer Attack and Cyberterrorism:Vulnerabilities and Policy Issues for Congress. [Online, October 17, 2003.] CRS Report Website. http://www.fas.org/irp/crs/RL32114.pdf. National Director for Cyber Security (general term): In September 2003, the Department of Homeland Security (DHS) announced that Amit Yoran would be the National Director of its Cyber Security Division.Yoran was responsible for implementing recommendations to improve national cybersecurity in the United States. He stepped down from his position on September 30, 2004. Andy Purdy, who served as Deputy Cyber-security Director under Amit Yoran, acted as interim director.Yoran went on to become President of Yoran Associates, a technology strategy and risk-assessment company in Virginia. On April 20, 2005,Yoran appeared before the Homeland Security Subcommittee on Economic Security, Critical Infrastructure Protection, and Cybersecurity. He spoke to the House of Representatives about HR 285:The Department of Homeland Security Cybersecurity Enhancement Act of 2005. See Also: Critical Infrastructures; Critical Networks; Department of Homeland Security (DHS). Further Reading: Committee on Homeland Security. Statement by Amit Yoran: HR 285: The Department of Homeland Security Cybersecurity Enhancement Act of 2005. [Online, May 15, 2005.] Committee on Homeland Security Website. http://hsc.house.gov/files/Testimony_ Yoran_2005-04-20.pdf; MacMillan, R. Purdy Tapped as Cyber-Security Director. [Online, October 7, 2004.] Washington Post Website. http://www.washingtonpost.com/wp-dyn/articles/ A12240-2004Oct6.html. National High-Tech Crime Unit (NHTCU) (general term): Located in the United Kingdom. This organization conducted a survey among businesses in 2003 to determine how much money they lost from computer security breaches over the previous twelve months.The NHTCU found that security breaches cost U.K. businesses an estimated £143m during that National Cybersecurity Defense Team Authorization Act 218 period.The 105 businesses surveyed said there were 3,000 incidents among them.The breaches included information theft, virus attacks, and the physical loss of hardware (such as laptops). Similar surveys have been jointly conducted in the United States by the CSI and FBI. As is the case with these annual U.S. surveys, a number of companies chose not to participate in the U.K. survey. Moreover, as in the United States, in many cases of computer intrusions U.K. organizations believe that they have more to lose in terms of damage to their brand and customer confidence if they report the breaches to the police than if they keep quiet and have their security experts try to deal with the intrusions.This belief is the nature of the problem facing the police and businesses trying to curb system intrusions by getting a better handle on the number of intrusions and particulars on these intrusions. For this reason, information security exploit reporting was one of the topics for discussion at the 2004 e-crime congress, organized by the NHTCU.Without accurate figures and with very few financial institutions willing to discuss the subject, affirmed the NHTCU, it is possible to present only a rough estimate of the level of electronic crime existing in the U.K. and elsewhere. See Also: Computer; CSI/FBI Survey. Further Reading: Moores, S. Security: No Place to Hide. [Online, September 16, 2003.] ComputerWeekley.com Website. http://www.computerweekly.com/Article124889.htm. National Homeland Security and Combating Terrorism Act of 2002 (legal term): In 2002, U.S. Senator Joseph Lieberman, D-CT, brought in the National Homeland Security and Combating Terrorism Act of 2002 to set up the Department of National Homeland Security and the National Office for Combating Terrorism. The Act was sent to the Committee on Governmental Affairs on May 2, 2002, and on June 24, 2002, it was placed on the Senate Legislative Calendar. It was never passed in this form. For additional information on creation of the Department of Homeland Security (DHS), see H.R. 5005, which became Public Law 107-296 on November 22, 2002. See Also: Department of Homeland Security (DHS);Terrorism. Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet. [Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/ legislation/107th/wiretaps/. National Imagery and Mapping Agency (NIMA) or National Geospatial-Intelligence Agency (NGA) (general term): Headquartered in Bethesda, Maryland, the agency was established under the name NIMA on October 1, 1996, and was renamed to NGA in 2004. Because it has clients beyond the boundaries of the U.S. Department of Defense, this agency was originally designated as a part of the broader U.S. Intelligence Community.The formation of this agency centralized imagery and mapping responsibilities, a step toward achieving the Department of Defense’s so-called mission of “dominant battle space awareness.”This agency was developed to capitalize on enhanced collection systems, digital processing technology, and the future growth in commercial imagery. Its goal was to provide up-to-date, accurate, and important intelligence of a geospatial nature to support the national security of the United States.The objectives of NGA remain as originally created. See Also: Intelligence; U.S. Intelligence Community. 219 National Imagery and Mapping Agency or National Geospatial-Intelligence Agency Further Reading: GNU_FDL. National Geospatial Intelligence Agency. [Online, 2004.] GNU Free Documentation License Website. http://www.wordiq.com/definition/NIMA. National Information Infrastructure Protection Act of 1996 (legal term): In October of 1996, the U.S. National Information Infrastructure Protection Act of 1996 was passed as part of Public Law 104-294. It made changes to the Computer Fraud and Abuse Act, codified at 18 U.S.C. § 1030.The changes were meant to add strength to that Act by closing legal voids to more ably protect the confidentiality, integrity, and security of computer information and networks. See Also: Computer; Computer Fraud and Abuse Act of 1986; Integrity; Network. Further Reading: U.S. Department of Justice.The National Information Infrastructure Act. [Online, May 15, 2000.] U.S. Department of Justice Website. http://www.usdoj.gov/criminal/ cybercrime/s982.htm#I. National Infrastructure Protection Center (NIPC) (general term):A U.S. agency that investigates threats to critical infrastructures and provides warnings regarding likely attacks to banks, emergency services, utilities, government operations, telecommunications, and water systems. See Also: Attack; Blended Threats; Critical Infrastructures; Critical Networks Telecom. National Institute of Standards and Technology (NIST) (general term): Started in 1901, NIST is a federal agency embedded in the U.S. Commerce Department’s Technology Administration, whose goals are to develop and advance measurement, standards, and technology to improve productivity in the United States, stimulate trade, and elevate the quality of life for citizens. In January 2005, NIST’s Information Technology Laboratory released its Special Publication 800-65, delineating the important risk variables that should be taken into consideration by an agency’s capital and investment planning process so that policies are consistent with the Federal Information Security Management Act (FISMA) and with current NIST standards. NIST fulfills its purpose by maintaining four cooperative programs.These include the NIST Laboratories, which conduct research to promote the technology infrastructure and improve services and products; the Baldrige National Quality Program, which campaigns for performance excellence among educational institutions, health care providers,manufacturers, and service companies through outreach programs and by managing the Malcolm Baldrige National Quality Award Program; the Manufacturing Extension Partnership, which offers assistance in technical and business matters relating to smaller companies, in particular; and the Advanced Technology Program, which promotes the development of innovative technologies by co-funding Research and Development (R & D) partnerships with private companies. NIST plays a key role in encryption by being the primary organization responsible for AES (Advanced Encryption Standard)—therefore driving the encryption standard that most large entities strive to implement. See Also: Risk. Further Reading: Hash, J.S. Integrating IT Security Into the Capital Planning and Investment Control Process. [Online, January 30, 2005.] NIST Website. http://csrc.nist.gov/publications/ nistpubs/index.html; National Institute of Standards and Technology. NIST. [Online, August 2, National Imagery and Mapping Agency or National Geospatial-Intelligence Agency 220 2004.] National Institute of Standards and Technology Website. http://www.nist.gov/ public_affairs/general2.htm. National Reconnaissance Office (NRO) (general term): Set up by the U.S. Defense Department in 1992.The NRO Director is typically appointed by the Secretary of Defense and is responsible for consolidating into one program all Department of Defense air vehicle and satellite overflight projects for intelligence.This mission is defined as the National Reconnaissance Program. The NRO works with the Defense Space Operations Committee (DSOC) on budgets, policy, programs, and requirements.The NRO also performs operations approved by the Defense Space Operations Committee and establishes interfaces between the Defense Intelligence Agency, the Joint Chiefs of Staff, the National Reconnaissance Office, the National Security Agency, and the U.S. Intelligence Board. Moreover, when needed, the NRO utilizes qualified personnel from the Department of Defense as full-time personnel in the NRO. See Also: Defense Intelligence Agency (DIA); Intelligence; National Security Agency (NSA). Further Reading: Aftergood, S. NRO Organization. [Online, March 11, 1996.] National Reconnaissance Office Website. http://www.fas.org/irp/nro/nroorg.htm. National Security Agency (NSA) (general term):The U.S. organization that coordinates and directs highly specialized activities to protect information systems and to produce foreign intelligence. On March 3, 2005, the NSA said that it constructed Linux-version security tools to assist in making the U.S. computing infrastructure less vulnerable to intruders. Its success, however, depends on its being adopted by companies and government agencies alike—an outcome that is not all that predictable. After the NSA took a risk in 2000 on the then-emerging Linux operating system, the NSA turned more recently to open-source code.These efforts have produced the NSA’s Security Enhanced Linux technology—which the agency says should raise the country’s overall level of cybersecurity. See Also: Intelligence; Linux; Risk. Further Reading: Farlex, Inc. NSA. [Online, 2004.] Farlex, Inc. Website. http://www .thefreedictionary.com/NSA; Greenemeier, L. Linux Security Rough Around the Edges, But Improving. [Online, March 3, 2005.] CMP Media LLC Website. http://www.informationweek .com/story/showArticle.jhtml?articleID=60405086. National Strategy to Secure Cyberspace (general term): A report published in 2003 by the U.S. government to encourage companies in the private sector to improve computer security.The U.S. government was especially concerned about computer security related to critical infrastructures. Moreover, federal agencies were to set the example for “walking and talking” the best cyber-security practices. In this report, the government also said that it reserved the right to respond in an appropriate manner if the United States were to be hit with cyberwarfare. It also noted that if a cyberwar were to occur, the United States could retaliate using cyber attack tools or malicious code designed to crack and disrupt the adversary’s computer systems. Another issue raised in the report was whether the National Strategy to Secure Cyberspace can safely trust that voluntary actions would be taken by private firms, home computer users, 221 National Strategy to Secure Cyberspace universities, and government agencies to protect their networks.The report also raised the possibility of bringing in regulations to ensure best security practices. Critics against such regulations argued that they not only would interfere with innovation but also possibly harm the country’s economic competitiveness. See Also: Attack; Blended Threats; Computer; Critical Infrastructures; Cyber Apocalypse; Cyberspace; Cyber Terrorism; Cyber Warfare; Network;Trust. Further Reading: Wilson, C. CRS Report for Congress: Computer Attack and Cyberterrorism:Vulnerabilities and Policy Issues for Congress. [Online, October 17, 2003.] CRS Report Website. http://www.fas.org/irp/crs/RL32114.pdf. National-Level Guidance for Launching Computer Network Attacks (general term): In February 2003, President George W. Bush announced plans to develop national-level guidance to assess when and how the U.S. would launch computer network attacks against an adversary’s computer systems, because such attacks could cause considerable retaliation. A controversial issue for the U.S. Congress has been that any cyber attack response by the U.S. military could be viewed by other nations as an unprovoked first strike against a targeted terrorist group. Moreover, the use of cyber weapons by the U.S. could also be argued to exceed the customary rules of military conflict, known as the International Laws of War. Also, the effects of offensive cyber weapons could be difficult to limit; for there is, after all, the possibility that malicious code aimed against terrorist groups could accidentally infect large numbers of systems on the Internet. Thus, such a move could have the unintended effect of shutting down the critical infrastructure systems of countries friendly to the United States. See Also: Attack; Computer; Internet, Network;Terrorist-Hacker Links. Further Reading: Wilson, C. CRS Report for Congress: Computer Attack and Cyberterrorism:Vulnerabilities and Policy Issues for Congress. [Online, October 17, 2003.] CRS Report Website. http://www.fas.org/irp/crs/RL32114.pdf. NCC or RIPE NCC (general term): The Réseaux IP Européens Network Coordination Centre, one of five regional Internet registries assigning and administering IP addresses. RIPE NCC was started in 1989 as a nonprofit organization that gives IP numbers in Europe, the Middle East, and parts of Africa and Asia. See Also: Internet; IP Address. Further Reading: Jupitermedia Corporation. What is RIPE NCC? [Online, February 5, 2003.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/R/RIPE_ NCC.html. Net Police (general term): Online users who take it upon themselves to flame (that is, to insult and denigrate) those failing to display online etiquette (netiquette). NetBIOS (general term): Software developed by IBM that provides the interface between the PC operating system, the i/o bus, and the network. Since its design, NetBIOS has become a de facto standard, making it the target of crackers because of its many Windows vulnerabilities. Netcat (general term): A simple but powerful tool that can connect two hosts on the Internet so that data can be sent. Because Netcat can use any port, it is frequently used to hide an National Strategy to Secure Cyberspace 222 attacker’s control connection to a compromised computer behind an apparently legitimate connection. See Also: Computer; Internet; Port and Port Numbers. Netmasks (general term): A bit field used in version 4 of the Internet Protocol to calculate the network part from a given IP Address by using a binary AND operation. See Also: Bit and Bit Challenges; Internet Protocol (IP); IP Address. NetProwler Agent (general term): A component monitoring network traffic to detect, identify, and respond to crack attacks. See Also: Attack; Cracking; Network. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Net-Runners (general term): See Crackers. NetWare Operating System (general term): Among the earliest products to create Personal Computer networks, which were introduced in the late 1980s. NetWare emphasizes file and print serving capabilities.Today it is installed on millions of computers worldwide. See Also: Computer; Local Area Networks (LAN). Further Reading: About, Inc. Netware. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/library/glossary/bldef-netware.htm. Network (general term): A group of computers and related devices connected by communications hardware and software to share data and peripherals such as printers and modems. See Also: Local Area Network (LAN). Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Network Address Translation (NAT) (general term):Allows an Internet Protocol (IP) network to translate public IP addresses into private ones.NAT, a popular technology for Internet connection sharing, is at times used in server load-balancing applications on networks in corporations. One of the most popular configurations is to have NAT map all the private IP addresses on a small local network to the single IP address assigned through an Internet Service Provider (ISP), thus allowing local systems to use a single Internet connection. In addition, NAT improves network security by preventing external computers from accessing the home network IP space. NAT intercepts both incoming and outgoing IP traffic and adjusts the addresses according to its translation rules. NAT changes the source or destination address in the packet header (and adjusts the checksums) to perform the desired mapping.NAT performs either fixed or dynamic translations of one or more IP addresses.Typically, NAT’s functionality is implemented on routers and other gateway systems at the network’s boundary. Microsoft’s Internet Connection Sharing (ICS) adds NAT support to the Windows operating system. See Also: Internet Protocol (IP); Internet Service Provider (ISP); IP Address. Further Reading: About, Inc. NAT. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/cs/tcpipaddressing/g/bldef_nat.htm. 223 Network Address Translation (NAT) Network Attached Storage Server or NAS (general term): Permits files to be stored and retrieved on a network. The NAS authenticates users and manages file operations in much the same way as traditional file servers do through protocols such as NFS and CIFS/SMB, but at a much lower cost. Rather than use all-purpose computer systems with Windows XP, which drives up the price, NAS tends to use a small operating system embedded in a simplified hardware platform. Though NAS boxes support hard drives and at times tape drives, they do not have input/output devices such as a monitor or keyboard. NAS is easier to manage than a file server because it is designed specifically for network storage. Attacks to these systems are not widely known, but that might be because they are not yet widely installed throughout industry. See Also: Network; Network File Systems (NFS). Further Reading: About, Inc. NAS. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/library/glossary/bldef-nas.htm. Network File Systems (NFS) (general term): A file-sharing protocol used on UNIX and Linux computers. Because NFS was not designed with security concerns taken into consideration, it has some reported design vulnerabilities. See Also: Linux; UNIX;Vulnerabilities of Computers. Network Hackers (general term): See Crackers. Network Operating System (NOS) (general term): Implements protocol stacks and device drivers for networking hardware. Some operating system software (such as Windows 98, Second Edition, and later versions) also has networking features such as Internet Connection Sharing (ICS). NOS has been in existence for more than thirty years.The UNIX operating system was designed right from the start to effectively support networking. See Also: Network; Operating System Software; Protocol. Further Reading: About, Inc. NOS. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/library/glossary/bldef-nos.htm. Neumann, Peter G. and Concerns About a Cyber Apocalypse (general term): In the early 2000s, the Defense Advanced Research Projects Agency (DARPA) funded no fewer than 12 key computer security projects under the umbrella of the Composable High-Assurance Trustworthy Systems (CHATS) program. Peter G. Neumann from the Stanford Research Institute Computer Science Laboratory led one of those key projects. The emphasis in the CHATS program was on trustworthy open-source operating systems having trusted components. A technical paper on the results of the project appeared in the 2003 DISCEX03 proceedings Achieving Principled Assuredly Trustworthy Composable Systems and Networks. In a less technical piece appearing in The New Yorker in May 2001, Peter G. Neumann underscored his concerns about the possibility of the cyber-criminal arm causing a Cyber Apocalypse. What worried Neumann was “the big one.” Because malicious crackers can get into the United States’ most critical computers in just a few minutes and clear a third of the computer drives in America in a single day, or because they could shut down the power grids and emergency-response systems of numerous states, Neumann warned in his piece that the Internet lies in wait for its Chernobyl. Moreover, Neumann said that he does not believe the wait will be much longer. Network Attached Storage Server or NAS 224 See Also: Cybercrime and Cybercriminals; Internet, Cyber Apocalypse; Open Source; Security;Trust. Further Reading: Specter, M. The Doomsday Click. The New Yorker. May 28, 2001, p. 101–107; SRI International Computer Science Laboratory. Peter G. Neumann. [Online, 2004.] SRI International Computer Science Laboratory Website. http://www.csl.sri.com/users/ neumann/neumann.html. Newbies or Scriptkiddies (general term): Relatively inexperienced crackers in the Computer Underground who tend to rely on prefabricated software to do their cracking exploits. See Also: Computer Underground (CU); Crackers; Exploit. Nibble (general term): Half of a byte (4 bits). See Also: Byte. NIMDA worm (general term): A costly worm that first struck computers on September 18, 2001, and was still around in August 2002. NIMDA is thought to have cost about $500 million in damages as corporations repaired their networks and added virus protection software and other security services.Without any assistance from computer users, the NIMDA worm spread quickly through Windows 2000 computers on the Internet. See Also: Computer; Internet; Malware; Network;Virus;Worm. Further Reading: Bruck, M. The Key to Eradicating Viruses and Bugs. [Online, August 5, 2002.] Entrepreneur.com, Inc. Website. http://www.entrepreneur.com/article/ 0,4621,302155,00.html. NMAP (general term): Short for Network Mapper, an open source utility for exploring networks or doing a security audit. It is available without charge and was developed to quickly scan large networks. It performs well in this environment as well as with single hosts. Nmap utilizes raw IP packets in novel ways to ascertain a number of things, including which hosts are available on the network, which services a host is offering (including application name and version), which operating system software and OS version is running, what type of packet filters/firewalls are being utilized, and more. Nmap runs on most types of computers (with console and graphical versions obtainable) and is obtainable with complete source code under the terms and conditions of the GNU GPL. See Also: Audit Trail; Code or Source Code; Firewalls; Internet Protocol (IP);Network;Open Source; Operating System Software. Further Reading: Insecure.org. Nmap. [Online, 2004.] Insecure.org Website. http://www .insecure.org/nmap/. Node (general term): Any devices attached to a telecommunications network such as cell phones, computers, personal digital assistants (PDAs), and other network appliances. In the IP domain, any device having an IP address is called a node. Servers in a clustering setting, such as database clusters or Web farms (large installations of Web servers), are also called nodes. See Also: Internet Protocol (IP); IP Address; Network;Telecom. Further Reading: About, Inc. Node. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/library/glossary/bldef-node.htm. 225 Node Nonrepudiation (general term):Term that can be used in the legal sense and in the cryptotechnical sense. In a legal sense, someone who signs a legal paper is permitted to “repudiate” a signature that has been attributed to him or her. A forged signature is one example of repudiation; a true signature obtained under conditions of duress is another. The term “nonrepudiation” crypto-technically means that during authentication, a service providing proof of the integrity and origin of the information can be verified by a third party at any time. Put another way, nonrepudiation means that during authentication, the information can be found to be genuine with high assurance; for this reason, chances are slim that it could be refuted afterward. See Also: Authentication; Cryptography or “Crypto”; Signature. Further Reading: McCullagh, A. and Caelli, W. Non-repudiation in the Digital Environment. [Online, August, 2000.] First Monday Website. http://www.firstmonday.dk/ issues/issue5_8/mccullagh/. NSA National Computer Security Center (NSA/CSS) (general term):A U.S. government group in the National Security Agency (NSA) that assesses computing equipment for highsecurity applications to make sure that the firms processing classified and sensitive information are using trusted computer systems and parts. NCSC was started in 1981 as the Department of Defense Computer Security Center. It received its current name of NSA/CSS in 1985. The NSA/CSS encourages businesses, educational institutions, and government agencies to advance research and standardization efforts to ensure that secure information systems are designed.The NSA/CSS also distributes information about issues dealing with secure computing. It does this in part by holding an annual National Information Systems Security Conference. On February 15, 2005, President George W. Bush announced that he was considering making the NSA the online traffic police for helping agencies to share homeland security information in a secure fashion across government computer networks.To this end, on March 2, 2005, the NSA presented its recommendations for securing U.S. government sensitive and unclassified documents. Elliptic Curve Cryptography (ECC), a public key cryptosystem produced by Canadian company Certicom Security Architecture,was recommended by the NSA to assist in this regard. ECC’s advanced cryptography algorithms known as Suite B were of particular interest to the NSA.The public key protocols included in Suite B were Elliptic Curve Menezes-Qu-Vanstone (ECMAQ) and Elliptic Curve Diffie-Hellman (ECDH) for key agreement.The Elliptic Curve Digital Signature Algorithm (ECDSA) was included for authentication. The Advanced Encryption Standard (AES) for data encryption and SHA for hashing were also part of the recommended suite. Other countries besides the United States are becoming concerned about cyber security for government documents. For example, during the week of February 15, 2005, the Auditor General for Canada, Sheila Fraser, warned that federal agents in Canada are failing to keep up with the crackers, making confidential government documents vulnerable. Fraser said that she was disappointed that the Canadian government did not meet its own minimum standards for IT security, despite the fact that guidelines had been available for almost a decade. As a case in point cited by Fraser, in May, 2004, the Treasury Board Secretariat surveyed 90 government departments and found that of the 46 departments that responded, only one agency Nonrepudiation 226 met the minimum requirements of the Canadian government’s security policy and related online standards. Even worse, the survey results showed that 16% of the departments did not have any information security policy, and more than 25% of the departments did not have a policy requiring a plan to keep critical systems and services running if a major cyber attack or power blackout occurred. See Also: Algorithm; Diffie-Hellman Public-Key Algorithm (DH); Digital Signature; Encryption or Encipher; National Security Agency (NSA). Further Reading: Bridis, T. White House Eyes NSA for Network ‘Traffic Cop.’ [Online, February 15, 2005.] The Washington Post Website. http://www.washingtonpost.com/wp-dyn/ articles/A25583-2005Feb15.html; Canoe Inc. Security Gaps in Federal Computers. [Online, February 15, 2005.] Canoe Inc. Website. http://cnews.canoe.ca/CNEWA/Canada/2005/ 02/15/931808-cp.html; TechTarget. National Computer Security Center. [Online, February 2, 2001.] TechTarget Website. http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_ gci519382,00.html; The Globe and Mail. U.S. Government to Rely on Canadian Cryptography. [Online, March 2, 2005.] The Globe and Mail Website. http://www.globetechnology.com/ servlet/story/RTGAM.20050302.gtcrypto0303/BNStory/Technology/. NSF (National Science Foundation) and NSFnet (general term): A U.S. government agency that has funded the development of a cross-country backbone network, as well as regional networks designed to connect scientists over the Internet, thereby taking on the term NSFnet. Nuking (general term): A form of abuse found in Internet chat rooms. An example of nuking is sending someone a large number of ICMP or other high-priority packets, thus provoking a Denial of Service attack. If the victim has a low connection speed compared to the sender’s, he or she may get dropped from various Internet services (such as IRC), because his or her machine is so busy handling the high-priority packets that it does not handle the lower-priority packets before it idles out. See Also: Denial-of-Service (DoS); Internet Control Message Protocol (ICMP); Internet Relay Chat (IRC); Packet. Further Reading: Eskimo Organization. IRC Abuses. [Online, July 15, 1998.] Eskimo Organization Website. http://www.eskimo.com/~cwj2/chan-atheism/abuses.html. 227 Nuking Oakley Protocol (general term): Cites a sequence of key exchanges and describes their services, particularly authentication and identity protection. See Also: Authentication; Key. Further Reading: TechTarget. Internet Key Exchange. [Online, February 16, 2004.] TechTarget Website. http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci884946,00 .html. Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP) (general term): Canadian Prime Minister Jean Chrétien announced the development of this agency on February 5, 2001. It took over the functions of the former Emergency Preparedness Canada, and its role was to protect Canada’s critical infrastructures from disruption or complete failure in order to assure the health, safety, and economic well-being of Canadians. A prolonged disruption or failure in one utility contributing to the infrastructure could produce cascading disruptions or failures across a number of other infrastructures, with major economic and social repercussions for Canadians. In December 2003, Canadian Prime Minister Paul Martin said that OCIPEP would be integrated into a new department known as Public Safety and Emergency Preparedness Canada (known as PSEPC). The first Deputy Prime Minister and Minister of Public Safety and Emergency Preparedness appointed by the Prime Minister was Anne McLellan. See Also: Critical Infrastructures; Critical Networks; Cyber Apocalypse. Further Reading: OCIPEP. OCIPEP: Who We Are. [Online, May 11, 2004.] OCIPEP Website. http://www.ocipep-bpiepc.gc.ca. OMG (general term): Stands for Object Management Group, an open-membership consortium of computer companies committed to producing and upholding computer industry specifications for enterprise applications that are interoperable.The OMG Board of Directors contains well-known names in the computer and Internet industry including IBM,Alcatel, the Boeing Company, NASA, Sun Microsystems, and Hitachi. OMG’s star specification is the multi-platform Model-Driven Architecture (MDA), and OMG’s own middleware platform is CORBA (an acronym that stands for Common Object Request Broker Architecture). CORBA is OMG’s open and vendor-free architecture and infrastructure that various computer applications use to be able to function together over networks. When the standard protocol IIOP is used, a CORBA-based program from any vendor on almost any computer or operating system in any programming language and on any network can interoperate with a CORBA-based program from the same or another vendor in all of these ways. Because of how easily CORBA integrates machines from huge mainframes to desktops and PDAs, it has become the middleware of choice for many large and some smaller enterprises. One of CORBA’s most common uses is in servers handling a huge volume of customers and having high hit rates but still maintaining high reliability. Moreover, the OMG Interface Definition Language (IDL) allows interfaces to objects to be defined independently of an object’s implementation. After an interface in IDL is defined, it is used as input to an IDL compiler, whose output is to be compiled and linked with an object implementation and its clients. See Also: Compiler; Computer; Internet; Middleware. Further Reading: Barry & Associates, Inc. OMG Interface Definition Language. [Online, May 16, 2005.] Barry & Associates, Inc.Website. http://www.service-architecture.com/webservices/ articles/omg_interface_definition_language_idl.html; Barry & Associates, Inc.CORBA. [Online, May 16, 2005.] Barry & Associates, Inc.Website. http://www.service-architecture.com/ web-services/articles/corba.html. On-Access Scanner (general term): Relates to the constant monitoring of the file system on workstations and servers. For anti-virus software effectiveness, it is important that a computer virus be found and then blocked before it is activated.Therefore, every time a file is accessed for reading or writing, or whenever a program is launched, the on-access scanner is invoked. The on-access scanner literally scans the file. Although on-access scanning is a quite secure way to check for viruses, it is not well liked by sophisticated users because of its adverse impact on performance. See Also: Anti-Virus Software; On-Demand Scanner; Server;Virus. Further Reading: SAV25 Data Systems. SAV25 Data Systems. [Online, 2000.] SAV25 Data Systems Website. http://www.sav25.com/norman/nvc/nvc_corp_features.htm. On-Demand Scanner (general term): Used for the manual scanning of selected areas on a computer, including entire drives or certain folders. For example,Windows Explorer allows an object to be selected and then scanned.The user simply chooses the on-demand Virus Scanner entry from the right-mouse button menu. In a networked environment, the system administrator can schedule scanning operations to be run on some or on all workstations and servers within the corporation.Tasks can be run immediately, scheduled to be run at a later point in time, or scheduled to be run at some fixed interval.The on-demand scanner can use a sandbox-type of technology to add more protection levels to detect novel and unknown malware before it can create havoc on the network. See Also: Administrator; Computer; On-Access Scanner; Malware; Server;Virus. Further Reading: SAV25 Data Systems. SAV25 Data Systems. [Online, 2000.] SAV25 Data Systems Website. http://www.sav25.com/norman/nvc/nvc_corp_features.htm. One-time Password (general term): One-time passwords can be used for only one authentication process in order to gain access to a system. By using one-time passwords, the probability of an attack relying on the interception and replay of network traffic is lessened because a previously valid password will not be accepted on a second or following round. One-time passwords are typically used in security-critical environments in which clear-text passwords continue to be used. See Also: Attack; Authentication; Password; Security. One-Way Hash Function (general term): A mathematical transformation of data of arbitrary length into a fixed-length string.The mathematical properties of the transformation ensure that OMG 230 the reversion of the hashing is computationally hard and that similar data yield dissimilar hashes. The output of a hash function—called a hash, message digest, or digital fingerprint—is used for authentication and message integrity purposes. Online File Swapping or Online File Sharing (general term): Recent studies indicate that more people than ever are using Peer-to-Peer (P2P) services for online file swapping and file sharing.These terms mean just as they sound: users swap or share files online with others, usually without paying royalties.The files shared are typically music, movies, and photos. For example, BigChampagne, which tracks Internet file-sharing in the United States, says that more than eight million people were online at any one time in June 2004, using unauthorized services such as KaZaA and eDonkey. That is an increase of 19% from 6.8 million people who engaged in unauthorized file-sharing in June 2003.Though BigChampagne says that the majority of files being swapped are music, pornography videos and images is the second-biggest category. After September 2003, the Recording Industry Association of America (RIAA) filed 3,500 lawsuits against U.S. online music sharers who uploaded songs to the Internet.The charges relied on the infringement of the DMCA law.The RIAA had settled about 600 of these cases as of July 2004, with fines levied ranging from $2,000 to $15,000. After 2004, the RIAA continued to file suits against individuals they believed to be infringing the DMCA. As of September 30, 2005, the milestone number of cases reached 15,000. In some jurisdictions outside the United States, such as in Canada, online file swapping is not illegal. See Also: Digital Millennium Copyright Act (DMCA); Internet; Napster; Peer-to-Peer (P2P); Recording Industry Association of America (RIAA). Further Reading: Graham, J. Online File Swapping Endures. USA Today, July 12, 2004, p.A1. Rank One Media Group. US music industry hits milestone, has sued 15,000 people. [Online June 2006]. cdfreaks Web site. http://www.cdfreaks.com/news/12474. Opcode (general term): Short for Operation Code, which is the part of an instruction in machine language to specify the operation to be performed. A complete machine language instruction consists of an opcode and zero or more operands with which the specified operation is performed. Examples are “add memory location A to memory location B,” or “store the number five in memory location C.”“Add” and “Store” are the opcodes in these examples. Because virus scanners try to detect and remove malicious patterns of machine instructions, virus writers have now turned to metamorphic viruses that rewrite themselves using equivalent opcodes, or that re-order the machine instructions to achieve the same computational result while at the same time avoiding detection. See Also: Virus. Open Relay (general term):An SMTP email server permitting outsiders to relay email not for or from local users. Spammers rely on open relay to send unwanted messages to potential consumers. Open relays are blacklisted by some Internet services, and other mail servers use these lists to block emails from the open relay servers. System administrators of open relays are contacted by the listing service asking them to fix their configurations in order to be removed from the black list. 231 Open Relay See Also: Administrators; Electronic Mail or Email; Internet; Simple Mail Transfer Protocol (SMTP); Spam; Spammers. Further Reading: MarketingSherpa, Inc.The Ultimate Email Glossary: 180 Common Terms Defined. [Online, 2004.] MarketingSherpa, Inc. Website. http://www.marketingsherpa.com/ sample.cfm?contentID=2776. Open Shortest Path First (OSPF) (general term):A gateway-routing protocol created for IP networks that implements the “shortest path first” (or link-state) algorithm. Routers use the algorithms to forward routing information to all other OSPF routers on the Internet by calculating the shortest path to each router, based on a connection graph of the network as it is “seen” by each router. Each router sends not only the portion of the routing table describing the state of its own links but also the complete routing structure (known as the topography).The positive aspect of “shortest path first” algorithms is that they produce smaller, more frequent updates, thus preventing problems such as routing loops and count-to-infinity (which occurs when routers continue to increment the distance counter to a destination net). OSPF results in a stable network. OSPF’s major disadvantage is its large requirement of CPU power and memory.The advantages far outweigh the costs, however. See Also: Algorithm; Internet; Protocol; Routers. Further Reading: Jupitermedia Corporation.What is OSPF? [Online, February 13, 2004.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/O/OSPF.html. Open Software Foundation (OSF) (general term): Founded in 1988 to develop an open, interoperable standard for UNIX operating systems.The group, consisting initially of all but two major players in the UNIX market, included IBM, Digital Equipment Corporation (DEC), Hewlett Packard, Apollo, Groupe Bull, Siemens, and Nixdorf.The Foundation was largely seen to be an attempt to unify forces against Sun Microsystems and American Telephone & Telegraph (AT&T) and their System V version of UNIX.The competition between the coalition of seven and the pair consisting of Sun Microsystems and AT&T became known as the UNIX wars. Commercially, the developed standard was a failure. The only implementation was OSF/1 by DEC, which was later renamed Digital UNIX. In 1996, OSF merged with X/Open to form the Open Group.The OSF is frequently confused with the Free Software Foundation (FSF), but there has never been a connection between OSF and FSF. See Also: Free Software Foundation; UNIX. Open Source (general term): Open source proponents believe that software users should be able to view the source code and make changes to it to correct glitches or produce value-added features. The Linux operating system, for example, is open source. See Also: Internet; Open Source Initiative (OSI). Open Source Initiative (OSI) (general term): In addition to giving other software users open access to the source code, the distribution conditions for software under the OSI license scheme must also comply with the following conditions, among others: Open Relay 232 • Free Redistribution.The license should not stop anyone from selling or giving away the software when it is part of an aggregate software having programs from a number of different sources. Moreover, the license should not require a royalty fee for such a sale. • Source Code.The product must include source code and permit its distribution.When a product is distributed without source code, there has to be some clearly stated way to get it for a price not exceeding reasonable reproduction costs. In fact, the source code should be able to be downloaded from the Internet, preferably for free. Furthermore, the source code should be in the form in which, say, a programmer could amend it. • Derived Works.The license should permit software changes, and works derived from the original software should be permitted to be distributed under the same terms and conditions as the license of the original software version. • No Discrimination Against Persons or Groups.The license is not allowed to discriminate against any person or group. • No Discrimination Against Fields of Endeavor.The license is not allowed to restrict any person from using the program for a specific purpose, such as for business or for genetic research. • Distribution of License.The rights to the program must apply to everyone who receives it without having to obtain more licenses. • License Must Not Restrict Other Software.The license must not put restrictions on other software distributed with the licensed software.That is, the license must not insist that other programs distributed on the same medium as the licensed software also be open source. • License Must Be Technology Neutral. No license provision may be predicated on any particular technology or interface style. See Also: Code or Source Code; Internet; Open Source. Further Reading: Open Source Initiative. The Open Source Definition. [Online, 2004.] Open Source Initiative Website. http://www.opensource.org/docs/definition_plain.php. Open Systems Interconnect (OSI) Model (general term): Defines Internet function through a vertical stack of seven layers.The uppermost layers represent the implementation of network services such as encryption and connection management, and the lowermost layers implement the hardware-oriented functions such as addressing, flow control, and routing. Data communication begins with the top layer at the sending side, descends the OSI model stack to the bottom layer, crosses the network connection to the bottom layer on the receiving side, and ascends the OSI model stack. The OSI model was developed in 1984 to be an abstract model, but it has become a practical framework for developing current network technologies such as Ethernet and protocols such as IP. 233 Open Systems Interconnect (OSI) Model See Also: Encapsulation; Encryption or Encipher; Ethernet; Internet; Internet Protocol; Layers; Network. Further Reading: About, Inc. OSI Model. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/cs/designosimodel/g/bldef_osi.htm. Operating System Software (general term): Software managing the computer hardware. Operating systems vary in their make-up because they are organized in different ways, and designing a new Operating System is a major undertaking. Because an Operating System is complex, it has to be designed one piece at a time. Moreover, each piece needs to be a well-defined section of the systems, with well defined inputs. For PCs, the most popular current operating system software is the Microsoft Windows family, but experts project that Linux will replace Windows on at least one-fifth of all computer systems by 2010. See Also: Linux. Operation Sun Devil of 1990 (general term): A nation-wide raid carried out by the U.S. Secret Service as part of an online investigation into the cyberwar between the Legion of Doom (LoD) and the Masters of Deception (MoD). See Also: Hacker Clubs; Legion of Doom (LoD); Masters of Deception (MoD). Orange Book (general term): A standard from the U.S. National Computer Security Council (an arm of the National Security Agency). It defines criteria for trusted computer products and describes four trust levels, designated as A, B, C, and D. Each level of trust includes more features and requirements: D is a nonsecure system. C1 requires a user to logon but does not prohibit group ID. C2 requires individual logons with a password and an audit mechanism. B1 requires Department of Defense security clearance. B2 requires secure communication links between the system and users and gives assurance that system testing is performed regularly and clearances are maintained. B3 requires that the system be characterized by a viable mathematical model, and A1 requires a system characterized by a proven mathematical model See Also: National Security Agency (NSA);Trust. Further Reading: Farlex, Inc. The Orange Book. [Online, 2004.] Farlex, Inc. Website. http://computing-dictionary.thefreedictionary.com/Orange%20Book. Osowski, Geoffrey and Tang,Wilson Case (legal case): Accountants Geoffrey Osowski and Wilson Tang pleaded guilty in April 2001 to exceeding their authorized access to the Cisco Systems Inc. computers so that they could illegally issue about $8 million in Cisco stock to themselves.They were charged with violating Title 18, United States Criminal Code by committing computer and wire fraud. Under a plea bargain, they consented to pay back money amounting to the difference between almost $8 million that they issued to themselves and that Open Systems Interconnect (OSI) Model 234 which the government could recover from the sale of jewelry, an automobile, and other purchased goods. The pair admitted that between October 2000 and March 2001, they worked together to defraud Cisco Systems so that they could get Cisco stock they were not authorized to get. In December 2000, they moved 97,750 shares of Cisco stock into two separate accounts at Merrill Lynch, with 58,250 of the shares to be deposited into an account for Osowski and 39,500 shares to be deposited into an account for Tang. In February 2001, the cybercrime team caused two more transfers of stock to their accounts, this time of 67,500 and 65,300 shares. For their cybercrime, Osowski and Tang were sentenced to 34 months in prison. See Also: Access Control; Cisco Systems Inc.; Fraud. Further Reading: U.S. Department of Justice. Former Cisco Accountants Plead Guilty to Wire Fraud via Unauthorized Access to Cisco Stock. [Online, January 17, 2003.] U.S. Department of Justice Website. http://www.usdoj.gov/criminal/cybercrime/OsowskiPlea.htm. Out-of-Band Management (general term): Refers to a method of accessing network firewalls, routers, switches, or servers allowing security technicians to configure and manage these devices through dial-up lines instead of using the devices’ regular network connection. See Also: Firewall; Network; Routers; Server; Switch. Further Reading: Communication Devices, Inc. Products: Out of Band Management. [Online,May 18, 2005.] Communication Devices, Inc.Website. http://www.commdevices.com/ oob_story.htm. Outsider Hacker or Cracker (general term): A hacker or cracker known as an outsider is not an employee of a company or government agency whose computer systems have been attacked. The “outsider” personality profile is based primarily on crackers under age 30 who were caught and convicted on cracking-related crimes. As with insiders caught for computer crimes, outsider crackers have multidimensional rather than unidimensional motivational needs. For example, in a piece written in 1994, the infamous British “Prestel Hacker” Schifreen described the motivational factors of outsider hackers as being broad and existing in degrees of White Hat and Black Hat traits.These motivational factors included seizing the cracking opportunity available because of poor system controls as well as the cracker’s internal need for a challenge, to relieve boredom, to get revenge, or to satisfy greed. See Also: Black Hats; Cracker; Hacker; Schifreen, Robert;White Hats or Ethical Hackers or Sumarai Hackers. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Overrun Error (general term):Typically occurs in devices and applications when they receive more data then they anticipate, usually because the allocated or physical memory buffer is not big enough. Crackers try to create these conditions. Because frequently the application or device does not handle the Overrun Error in a secure way, it allows a cracker to exploit a vulnerable state of the system. See Also: Buffer Overflows. 235 Overrun Error Package (general term): An object containing files and instructions for distributing software. Packet (general term): Data travels along the Internet in packets that are sent individually across the network and then reassembled into the original data at the correct recipient address. Each packet is like a letter in that it has a sender and a receiver. When the packet reaches the correct receiver address, it stops traveling. Every packet has the following fields: source IP address (such as 10.23.1.156); destination IP address; transport type (such as ICMP=1, TCP=6,UDP=17); source port and destination port (such as DNS=53, FTP=21, HTTP=80); and flags (such as SYN). See Also: Encapsulation; Internet; Internet Protocol (IP); IP Address; Port and Port Numbers; Synchronize Packet (SYN). Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Packet Filters (general term): In firewalls, the technology used most often to control traffic. The fields in every packet are compared against a rule set configured on the firewall. Rules might be of the following form: BLOCK destination=196.0.3.x TCP flag=SYN ALLOW destination=196.0.3.129 TCP destport=25 ALLOW destination=196.0.3.130 TCP destport=80 So, if the private network is 196.0.3.x, the initial rule in the preceding list blocks all incoming TCP connections, but outbound connections can continue.The following rules override the first; thus, access to the email server at port 25 is allowed and access to the Web server at port 80 also is allowed. Packet filters are susceptible to fragmentation attacks, whereby an attacker splits up a TCP connection into many smaller packets to avoid detection by packet-filtering rules. See Also: Firewall; Fragmentation; Packet;TCP/IP or Transmission Control Protocol/Internet Protocol. Packet Storm (general term): A nonprofit group of security professionals who provide information necessary for securing networks by posting new security information on a global network of Websites. Information posted includes current and earlier security tools, exploits, and advisories. See Also: Exploit; Network; Security. Further Reading: Packetstorm Security.About Packet Storm. [Online, 2004.] Packet Storm Website. http://packetstormsecurity.org. Packet-Switched Network (general term): Computers connected to the Internet use a packet-switching network to transmit data packets from one attached device to another. See Also: Ethernet; Internet; Network; Packet; Routing and Traceroute Tool. PAD or Padding (general term):An encryption algorithm used to encrypt or “padlock” a message. In cryptosystems, padding also refers to random characters, blanks, zeros, and nulls added to the beginning and ending of messages to conceal their actual length or to satisfy the data block size requirements of some ciphers. Padding also serves to obscure the location at which cryptographic coding actually begins. See Also: Algorithm; Encryption or Encipher. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Parson, Jeffrey Lee Case (legal case): On August 12, 2004, Jeffrey Lee Parson appeared before a judge in Seattle,Washington, admitting to having created the B variant of the Blaster worm. Known also as the “teekids” variant, it exploited nearly 50,000 computers on the Internet in 2003. In January 2005, Parson was sent to jail for 18 months. He was also ordered to put in 10 months of community service after his release.The judge said that she was sentencing him at the lighter end of the potential jail-term range, because though Parson was 18 when he launched his cyber attack, he was emotionally immature. If the judge wanted to be tougher, Parson could have faced a jail term of 10 years and a $250,000 fine. See Also: Blaster Worm; Hackers’ Psychological Profile; Malware;Worm. Further Reading: ECT News Network. Jeffrey Lee Parson Pleads Guilty to Blaster Worm Crime. [Online, August 15, 2004.] ECT News Network Website. http://www.technewsworld .com/story/35820.html; Johnson, G. Teen Sentenced for Releasing Blaster Worm Variant. [Online, January 28, 2005.] Security Focus Website. http://securityfocus.com/news/10377. Passive Attack (general term): On a cryptographic system. It is a method that starts with some information about plaintexts and their corresponding ciphertexts (under some unknown key) and then determines more information about the plaintexts. See Also: Attack; Ciphertext; Passive Countermeasures; Plaintext. Further Reading: Electronic Frontier Foundation. Passive Attack. [Online, 2004.] Electronic Frontier Foundation Website. http://gnupg.unixsecurity.com.br. Passive Countermeasures (general term):Though there is no true means of defending against Denial of Service (DoS) attacks, the most effective means seem to be passive countermeasures. Passive countermeasures are used to prevent network resources from being taken over by crackers as clients for a DoS attack. Specific passive countermeasures include configuring the router to do egress filtering, thus preventing spoofed traffic from exiting the network; asking the Internet Service Provider to configure routers to perform ingress filtering on the network; using a firewall that exclusively employs application proxies; and disallowing unnecessary ICMP, TCP, and UDP traffic. Moreover, if the ICMP traffic cannot be blocked, passive countermeasures can include disallowing unsolicited (or all) ICMP_ECHOREPLY packets; disallowing UDP and TCP, with the Packet-Switched Network 238 exception of a specific list of ports; and setting up the firewall to block any outgoing data traffic whose originating address is not on the protected network. See Also: Active Countermeasures; Denial of Service (DoS); Firewall; Internet Control Message Protocol (ICMP); Internet Service Provider (ISP); Passive Attacks; TCP/IP or Transmission Control Protocol/Internet Protocol; User Datagram Protocol (UDP). Further Reading:AXENT Technologies, Inc.TFN2K — An Analysis. [Online,March 7, 2000.] AXENT Technologies, Inc. Website. http://gaia.ecs.csus.edu/~dsmith/csc250/lecture_notes/ wk12/tfn2k.html. Passive Fingerprinting (general term): See Fingerprinting. Passive Wiretapping (general term):A type of wiretapping that is not active but rather attempts merely to observe the traffic flow to gain desired knowledge, whether it be snooping for a password or just logging traffic. Passphrase (general term): Text string consisting of several words and numbers that a user enters to access a computer, network, or an applicaiton. Some systems allow users to use entire passphrases rather than a short string for passwords.Though passphrases are deemed to be more secure because they are harder to crack, they are generally used only when extreme security is demanded. See Also: Authentication; Cracking; Password. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Password (general term):A unique character string that a user types to access a computer, network, or an application such as a database or a Web-based service. Essentially, passwords are identification codes restricting access to computers, networks, and sensitive files. The system compares the typed user identification and password against a list of authorized users and passwords stored on the system. If the entered user identification (that is, id) and password are valid, the system lets the user access at the security level preapproved for him or her. See Also: Access Control; Authentication; Computer; Network. Password Authentication Protocol (PAP) (general term): One of the earlier forms of authentication for gaining access to a network.A user’s name and password were transmitted over a network and compared to a list of name-password pairs.Typically, the passwords stored in the table were encrypted. It is important to note that PAP was not a strong authentication method, for passwords were sent over the wire as “clear text.” Furthermore, there was no protection from replay attacks or from brute-force trial and error attacks. Because of these shortcomings, PAP is no longer in wide use. Further Reading: IETF, PPP Authentication Protocols. [Online, October 1992.] Website. http://www.ietf.org/rfc/rfc1334.txt. Password Cache (general term): A temporary copy of a password; an internal prompting that occurs inside a computer during a session to prevent the user from being externally prompted to continually reenter the password. See Also: Computer; Password. 239 Password Cache Patches or Fixes or Updates (general term): Updated system software created to close security gaps discovered after the software has been released to the public. Patent Law and Automated Business Methods (legal term): Once considered a taboo subject matter of patent law,Automated Business Methods (or ABMs) are now accepted by the U.S. Patent and Trademark Office and U.S. courts.ABMs, business methods that once were manually completed but are now automated, are used by some of the largest businesses operating on the Internet, known generally as “electronic-commerce” or “e-commerce.” See Also: Internet;Trademark Law. Further Reading: Kirsch, G. The Software and E-Commerce Patent Revolution. [Online, 2004.] Gigalaw.com Website. http://www.gigalaw.com/articles/2000-all/kirsch-2000-01-all .html. PATRIOT Act of 2001 (legal term):Also known as the USA PATRIOT Act and Patriot Act I, this controversial Act was introduced as H.R. 3162 by Representative F. James Sensenbrenner, RWI, on October 23, 2001, in response to the September 11, 2001, terrorist attacks.The acronym “USA PATRIOT” stands for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism. The Act’s stated intent was to deter and punish terrorist acts in the United States and elsewhere and to enhance law enforcement investigation tools. Related bills include H.R. 2975 (an earlier anti-terrorism bill that passed the House on October 12, 2001) and H.R. 3004 (the Financial Anti-Terrorism Act). On October 26, 2001, H.R. 3162 became Public Law No. 107-56, that is, the USA PATRIOT Act of 2001. Though federal courts have found some provisions of the Act unconstitutional, and despite continuing public controversy and concern, the law was renewed in March 2006. Further controversy brewed when on February 7, 2003, the Center for Public Integrity, a public interest think tank in Washington, D.C., disclosed the content of a classified document that was to be introduced as the Domestic Security Enhancement Act of 2003 or Patriot Act II.The legislation was not brought forward in this form, although some of the controversial sections were reintroduced in the Tools to Fight Terrorism Act of 2004. This act was read in the Senate on July 19, 2004. It was not passed in this form. See Also: Terrorism. Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet. [Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/ legislation/107th/wiretaps/. Azulay, Jessica. ‘Chilling’ Pieces of Patriot Act II return to Senate. The NewStandard. [Online, September 22, 2004]. http://newstandardnews.net/content/ ?action=show_item&itemid=1027. Payload (general term): Associated with a computer virus, it is the malicious software content that the virus executes.The term payload is also the actual data that is encapsulated in a packet and is transmitted on a network. Payload is also a critical concept in Web services, identifying the data that is transmitted.The payload in Web services is XML based, thus delivering the data in a standardized format that can be understood by many diverse applications. See Also: Encapsulation; Network; Packet;Virus. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.]. http:// securityresponse.symantec.com/avcenter/refa.html. Patches or Fixes or Updates 240 PBX (Private Branch Exchange) (general term):A type of internal telephone switchboard— typically circuit-switched networks—found in corporations. As telephony continues to evolve to Voice Over IP (or VoIP), companies will use a so-called “hybrid” networks made up of both circuit-switched and VoIP equipment. According to security experts, during this transitional period, present-day security vulnerabilities of circuit-switched networks will continue— including toll fraud, service theft, the use of unauthorized modems, and eavesdropping on the Public Switched Telephone Network—and new vulnerability issues will emerge. How security professionals deal with these vulnerabilities will depend on the selected vendor, the configuration used, and the particular deployment scenario under investigation. See Also: Fraud; Modem; Network;Theft;Voice Over Internet Protocol (VoIP). Further Reading: Collier, M.The Value of VoIP Security. [Online, July 6, 2004.] CMP Media LLC. Website. http://subscriber.acumeninfo.com/uploads2/5/E/5E9080CAB3A1ABE63E3B 8EFB7B21E22D/1090506012673/SOURCE/secureLogix.html. PDA (Personal Digital Assistant) (general term):A small, handheld system combining in one device multiple computing, Internet, networking, and fax/telephone features. A typical PDA can work as a personal organizer, a cell phone, and, in some cases, an Internet browser. One of the favorite PDAs of executives is the Canada-produced BlackBerry; other popular models are produced by Hewlett-Packard and Palm, Inc. In fact, today’s technology is making it easier for a handheld phone to become what telecommunications expert George Gilder calls a “teleputer”— a wireless device able to perform all of the functions typically associated with a much larger computer.For example, the Nokia N91 has a four-gigabyte hard drive—about ten times more storage than a desktop computer had ten years ago. That provides enough storage for thousands of MP3 files, hundreds of photos, or numerous office documents. Some say that the modern-day cellular phone is the equivalent of a small laptop PC in the user’s pocket. Though very useful, even the BlackBerry has some security concerns. It is interesting to note that during the week of March 1, 2005, the Canadian military and U.S. security agencies commenced a one-year joint effort to make it and other PDAs more secure in the hopes that one day PDAs can be used for transmitting top-secret information. Though the Blackberry device allows government officials and executives to make critical decisions using a wireless device in the palm of their hands even when they are away from their worksites, the security of PDAs, in general, came fully into question when in February, 2005, reports indicated that a cracker accessed personal information from Paris Hilton’s PDA (a Sidekick II).The cracker obtained over 500 celebrities’ phone numbers and email addresses from her PDA and then posted on the Net topless photos of the hotel heiress and model. It is interesting to note that on February 15, 2005, a PDA-cracking cybercriminal was taken to court, and the media questioned whether he was Paris Hilton’s PDA-cracker. In a plea agreement with prosecutors, Nicolas Jacobsen, aged 22, pleaded guilty in U.S. federal court to one felony charge related to his intentionally gaining access to a protected computer and causing damage to it. Jacobsen’s crime spree began in late 2003 and ended when he was arrested in the fall of 2004. Though Jacobsen’s 2003–2004 cyber targets included Paris Hilton’s T-Mobile Sidekick II as well as other T-Mobile users, he was not apparently connected to the late February, 2005, crack attack that resulted in Hilton’s topless photos being shown on the Net. 241 PDA (Personal Digital Assistant) The intrusion into T-Mobile’s servers by Jacobsen seemed to have resulted from the company’s failure to patch a known security hole in a commercial software package. For example, at least one Internet Website noted that anybody using a service to spoof caller ID could have exploited the flaw.Though T-Mobile agreed that the vulnerability existed, they said that the solution to the problem is a simple one. Users simply need to set their voice mail to require a particular password; by default, clients are not required to do this. In July, 2003, the vulnerability was discussed in a Black Hat Briefing talk in Las Vegas.An SPI Dynamics researcher talked about how to exploit the Weblogic vulnerability, and, apparently, Jacobsen learned of the hole from an issued advisory. He then created his own 20-line exploit in Visual Basic and searched the Internet for potential targets who failed to install the issued patch. In October, 2003, Jacobsen discovered that T-Mobile was, indeed, one such place. See Also: Browser; Internet; Network;Wireless. Further Reading: Ingram,M.Cellphones Becoming ‘Small Laptop in Your Pocket.’ The Globe and Mail, May 18, 2005, p. B.3; Lemos, R. Flaw Threatens T-Mobile Voice Mail Leaks. [Online, February 24, 2005.] CNET Networks Inc. Website. http://news.com.com/Flaw+threatens+ T-Mobile+voice+mail+leaks/2100-1002_3-5589608.html; Poulsen, K. Known Hole Aided T-Mobile Breach. [Online, February 28, 2005.] Lycos, Inc. Website http://www.wired.com/ news/privacy/0,1848,66735,00.html; Thorne, S. Canadian Military, U.S. Agencies Launch Blackberry Security Project. [Online, March 1, 2005.] Attrition.org. Website. http://www .attrition.org/pipermail/isn/2005-March.txt. PDP-10 or Programmed Data Processor-10 (general term): One of an earlier series of minicomputers produced by Digital Electronic Corporation (DEC). These minicomputers not only made time-sharing real but also held a special place in hacker history because they were used in the 1970s by academic computing centers and research laboratories, including the MIT Artificial Intelligence (AI) Lab. Some aspects of the instruction set (especially the bit-field instructions) are to this day considered by some to be unsurpassed. The PDP-10 was eventually made obsolete by the VAX machines (a descendant of the PDP-11) when DEC realized that the PDP-10 and the VAX computer systems were in competition with each other. DEC decided to concentrate its software development efforts on the more profitable choice—VAX. The PDP-10 computer was eliminated from DEC’s product line in 1983. See Also: Artificial Intelligence (AI); Hacker. Further Reading: Webnox Corporation. PDP-10 Definition. [Online, 2004.] Webnox Corporation Website. http://www.hyperdictionary.com/dictionary/PDP-10. Peer-to-Peer (P2P) (general term):Architecture permitting hardware and software to work on a network without central servers It is frequently used to set up home computer networks, for which a dedicated server can be too costly; it became popular with software applications such as Napster. A controversial tool for P2P communications is known as Skype, an encrypted Internet telephony system allowing for the swapping of files; it interconnects with the publicly switched telephone system. Skype is controversial and a headache for enterprises, because it can easily PDA (Personal Digital Assistant) 242 penetrate firewalls; however, businesses can implement safeguards by, for example, placing Skype on a separate, dedicated segment of their network. Released in 2004 by the makers of KaZaA, Skype scans the Internet searching for a supernode (by definition, other users running the software and, therefore, not being screened by firewalls). An unknown quantity of supernodes links to other supernodes, eventually looping back to Skype’s servers, thus allowing users on the Internet to send and receive files. Skype is marketed as having communications encrypted with a 256-bit encryption standard, and keys are exchanged with the RSA encryption algorithm. Unlike other, nonproprietary Voice Over Internet protocols (VoIP), Skype uses a proprietary, secret protocol. So, for financial and health institutions required by law to monitor the communications between their employees and their clients, they need to be aware that Skype is unmonitorable. Skype appears to be more secure than cell phones having their encryption disabled or landlines having zero encryption.With Skype, even large files of 100MB size can be sent without contending with server size restrictions. In recent years, the P2P abbreviation has taken on another meaning “People-to-People.” Thus, P2P (or People-to-People) has become a marketing abbreviation for selling P2P software and for creating businesses that can help individuals on the Internet to meet one another or to share some common interests. See Also: Internet; Napster; Online File Swapping; Peer-to-Peer (P2P);Voice Over Internet Protocol (VoIP). Further Reading: About, Inc. P-2-P. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/library/glossary/bldef-p2p.htm; Garfinkel, S. Can 9 Million Skype Users Be Wrong? [Online, March 22, 2005.] CXO Media Inc. Website. http://www .csoonline.com/read/030105/machine.html. Penetration Testing (general term):The process of probing and identifying security vulnerabilities and the extent to which they are used to a cracker’s advantage. It is a critical tool for assessing the security state of an organization’s IT systems, including computers, network components, and applications. Hackers of the White Hat variety are often hired by companies to do penetration testing. It is money well spent, computer security experts contend. See Also: Hacker;Network;White Hats or Ethical Hackers or Sumari Hackers;Vulnerabilities of Computers. Further Reading: Lowery, J. Penetration Testing:The Third Party Hacker. [Online, February, 2002.] Sans Institute Website. http://www.sans.org/rr/papers/index.php?id=264. Perimeter Authentication (general term):The process of authenticating the identity of an offsite user not within the application server’s domain.This process is completed by a remote user specifying an identity and some form of corresponding “proof ” of identity.The proof provided is generally a secret string of letters and/or numbers (such as a credit card number, a password, or a Personal Identification Number such as an important date to the user) that can then be verified. See Also: Authentication; Fraud; Identity Theft or Masquerading; Password; Personal Identification Number (PIN). Further Reading: BEA Systems. Security Fundamentals. [Online, 2004.] BEA Systems Website. http://e-docs.bea.com/wls/docs81/secintro/concepts.html#1077583. 243 Perimeter Authentication Perimeter Defenses (general term): Used for security purposes to keep a zone secure.A secure zone is some combination of policies, procedures, technical tools, and techniques enabling a company to protect its information. Perimeter defenses provide a physical environment with management’s support in which privileges for access to all electronic assets are clearly laid out and observed. Some perimeter defense parameters include installing a security device at the entrance of and exit to a secure zone and installing an intrusion detection monitor outside the secure zone to monitor the zone. Other means of perimeter defense include ensuring that important servers within the zone have been hardened—meaning that special care has been taken to eliminate security holes and to shut down potentially vulnerable services—and that access into the secure zone is restricted to a set of configured IP addresses. Moreover, access to the security appliance needs to be logged and all changes to the security appliance need to be documented, and changes regarding the security appliance must require the approval of the secure zone’s owner. Finally, intrusion alerts detected in the zone must be immediately transmitted to the owner of the zone and to Information Security Services for rapid and effective resolution. See Also: Intrusion; IP Address; Security Zones; Server. Further Reading: The University of California. Anatomy of a Secure Zone. [Online, November 3, 2003.] The University of California San Francisco Website. http://isecurity.ucsf .edu/main.jsp?content=secure_zones/secure_zones. Peripherals (general term): Equipment such as printers, modems, mouse devices, and keyboards that attach to one of the computer’s ports so that users can send, receive, and print information using that computer. For users with disabilities that restrict their ability to use mouse devices and keyboards, voicerecognition software provides an alternative means for these individuals to conduct their computing activities. By wearing a headset and by speaking into a microphone, users can substitute typing with dictating words and sentences. Users “train” the voice-recognition software system to become familiar with their voices and convert spoken words into text.The software is designed to track errors that it makes—such as correcting the word “lock” to appear as “luck” by learning the individual’s speech patterns and idiosyncrasies. Two suppliers of speech-to-text dictation software include the former ScanSoft, Inc. (now called Nuance Communications, Inc.) and IBM Corporation. The suppliers claim an accuracy rate approaching 99%. See Also: Modem; Port and Port Numbers. Further Reading:Weinberg, P. Speak and It Shall Be Written (Or Pretty Close). The Globe and Mail, March 10, 2005, p. B10. Perl (general term): A popular scripting language that runs on a wide variety of platforms, including UNIX and Windows. PERL is open source, easily integrated into Web servers for CGI, easy to learn, and supports a large library of utilities. See Also: Common Gateway Interface (CGI Scripts, cgi-bin); Open Source; Programming Languages C, C++, Perl, and Java; Server; UNIX. Perimeter Defenses 244 Personal Identification Number (PIN) (general term): A string of numerals used for the identification of authorized users or clients. For example, Automated Teller Machines (ATMs) can be accessed by registered bank clients after they enter a PIN into a keypad.Though convenient, PINs can be stolen and used fraudulently. For debit card fraud to occur, a robber needs two things: the account information found on the user’s card’s magnetic strip and the user’s PIN.According to police, the PIN can be obtained in a number of ways, including stealing the user’s wallet and finding the PIN written on a paper in it, or watching a user enter the PIN into an ATM machine and then stealing the user’s card. Another trick used by fraud artists is to have a legitimate-looking store clerk skim the card on a legitimate point of-sale terminal and then skim it again on an illegitimate card reader designed to store information embedded on the card’s magnetic strip.Though the initial sale will be sent to the financial institution, giving the PIN user the idea that everything is okay, the criminal will then make a new card with the personal information stored on it and use the PIN that had been entered by the legitimate user (and captured on film by an overhead camera) to fraudulently purchase goods and services with the fake card. The legitimate card user typically calls the police when he or she discovers that large sums of money or the entire amount thought to be in the user’s account no longer exists. One such PIN scam occurred in Ajax, Ontario, Canada, in December 2004, at a gas station that engaged in such illegal practices. Victimized users sometimes find that after informing the bank of the missing account funds, the bank investigator might ascertain that the user failed to take appropriate protections to safeguard his or her PIN.The bank therefore might not replace the stolen funds. Such moves hurt consumer loyalty. It is for this reason that in 2004, credit card companies began urging merchants to buy into a new payment method allowing consumers to use their plastic cards without swiping them through a machine and inputting a PIN. On May 19, 2005, J.P. Morgan Chase & Co., the largest credit card issuer in the United States, announced plans to distribute millions of new cards that simply need to be waved or held in front of a special reader. Such a card can also be swiped through the more traditional machine. The technology is known simply as “blink.” The cards contain a special chip recognized by the merchant’s terminal. When clients wave their cards in front of the machine, the card reader lights and then beeps to signal that the transaction has been authorized. The card never needs to leave the client’s hand. Visa, MasterCard, and American Express have agreed to accept any card equipped with “blink.” See Also: Fraud; Identity Theft or Masquerading. Further Reading: Durham Regional Police Service. Debit Card Fraud. [Online, 2002.] Durham Regional Police Service Website. http://www.police.durham.on.ca/internet_explorer/ public_safety/safety_tips/index.asp?Action=3&Topic_ID=73&Category_ID=12&AbsPage=2; Metroland. Card Scam Targeted Durham Gas Bars, Police Say. [Online, December 28, 2004.] Metroland Website. http://www.durhamregion.com/dr/regions/ajax/story/2450588p-2838370c .html; Sidel, R. Credit Cards Charge Into Future. The Globe and Mail, May 19, 2005, p. B16. Pew Internet and American Life Project Survey (general term): The Pew Internet and American Life Project conducted a national telephone survey between March 12, 2003, and May 20, 2003, to discover the extent of Internet usage and types of online activities engaged in by 245 Pew Internet and American Life Project Survey U.S. adults.The survey conductors discovered that more than 53 million U.S. adults, or 44% of the U.S. adult Internet users, have used the Internet to accomplish a number of objectives, including sharing their thoughts in chat rooms, responding to others through email, posting pictures, and sharing files. Moreover, about 13% of the respondents said that they have their own Websites, and about 7% of the respondents said that they have Web cameras running on their computers to let other Internet users view live pictures of them and their surroundings. Only 2% of the respondents said they kept Web diaries or blogs. By the end of 2004, an updated study showed that eight million users in the United States had created blogs, and that blog readership increased by 58% in 2004 to encompass 27% of U.S. Internet users. It is expected that this growth rate has not diminished significantly and the number of active bloggers has grown substantially. A 2006 study released on April 26 shows that Internet penetration has now reached 73% (up from 66% in the 2005 survey) of American adults. The respondents said that improvements in e-commerce are noticeable, as are the online opportunities to pursue hobbies and personal interests. See Also: Blog; Chat Rooms; Electronic Mail or Email; Internet; Online File Swapping. Further Reading: Lenhart, A., Fallows, D., and Horrigan, J. Reports: Online Activities and Pursuits. [Online, February 29, 2004.] Pew Internet and American Life Project Website. http:// www.pewinternet.org/PPF/r/113/report_display.asp. Madden, M. Internet Penetration and Impact. [Online, April 26, 2006.] Pew Internet and American Life Project Website. http:// www.pewinternet.org/PPF/r/182/report_display.asp. Phiber Optik (a.k.a. Mark Abene) (person; 1972– ): In the early 1990s, Mark Abene was engaged in cyberwarfare with Erik Bloodaxe.The online war eventually led to Abene’s arrest. Abene, who became publicly known in Manhattan for his intelligence both on- and offline, served a one-year federal prison sentence for his cyberwar activities. See Also: Cyberwarfare; Hacker Clubs. Phishing (general term): A form of identity theft whereby a scammer uses an authenticlooking email from a large corporation to trick email receivers into disclosing online sensitive personal information, such as credit card numbers or bank account codes. According to a 2004 report released by Gartner, Inc., an IT marketing research firm, phishing exploits cost banks and credit card companies an estimated $1.2 billion in 2003. Moreover, according to the Anti-Phishing Working Group (a nonprofit group of government agencies and corporations trying to reduce cyber fraud), more than 2,800 active phishing sites were known to exist. In April 2005, a new “cousin” of phishing was defined and called “WiPhishing” (pronounced “why phishing”)—an act executed when an individual covertly sets up a wireless-enabled laptop computer or access point to get other wireless-enabled laptop computers to associate with it before launching a crack attack. About 20% of wireless access points use default SSIDs. Because users failed to rename them, a cracker can quite easily guess the name of a network that target computers are normally configured to, thereby gaining access to the laptop computer and putting malicious code into it. Intrusion detection appliances such as AirPatrol Enterprise have been designed to detect wireless exploits. Pew Internet and American Life Project Survey 246 Firms having wired networks are at risk of being cracked if employees’ laptop computers are left on. Instead of exploiting wireless networks with WiPhishing, crackers could do even more damage by hijacking the legitimate connection to a wired computer network, exploiting the soft underbelly of that network, and launching an invasive attack. See Also: Cracking; Exploit; Electronic Mail or Email; Fraud; Identity Theft or Masquerading. Further Reading: Levinsky,D. Hacker Teenage Pleads Guilty. [Online,May 14, 2005.] Calkins Media, Inc. Website. http://www.phillyburbs.com/pb-dyn/news/112-05142005-489320.html; Leyden, J. WiPhishing Hack Risk Warning. [Online, April 20, 2005.] http://www .theregister.co.uk/2005/04/20/wiphishing; MarketingSherpa, Inc. The Ultimate Email Glossary: 180 Common Terms Defined. [Online, 2004.] MarketingSherpa, Inc.Website. Reg SETI Group Website. http://www.marketingsherpa.com/sample.cfm?contentID=2776. Phrack (general term): Phrack Magazine, or simply Phrack, began in 1985 as the first electronically distributed magazine, or e-zine, connecting the hacker community. The online magazine provided those in the computer underground with information on anarchy, cryptography, reverse-engineering, phreaking, and numerous other features of high-tech interest.The last edition of Phrack #63 appeared on July 30, 2005. In the final edition, an announcement was made that a new editorial team could be expected for 2006–2007. See Also: Cryptography or “Crypto”; Defcon; Hacker. Further Reading: phrackstaff@phrack.org. PHRACK #63. [Online, July 30, 2005.] Phrack Website. http://www.phrack.org/archives/phrack63.tar.gz. Phreaking (general term): A form of cyberspace theft and/or fraud using technology to make free telephone calls. John Draper (a.k.a. Cap’n Crunch) is probably the most famous phreaker in the Computer Underground, because he was the first in the U.S. who was jailed for this type of exploit. See Also: Computer Underground (CU); Fraud. Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime:A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004. Phun (general term): A phreaking magazine popular in the computer underground during the late 1980s.The first copy was released on September 20, 1988, and contained 13 articles covering such topics as telecommunications, radio, and overcoming computer security. Red Knight was the President and Editor.The Website can be found at: http://www.etext.org/CuD/Phun/ phun-1. See Also: Phreaking;Telecom. Physical Exposure (general term):A rating used to calculate a system’s vulnerability. It is based on whether a perpetrator needs physical access to a system in order to exploit the system’s vulnerability. See Also: Access Control;Vulnerabilities of Computers. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. 247 Physical Exposure Physical Infrastructure Attacks (general term): Cause a Denial of Service (DoS) attack. These physical infrastructure attacks can be accomplished simply by snipping a fiber-optic cable.They are typically mitigated by the reality that traffic can quickly be rerouted. If physical access to a computer system can be obtained, then gaining access to the information on that computer system can also be obtained.With new U.S. laws pertaining to the security of information—including HIPAA (Health Insurance Portability and Accountability Act), the Gramm-Leach-Bliley Act, and the Sarbanes-Oxley Act—data in both physical and electronic forms must not only be protected by adequate access control mechanisms but also be audited if compliance with the various regulations is to be maintained. Recommendations on physical and logical security integration can be found at this TechTarget Website: http://www.searchSecurity.com/originalContent/0,289142,sid14_gci1046324,00.html? track+NL-358&ad=502258. See Also: Accountability; Fiber-Optic Cable; Gramm-Leach-Bliley Act of 1999 (Financial Services Modernization Act); Health Insurance Portability and Accountability Act of 1996 (HIPAA). Further Reading: Maiwald, E. The ‘How-tos’ of Security Integration. [Online, January 20, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/originalContent/0,289142, sid14_gci1046324,00.html?track+NL-358&ad=502258; McAlearney, S.Wedded to Physical and IT Security? [Online, January 20, 2005.] KnowledgeStorm, Inc.Website. http://knowledgestorm .techtarget.com/searchsecurity/MainServlet?track+NL-358&ad=502258&ksAction+Home&c= TT&n+home;TechTarget. Denial of Service. [Online,May 16, 2001.] TechTarget Website. http:// searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213591,00.html. Ping of Death Attack (general term): Uses IP fragmentation to crash computers.This kind of attack was so named because the Ping program built into Windows in earlier years easily could be told to fragment packets. See Also: Attack; Fragmentation; Internet Protocol (IP); Packet; Ping or Packet Internet Groper. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. ping or Packet Internet Groper (general term):The ping command, built into both Windows and UNIX operating systems, is a universal way of testing network response time and performance. The ping command is used by system administrators for diagnostic problems, particularly for testing, measuring, and managing networks. Ping is a TCP/IP utility that sends ICMP information packets to a computer on a network and waits for their return.The ping command is particularly helpful in verifying whether a host is working and whether a system is attached to the Internet. For system administrators not using Windows, several Websites offering ping are available. On UNIX or Linux, for example, the system administrator simply needs to type “ping host_name.” System administrators using a Windows-type operating system can open a command window and then type “ping host_name” (that is, the name of the host the system administrator wants to check). Figure 16-1 shows how the output will appear when someone pings the Whitehouse Webserver from a Windows machine. Physical Infrastructure Attacks 248 Figure 16-1. Output from ping command used to locate a host See Also: Internet; Internet Control Message Protocol (ICMP); Linux; Packets; TCP/IP or Transmission Control Protocol/Internet Protocol; UNIX. Further Reading: Silvestri,M.Ping. [Online, 2000.] Wowarea Website. http://www.wowarea .com/english/researches/wg4_ping.htm. Piracy (general term): Copying protected software without authorization; in most jurisdictions, it is considered a crime. See Also: Authorization; Copyright Laws; Digital Millennium Copyright Act (DMCA); Infringing Intellectual Property Rights and Copyright. Plain Old Telephone System (POTS) (general term):The regular analog telephone service, using copper wiring, as opposed to ISDN,ADSL, and other digital phone services. See Also: Internet Telephony;Voice over IP. Plaintext (general term):An email message with no formatting code.The term is also used to describe the unencrypted version of a message. See Also: Code or Source Code; Electronic Mail or Email; Encryption or Encipher. Platform for Privacy Preferences (P3P) (general term):The World Wide Web Consortium (W3C) developed P3P as a standard protocol to enable Web users to take more control over their individual privacy settings. P3P was officially recommended as a standard on April 16, 2002. Further Reading: W3C, The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. [Online, April 16, 2002.] http://www.w3.org/TR/P3P/. Point-to-Point Protocol (PPP) (general term): Is an Internet protocol for connecting computers over a serial line. It is most widely used to connect to Internet dial-up services over telephone lines. Point-to-Point Protocol Over Ethernet (PPPoE) (general term): This technology, documented in RFC 2516, has been adopted by some DSL service providers and combines Ethernet and Point-to-Point Protocol (PPP) standards especially for use with modems having broadband connectivity capabilities. See Also: Ethernet; Modem; Point-to-Point Protocol (PPP). Further Reading: About, Inc. PPPOE. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/library/glossary/bldef-pppoe.htm. C:\WINDOWS>ping www.whitehouse.gov Ping a12389.g.akamai.net [212.105.197.134] with 32 byte Reply from 212.105.197.134: Bytes=32 Time=89ms TTL=55 Reply from 212.105.197.134: Bytes=32 Time=85ms TTL=55 Reply from 212.105.197.134: Bytes=32 Time=87ms TTL=55 Reply from 212.105.197.134: Bytes=32 Time=113ms TTL=55 Ping statistic for 212.105.197.134: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 85ms, Maximum = 113ms, Average = 93ms 249 Point-to-Point Protocol Over Ethernet (PPPoE) Point-to-Point Tunneling Protocol (PPTP) (general term): An early network protocol that enabled the secure transfer of data from a remote client to an organization’s server, establishing a virtual private network (VPN) on top of the Internet or an IP-based local area network. See Also:VPN. Police and Criminal Evidence Act of 1984, Order 2002 (legal term):A British Act updated with changes that took effect on October 14, 2002.The changes allowed an agent appointed by the Secretary of State for Trade and Industry to investigate a serious charge leading to a possible arrest to have the same powers as those given to police in the Police and Criminal Evidence Act of 1984. Prior to 2002, such an agent had to apply to a circuit judge for an order to search for and seize evidence possibly leading to the suspect’s arrest in a given jurisdiction. See Also: Jurisdiction. Further Reading: Crown Copyright. The Police and Criminal Evidence Act 1984 (Department of Trade and Industry Investigations) Order 2002. [Online, September 18, 2002.] Crown Copyright Website. http://www.legislation.hmso.gov.uk/si/si2002/20022326.htm. Polymorphic Virus (general term): A virus that can alter its byte pattern when it replicates, thereby avoiding detectioin by simple string-scanning intrusion detection techniques. See Also: Intrusion Detection System (IDS);Virus. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Poor SUID (general term): Sometimes poor SUID scripts (shell or other programs that Set the UserID to run under another user’s privileges) that perform certain tasks can be run as root. If the scripts are writeable by an id, for example, the scripts can be edited and executed. See Also: id (identity); Shell. Further Reading: NMRC. The Hack FAQ. Unix Local Attacks. [Online, 2004.] NMRC Website. http://www.nmrc.org/pub/faq/hackfaq/hackfaq-29.html. Port and Port Numbers (general term):A port is a communication endpoint for passing data over the network.A port is typically associated with a specific application or protocol. Port 80, for example, is normally used for the http protocol and, therefore,Web traffic. Port 25, as another example, is used for mail transfer. The Well Known Ports are both controlled and assigned numbers by the IANA (Internet Assigned Numbers Authority). They can be used only by root (or system) processes or by programs run by privileged users. Port numbers fall into three distinct ranges: (1) the Well Known Ports; (2) the Registered Ports; and (3) the Dynamic or Private Ports. The Well Known Ports are in the 0–1023 range, the Registered Ports are in the 1024–49151 range, and the Dynamic or Private Ports are in the 49152–65535 range. The complete list of Registered Ports and Dynamic or Private Ports can be found at http://www.codecutters.org/resources/ports.html. System administrators need to know these port numbers very well and must be aware that any application can be executed on any port. From a cracking standpoint, this means that “something” communicating over port 80 is not necessarily an innocent connection between a Point-to-Point Tunneling Protocol (PPTP) 250 browser and a Web server. It might very well be a back door hiding behind this well-known connection—hiding in wait until the cracker decides to exploit the system. See Also: HTTP (HyperText Transfer Protocol); IANA or Internet Assigned Numbers Authority; Network; Protocol; TCP/IP or Transmission Control Protocol/Internet Protocol; User Datagram Protocol (UDP). Port Scan (general term): A port scan or port scanner attempts to connect to all 65536 ports on a server to see whether there are services listening (that is,waiting for connections) on those ports. The purpose of a port scan is to audit network computers for likely vulnerabilities or exploits.Typically, scanners have built-in databases of known port vulnerabilities. A number of network scanners exist. For example, the Infiltrator Network Security Scanner tool reveals and catalogues a number of important security features, such as installed software, Simple Network Management Protocol (SNMP) information, and open ports. It can audit password and security policies and conduct a registry audit, and it includes 18 network utilities for footprinting, scanning, and gaining access to computers via a ping sweep, email tracking, whois lookups, and so on. Also, the port scanner (formerly known as port probe) is a tool for determining the daemons or open ports running on a targeted computer.This tool supports these kinds of scans:TCP Full Connect (the most accurate way to detect open ports); UDP ICMP Port Unreachable Connect; TCP Full/UDP ICMP Combined;TCP SYN Half Open (only for Windows 2003/XP/2000); and TCP Other (only for Windows 2003/XP/2000). The de facto standard in the security industry is a public domain tool called nmap, which is considered to be the “Swiss Army knife” of port scanners because of its versatility. See Also: Network; Ping or Packet Internet Groper; Port and Port Numbers; Scanner;Whois. Further Reading: NorthWest Performance Software, Inc. NetScan Tools Pro Technical Info. [Online, May 18, 2005.] NorthWest Performance Software, Inc. Website. http://www .netscantools.com/nstpro_port_scanner.html; WebAttack, Inc. Infiltrator Network Security Scanner 2.0. [Online, May 18, 2005.] WebAttack, Inc. http://www.snapfiles.com/features/ infiltrator-803-461696.php. Portable Document Format (PDF) (general term): A file format that captures the exact details of a printed, hard-copy document into an electronic document to allow individuals to view, navigate, print, or forward the e-document to another individual. PDF files are made with software such as Adobe Acrobat. Many other programs have included the pdf-file format as a possible output format.To view and use the files, an individual needs a document viewer.Among the freely available viewers,Acrobat Reader is the most popular. It provides an implementation of the latest version of the file format as it is released by Adobe.The program can be easily downloaded from the Internet. After Acrobat Reader has been downloaded, it will start automatically whenever the individual wants to view a PDF file. PDF files are great for viewing magazine pieces, product and service brochures, and academic papers when getting the original graphic look online is important. A PDF file contains a single or many page images with zooming capabilities. The Adobe Acrobat product for making PDF files costs $200–$300. Free alternatives to the commercial 251 Portable Document Format (PDF) product are numerous. An example is PDFcreator (available as a freeware project on sourceforge. net). It is used in the form of a printer driver that plugs into any Windows program, meaning that any program that can generate output for a real printer can also create PDF files. Some features of the full Adobe product—such as the generation of forms—are typically not included in the free alternatives. It is interesting to note that in July 2001, just before he was to give a speech at DefCon 9, Russian Dmitry Sklyarov was carried off by Federal agents and charged with violation provisions in the Digital Millennium Copyright Act. Dmitry’s claim to fame was a software program that he developed and was sold by his Russian employer ElcomSoft Company Ltd. The software allowed users to convert books in Adobe’s copy protected e-book format to the more commonly used PDF format. In short, the Federal agents alleged that Sklyarov made unauthorized copies of e-books. See Also: Download. Further Reading: TechTarget. PDF. [Online, September 9, 2004.] TechTarget Website. http://whatis.techtarget.com/definition/0,,sid9_gci214288,00.html. Portal (general term): Known also as Web portal, is a special kind of Website. The term portal was initially given to large Internet search engines that expanded their offerings to include email, news, stock quotes, and other information tidbits of practical use. Some large companies developed Intranet Websites with a similar approach, giving way to what is now known as “enterprise information” or “corporate portals.”A portal typically has a home page allowing for navigation of loosely integrated features provided by a company’s divisions or by independent third parties and a large, diversified target audience. See Also: Electronic Mail or Email; Internet; Intranet. Further Reading: About, Inc. Portal. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/library/glossary/bldef-portal.htm. Post Office Protocol or POP (general term):What an email user uses to retrieve electronic messages from an email server.The most widely used version is POP3. See Also: Electronic Messages or Email; Server. Poulsen, Kevin (person; 1965– ): In 1988, Kevin Poulsen was indicted in the United States on phone tampering charges. He took over all the telephone lines going into radio station KIISFM, assuring that he would be the 102nd caller and thus the winner of a Porsche 944 S2. He pleaded guilty to the charges. He currently writes for ZDNet and his Web page can be found at: http://www.iss.net/security_center/advice/Underground/Hackers/Kevin_Poulsen/default.htm. See Also: Fraud. Prehistory Era (general term): Defined as the era from the 1800s until 1969, the Prehistory Era included the activities of such math and computing superstars as Ada Byron, Kay McNulty Mauchly Antonelli, the Tech Model Railroad Club hackers at MIT, the early days of Dennis Ritchie and Ken Thompson at Bell Laboratories, and the early years of Rear Admiral Dr. Grace Murray Hopper. See Also: Antonelli, Kay McNulty Mauchly; Byron, Ada; Hopper, Rear Admiral Dr. Grace Murray; Ritchie, Dennis;Thompson, Ken. Portable Document Format (PDF) 252 President Clinton’s Commission on Critical Infrastructure Protection (general term): President Bill Clinton issued Executive Order 13010 in 1996 to set up the President’s Commission on Critical Infrastructure Protection (known as PCCIP).The PCCIP’s role was to examine the burgeoning dependency of the U.S. economy and way of life on critical infrastructures. A set of recommendations by the PPCIP was given to the President in November 1997, and in May 1998 President Clinton ordered two Presidential Decision Directives (PDD) to better protect critical infrastructures. One directive was known as PDD-62 (called Combating Terrorism) and the other as PDD-63 (called Critical Infrastructure Protection). Noting that the government cannot on its own adequately protect critical infrastructures to maintain citizens’ safety and quality of life, the framework selected for optimizing defensive and security activities focused on leadership rather than micromanagement. For example, PDD-63 explained that every federal department and agency would develop its own plan for defending its jurisdiction, and businesses were encouraged to do the same. See Also: Critical Infrastructures; Critical Networks;Terrorism. Further Reading: Ryan, J.The Infrastructure of the Protection of the Critical Infrastructure. [Online, Fall 1998.] The Information Warfare Site. http://www.iwar.org.uk/cip/resources/ pdd63/pdd63-article.htm. Pretty Good Privacy (PGP) (general term): Software used to encrypt and thereby protect email as it is transmitted from one computer to another. PGP can be used for sender identity verification. See Also: Electronic Mail or Email; Encryption or Encipher. Further Reading: MarketingSherpa, Inc.The Ultimate Email Glossary: 180 Common Terms Defined. [Online, 2004.] MaarketingSherpa, Inc.Website. http://www.marketingsherpa.com/ sample.cfm?contentID=2776. Privacy (general term): Freedom from unauthorized access. Privacy issues in the security sense include digital rights management, spam deterrence, anonymity maintenance, and cracker disclosure rule adequacy. Privacy also means being able to maintain a balance between individuals’ privacy rights and those of the government in providing national security. In April 2005, the U.S. government added Canada to its “piracy watch list” and ordered a review of Canadian Intellectual Property Rights (IPR) enforcement measures. The review was apparently fueled by a number of industry complaints alleging that Canada has become a haven for pirated and counterfeit goods, primarily because it and six other countries—the Ukraine, Belize, Latvia, Lithuania,Taiwan, and Thailand—act as channels for pirated goods moving from countries such as China to the U.S. See Also: Intellectual Property (IP); Intellectual Property Rights and Copyright Infringement; Piracy; Security. Further Reading: Grami, A. and Schell, B. Future Trends in Mobile Commerce: Service Offerings, Technological Advances and Security Challenges. Proceedings of Second Annual Conference on Privacy, Security and Trust. University of New Brunswick, New Brunswick, Canada, October 13–15, 2004. [Online, October, 2004.] Privacy, Security, Trust 2004 Website. 253 Privacy http://www.unb.ca/pstnet/pst2004/;McKenna,B.Trade:U.S. Puts Canada on Piracy Watch List. The Globe and Mail, May 2, 2005, p. B1, B4; Whitman, M. and Mattord, H. Principles of Information Security. Boston: Thomson Learning, Inc., 2003; http://www.tascomm.fi/~jlv/ ngtrans/. Privacy Enhanced Mail (general term): Defines a set of methodologies to provide confidentiality, authentication, and message integrity using various encryption methods. See Also: E-Mail; Encryption; Privacy. Further Reading: The Internet Engineering Task Force, Privacy Enhancement for Internet Electronic Mail. [Online, February 1993.] IETF Website. http://www.ietf.org/rfc/rfc1421.txt. Privacy Laws (legal term): Deal with the right of individual privacy, critical to maintaining the quality of life that citizens in a free society expect. Privacy laws generally maintain that an individual’s privacy shall not be violated unless the government can show some compelling reason to do so—such as by providing evidence that the safety of the nation is at risk.This tenet forms the basis of privacy laws in the United States and elsewhere. See Also: Privacy; Risk. Privacy Policy (general term): A clear description of how companies use email addresses and other information they gather when online users opt to be included in requests for company information, newsletters, or third-party deals.U.S. state laws compel companies to not only state their privacy policy on their Websites but also place it where people can plainly see it. State laws may also prescribe the display form for the policy. See Also: Electronic Mail or Email; Privacy. Further Reading: MarketingSherpa, Inc.The Ultimate Email Glossary: 180 Common Terms Defined. [Online, 2004.] MaarketingSherpa, Inc.Website. http://www.marketingsherpa.com/ sample.cfm?contentID=2776. Private Keys (general term): Also known as a secret key and is known just to its creator and, with respect to secure messaging environments, to the receiver of an encrypted message. Private Keys are also used in other areas as well.The secure, remote session protocol ssh relies heavily on the notion of private keys. See Also: Key. Privilege Escalation or Elevation (general term): A classic attack against a system, whereby a user has an account on a system and uses it to gain additional privileges on the system that he or she was not meant to have. See Also: Attack; Exploit. Probe (general term):Any online effort, such as a request, program, or transaction, intended to get data about a computer’s or a network’s state. For example, a person can conduct a probe of the network by sending an “empty” message to determine whether a destination really exists. See Also: Network. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Privacy 254 Problem of Ascertainment (general term): Difficulties obtaining accurate information.Applies to surveys distributed to system administrators inquiring about the suspected identity of crack attackers, the methods they employed, the frequency of system intrusions, the systems affected, and the dollar amount lost as a result of the intrusions.These vital pieces of information, though often difficult to get from companies because they fear misuse of such information by competitors, are used as a basis for determining a given organization’s system risk management strategies. When system administrators try to project the right level of investment in computer security that their company should make, they tend to compare their company’s risk level of “crack attack,” or intrusion, by assessing the reports of organizations having similar computer systems and business characteristics. Because of the problem of ascertainment, precautions should be taken in interpreting such data. First, one needs to accept that it is impossible for survey respondents to give completely reliable answers to such security breach questions. One reason is that an unknown number of crimes go undetected and therefore cannot be reported. Another reason is that even when the crack attacks are detected, few of these incidents are actually reported to authorities. For example, according to the CSI/FBI 2003 Survey, the number of reported incidents is only about 30%. In fact, a commonly held view in the information security community is that only about onetenth of all cyber crimes are detected. See Also: CSI/FBI Survey; Intrusion Detection System (IDS). Further Reading: Schell, B.H. and Martin, C. 2004. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004. Process ID (general term): All software runs within an operating system concept known as “a process,” and each program running on a system is, therefore, assigned its own process ID, or PID. See Also: Operating System Software. Programming Languages C, C++, Perl, and Java (general term): Standardized communication techniques for expressing computer instructions. Programming languages are sets of syntax and semantic rules defining computer programs. In this way, programmers can specify exactly what information a computer will execute, how the information will be transmitted and stored, and exactly what actions the computer should complete under a variety of circumstances. The main purpose of programming languages is to allow programmers to state their intentions for a computation more easily than if they used a lower-level language or code. Thus, programming languages tend to be designed to use a higher-level syntax that can be readily communicated to and understood by programmers and computers alike. Common programming languages include Ada, Basic, C, C++, Pascal, Perl, Python, and Java. See Also: Code or Source Code. Further Reading: GNU_FDL. Programming Languages. [Online, August 11, 2004.] GNU Free Documentation License Website. http://en.wikipedia.org/wiki/Programming_language. Promiscuous Mode Network Interface (general term): In networking terms, a computer having its network interface card set to “promiscuous mode” receives all packets on the same network segment. In “normal mode,” a network card accepts only packets addressed to its MAC Address. 255 Promiscuous Mode Network Interface When the network card is in “promiscuous mode,” it not only accepts all of the packets on the same network segment but also passes them to the OS.This process is helpful for capturing passwords, monitoring networks, and finding malicious packets. Using sniffers, system administrators routinely check whether any network interfaces are set to “promiscuous mode” to discover possible intrusions. See Also: Administrator; Ethernet; Message Authentication Code (MAC); Message Authentication Code (MAC) Address; Network; Password. Further Reading: Eyeonsecurity. About Sniffers—Their (ab)use in Networks. [Online, 2004.] Eyeonsecurity Website. http://eyeonsecurity.org/articles/sniffers.html. Property Paradigm in Cybercrime (legal term): Relates to property harm resulting from cracking exploits.These exploits include such common variations as: • Flooding: A form of cyberspace vandalism resulting in Denial of Service (DoS) to authorized users of a Website or a computer system • Virus and worm production and release: A form of cyberspace vandalism causing corruption and possibly erasing of data • Spoofing: The cyberspace appropriation of an authentic user’s identity by non-authentic users with the intent of causing fraud or attempted fraud, in some cases, and critical infrastructure breakdown, in other cases; • Phreaking: A form of cyberspace theft and/or fraud involving the use of technology to make free telephone calls • Infringing Intellectual Property (IP) rights and copyright: A form of cyberspace theft involving the copying of a target’s information or software without appropriate documentation or consent. See Also: Critical Infrastructures; Cyberspace; Denial of Service (DoS); Infringing Intellectual Property (IP) Rights and Copyright; Phreaking; Spoofing;Virus;Worm. Further Reading: Schell, B.H. and Martin, C. 2004. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004. Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act of 2002 and PROTECT Act of 2003) (legal term):The intent of this Act was to strengthen the U.S. government’s ability to prosecute crimes involving child pornography. The PROTECT Act of 2002 also attempted to extend prosecutorial power beyond U.S. jurisdictions.The Act was sent to the Committee on Judiciary on May 15, 2002. It became public law 108-21 as the Protect Act of 2003 on April 30, 2003. See Also: Child Pornography. Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet. [Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/ legislation/107th/wiretaps/. Promiscuous Mode Network Interface 256 Protected Extensible Authentication Protocol (PEAP) (general term): Pronounced peep. An authentication type for wireless networks that provides a set of unique features, such as strong security, extensibility of the user database, and support for one-time password authentication, as well as the aging of passwords. PEAP is based on an Internet Draft (I-D) to the IETF. See Also: Authentication; Internet Engineering Task Force;Wireless. Protected Mode and Safe Mode (general term): Protected Mode is a modus of operating an Intel Microprocessor in which access control to privileged commands is enabled. Safe Mode is a diagnostic and troubleshooting mode of the Microsoft Windows operating system. Safe Mode skips over the portion of the registry that loads protected-mode device drivers; it also bypasses the Autoexec.bat and Config.sys files. Safe Mode prevents all 32-bit (protected-mode) disk drivers from being loaded except the floppy driver. Protection Ring (general term): One of a hierarchy of privileged modes of an IT system that grants a set of access privileges to applications and processes that are authorized to operate in a given mode. Protocol (general term): A set of rules governing how communications between two programs have to take place to be considered valid. It describes various ways of achieving and operating compatibility. Protocol Stack (general term): In networking, protocols are layered on top of each other, with each layer being responsible for a different aspect of communication. A protocol stack is a particular software implementation of a computer network protocol suite.The suite consists of the protocol definitions, whereas the stack is the software implementation. Protocols within a suite are designed with a very specific purpose, and each protocol typically communicates with two others in the stack.The lowest protocol deals with the low-level physical interaction of hardware, whereas user applications deal with only the uppermost layers. Protocol stacks are generally divided into three parts dealing with applications, transport, and media. See Also: Encapsulation; Network; OSI-Model; Protocol. Further Reading: Wikipedia. Protocol Stack. [Online, May 5, 2005.] Wikipedia Website. http://en.wikipedia.org/wiki/Protocol_stack. Provider Protection (general term, legal ramifications): Provider protection for Internet Service Providers has legal ramifications. For example, to be exempted from copyright infringement liability under the Digital Millennium Copyright Act (DMCA), “the party” must be a “service provider” as defined in the Act. However, the protection afforded Internet Service Providers is limited, and there are a number of rigid legal requirements that must be met. Also, Internet Service Providers who do not fully comply with the stipulated restrictions can lose their protections.Thus, Internet Service Providers should review their Websites to make sure that they are, indeed, compliant with the DMCA rules and regulations. The DMCA covers four categories of services that qualify as “service providers,” many of them broad enough to encompass businesses that may not consider themselves to be such.These categories include: 257 Provider Protection • Transitory communications, whereby the provider routs, transmits, or provides connections for data coming through the network • System caching, whereby the provider temporarily stores data coming through the network • Data storage at the user’s direction, whereby the provider hosts Websites or runs chat rooms, mailing lists, or news groups • Data location tools, whereby the provider is a search engine The overarching rule seems to be simple for companies:When in doubt, comply.Any parties even remotely falling within the scope of the DMCA definitions of “provider” should, as a precaution, register under the DMCA.Without the protection afforded under the DMCA, an Internet Service Provider would have to attempt other defenses when it came to copyright infringement claims—such as “the fair use” policy. One example in which the protection as a Provider did not hold occurred in February 2005, when the Motion Picture Association of America (MPAA) settled a lawsuit against LokiTorrent.com, a Website that the MPAA alleged helps Internet users to find pirated copies of films for download. Edward Webber, the owner of LokiTorrent, agreed to pay $1 million in damages to the MPAA in an out-of-court settlement of the case, after having collected $40,000 in voluntary contributions to his legal defense fund from LokiTorrent’s user base. See Also: Digital Millennium Copyright Act (DMCA); Internet Service Provider (ISP). Further Reading: Hoffman, I. Are You a ‘Service Provider’? [Online, 2001.] Ivan Hoffman Website. http://www.ivanhoffman.com/provider.html; In Brief. Hollywood Settles Download Suit. The Globe and Mail, February 17, 2005, p. B10. Proxy Server (general term):An intermediary system to which a client program (such as a Web browser) connects.The proxy server connects to the destination on behalf of the client. See Also: Browser; Server. Pseudo-Random Number Generator (PRNG) (general term): A random number generator creates a sequence of randomly distributed numbers.A Pseudo-Random Number Generator creates random numbers as well, but it will create the same sequence of numbers repeatedly. Many algorithms have been developed in an attempt to produce truly random sequences of numbers, with the goal of making it theoretically impossible to predict the next number in the sequence, based on the numbers up to a given point. Unfortunately, the very existence of an algorithm that calculates this number means that the next digit can be predicted. For all real applications, PRNGs are considered to be sufficient. PRNGs play a role in encryption schemes that use random numbers as part of the encryption process. It has been shown that weak, predictable PRNGs make the encryption less secure and therefore crackable. Public Data Network (PDN) (general term): A public data network is defined as a network shared and accessed by users not belonging to a single organization.A public data network is set up for public use.The Internet is an example of a PDN. See Also: Internet. Provider Protection 258 Public Key (general term): Public key cryptography uses two mathematical keys that are related. A message encrypted by one key can only be decrypted by the other related key. This notion contrasts with traditional cryptography, now called symmetric cryptography, which uses the same key for encryption as for decryption. See Also: Cryptography or “Crypto”; Decryption or Decipher; Encryption or Encipher;Key. Public Key Infrastructure (PKI) (general term):A system of certificate authorities, digital certificates, and registration authorities that verify and authenticate parties involved in Internet transactions. Because PKIs are evolving, no single PKI or one agreed-upon standard for setting up a PKI exists. However, no one in the security field disagrees that reliable PKIs are critical for ensuring trust in online transactions if electronic commerce (known as e-commerce) is to reach its fullest potential. PKI is also known as “a trust hierarchy.” See Also: Internet;Trust. Further Reading: Jupitermedia Corporation. What is PKI? [Online, October 31, 2001.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/P/PKI.html. Puffer, Stefan Case (legal case): In February 2003, a Texas jury acquitted a computer security analyst by the name of Stefan Puffer, who in March 2002 was accused of wrongfully accessing the Harris County wireless computer network. Stefan Puffer not only discovered the vulnerability in the network but also reported it to the Harris County district clerk’s office, telling those in the office that anyone with a wireless network card could gain access to their sensitive computer information. In fact, Puffer gave authorities a face-to-face demonstration of the vulnerability. Instead of receiving thanks from the Harris County officials for his warning, Puffer was indicted on fraud charges. Though he could have received five years of imprisonment and a $250,000 fine for each offense, the jurors hearing the case found after just 15 minutes of deliberation that Mr. Puffer did not intend to cause any damage to the county’s systems. He was therefore found not guilty of the charges. See Also: Network;Wireless. Further Reading: 2600: The Hacker Quarterly. Man Who Exposed County’s Wireless Insecurity Found Innocent. [Online, February 21, 2003.] 2600:The Hacker Quarterly Website. http://www.2600.com/news/view/article/1546. 259 Puffer, Stefan Case QAZ Virus of 2000 (general term):Though in 2004, the QAZ virus was assessed as being at a low Level 2 threat by Symantec Security Response, the virus (known as W32.HLLW.Qaz.A) was discovered in China in July 2000.The QAZ virus spread over a network through a back door, enabling a remote user to set up a connection to take control over someone’s computer using port 7597. Because this virus could not be spread to machines outside the network, it may have been initially sent by email. The virus, originally called Qaz.Trojan, was renamed W32.HLLW.Qaz.A on August 10, 2000. See Also: Back or Trap Door; Electronic Mail or Email; Network; Port and Port Numbers. Quality of Service (QOS) (general term): As demand for bandwidth in networks continues to grow, the competition between different applications and protocols for these resources will continue to grow as well. Certain applications, such as Voice over IP (VoIP) and Video Conferencing, require guaranteed minima of resources so that users will not experience unacceptable delays or dropouts during their communications.The Internet Protocol in its currently used version 4 does not provide a formal mechanism for applications to reserve these resources on the network.With version 6 of IP—as well as in a number of other network protocols—the notion of Quality of Service has been formally introduced, meaning that a mechanism to solve this problem has been provided. See Also: Internet Protocol;TCP/IP. Quarantine (general term):To isolate files, just as to quarantine sick persons means to isolate them from others in order to stop the spread of disease.Typically, files suspected of containing a virus are put into quarantine so that they cannot be opened or executed. Symantec’s AntiVirus Corporate Edition of software detects suspected files as well as virusinfected files that cannot be patched with current sets of virus-definition remedies. From the “Quarantine” area on a local computer, the quarantined files can be forwarded to Symantec Security Response’s central network quarantine for analysis. If the file is found to be infected by a new virus, updated virus definitions and remedies are returned. See Also: Anti-Virus Software; Malware;Virus. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004]. Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. r Services (general term): Refer to a class of remote tools in UNIX systems.The most popular are “rsh” for a remote shell,“rlogin” for a remote login, and “rexec” for remote execution.These tools were very popular in the pre-Internet era because they were easy to use and could be set up to automate a wide range of system administration tasks.However, security for these tools was weak and data was sent across the network in an unencrypted form. For these reasons, these tools have been widely replaced by their cryptographic counterpart, ssh. See Also: Internet; Shell; UNIX. Radio Frequency Interference (RFI) (general term): Also known as electromagnetic interference. Electric circuits that carry rapidly changing signals, such as data lines, emit an electromagnetic signal. This signal can interfere with—or disturb—signals on other lines. This physical property can be abused by crackers (more properly called phreakers) to block or slow down the communication infrastructure of a target. Rainbow Series Books (general term): Includes technical manuals distinguished by cover color and related to computer security. The first Rainbow series was derived by the National Computer Security Center.These security manuals dealt with evaluating trusted computer systems and appeared between 1988 and 1995. The most prominent one was the Orange Book, upon which most of the other titles in the series expanded. Portions of the series were superseded by the Common Criteria Evaluation and Validation Scheme published by the National Institute of Standards and Technology. See Also: Orange Book;Trust. Further Reading: Gallagher, P. The Rainbow Books. [Online, 1990.] National Computer Security Center Website. http://www.fas.org/irp/nsa/rainbow/tg011.htm. Raymond, Eric (person; 1957– ): In 1996, he wrote The New Hacker’s Dictionary (MIT Press), a book that defined the jargon used by computer hackers and programmers and detailed the writing and speaking styles of hackers. Besides presenting the portrait of J. Random Hacker, the book also provided interesting computer folklore. Raymond’s 2001 book The Cathedral and Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary is required reading for those caring about the computer industry’s future, the dynamics of the information economy, and the particulars of open source. His Website can be found at http://www.catb.org/~esr/. See Also: J. Random Hacker; Linux; Open Source. Record Industry Association of America (RIAA) Legal Cases (general term): Beginning in 2003 and continuing into the present, the Recording Industry Association of America (RIAA) has commenced lawsuits against individuals thought to have violated provisions in the Digital Millennium Copyright Act (DMCA). Sometimes the RIAA has won the legal battles, sometimes not. In September 2003, in a case of mistaken identity, the RIAA withdrew its lawsuit against a sculptor, aged 66, who claimed she and her husband never downloaded song-sharing software or used it numerous times—in alleged violation of the DMCA. Sarah Seabury Ward of Massachusetts said that she and her husband used their computer only to email their children and grandchildren.They did not at any time download songs illegally. The Electronic Frontier Foundation (EFF) assisted the woman in fighting her case. The attorney handling the case argued that the elderly couple used a Macintosh computer—on which the KaZaA file-sharing software they were allegedly using cannot be run.Ward was one of 261 individuals sued by the RIAA for illegal Internet file sharing.The accused illegally shared more than 2,000 music titles, argued the RIAA.The RIAA eventually withdrew their case against Ward, labeling the withdrawal a good-faith gesture. An RIAA spokesperson said that they still believed the computer address provided by Comcast Corporation,Ward’s Internet Service Provider,was correct. An attorney with the EFF said that more cases like Ward’s will probably surface, given the difficulties of identifying IP addresses for particular subscribers. Internet Service Providers such as Comcast do not have enough IP addresses for each subscriber, so they do not assign addresses to users permanently. Instead, providers assign IP addresses dynamically when a user connects to the service. It is not easy to ascertain which addresses are used by which specific account. See Also: Digital Millennium Copyright Act (DMCA); Electronic Frontier Foundation (EFF); Electronic Mail or Email; Internet Service Provider (ISP); IP Address; Online File Sharing; Peerto- Peer (P2P). Further Reading: Mercury News. Music industry drops suit against sculptor accused of downloading rap. [Online, September 24, 2003.] http://www.mercurynews.com/mld/ mercurynews/business/6850484.htm?1c. Recovery or Disaster Recovery (general term): The act of restoring regular business operations as quickly as possible after a natural or man-made disaster. Typically, a set of preventive measures is put in place to ensure that the restoration can be performed in a timely fashion. Redundant (duplicate) hardware, software, data centers, and other facilities are used as standby and backup facilities to which operations can be switched over when the primary ones are wiped out. A number of organizations that were hit by Hurricane Katrina in 2005 found that their backups and backup systems were not far enough removed from their normal sites of operation; they, therefore, suffered destruction of these backups as well. Red Box (general term):When a coin is put into a payphone, the payphone emits tones to the ACTS (Automated Coin Toll System).A red box can fool the ACTS into believing that an individual actually put money into the phone simply by playing the ACTS tones into the telephone microphone. After ACTS hears the simulated tones, an individual can place a telephone call for free.This sort of action mimics what phreakers did to fool the phone system into letting them make calls for free. See Also: Phreaking. Further Reading: The Tech FAQ.What is Red Box? [Online, 2004.] The Tech FAQ Website. http://www.linuxsecurity.com/docs/Hack-FAQ/telephony/red-box.shtml. Record Industry Association of America (RIAA) Legal Cases 264 Red Route (general term): Is one registered with the Internet Routing Registry (IRR) and is configured to be proxied by the route servers but is not announced in a view. It is one of three categories of Internet route states defined by the Policy Analysis of Internet Routing (PAIR) project, an initiative dedicated to the development of tools that ISPs (Internet Service Providers), network operators, and end-users can use to troubleshoot Internet routing and policy problems. The other two categories are green and grey routes. A green route is one that is registered with the IRR, complies with policy, and is proxied by the route servers.A grey route is one that has been received by a route server but is not configured to be proxied in any view. See Also: Internet; Network. Further Reading: TechTarget. Red Route. [Online, July 3, 2002.] TechTarget Website. http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci837125,00.html. Red Team (general term): A military term that refers to a team of experts who focus on penetration testing, assessment, and the design of secure systems.The name actually comes from the game “Capture the Flag,” in which a Blue Team tries to guard the flag—but in this case, the “flag” is sensitive data or a sensitive computer system.The referees are known as the White Team. The annual Cyber Defense Exercise competition was held on May 12, 2005, and the winning team was the U.S. Naval Academy. The competition is meant to assist the participants to better protect the U.S. critical information systems and is sponsored by the National Security Agency (NSA). Each team designs, builds and configures a computer network simulating a deployed jointservice command. The network operations “Red Team” (consisting of NSA and Defense employees) takes four days to identify the vulnerabilities and then crack into each network.The winning team is found to be superior in its ability to detect, respond to, and recover from the network exploits. See Also: Exploit;Vulnerabilities of Computers. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; Onley, D.S. Naval Academy Knows Its Cybersecurity. [Online, May 12, 2005.] Post-NewsWeek Media Website. http://www.gcn.com/vol1_no1/daily-updates/35786-1.html. Registrar, Domain Name (general term): A company licensed to sell Internet names by the Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit corporation created in 1998 to take over a number of Internet-related tasks previously performed by other organizations. See Also: Internet Corporation for Assigned Names and Numbers (ICANN). Registry (general term): An important hierarchical database used in the Windows 9x, ME, NT, 2000, and XP operating system software to store configuration information for applications, hardware, and users on the system. See Also: Operating System Software. Further Reading: Kephyr. The Windows Registry—A definition. [Online, 2004.] Kephyr Website. http://www.kephyr.com/spywarescanner/library/glossary/registry.phtml. 265 Registry Regression Test (general term): Performed on a program after a change was performed to ensure that the modifications are correct and that the changes did not negatively affect the unchanged portions of the program. Regular Expression (REGEX) (general term):A programmer’s “Swiss Army knife” for everything related to pattern matching. With a regular expression, a programmer can search for basically any type of pattern in textual data. Relational Database Management System (RDBMS) (general term): Today’s prevalent type of database management systems. Data are stored in tables that relate to one another in some way. Successful commercial RDMBSs are IBM’s DB2, Microsofts’s SQL Server, and Oracle’s Oracle RDMBS. Many Web services are built around MySQL, an RDBMS available without a license fee. Remanence or Magnetic Remanence (general term):The information that stays behind after storage media are erased.The information remains in the form of traces of the original magnetization of a storage device. Remanence is a treasure trove for forensic investigators who need to determine what was stored on a disk erased by an alleged perpetrator before it could be secured for investigation. Remote Access (general term): A service allowing users to connect to their local network by telephone.When users try to connect remotely, they dial a remote-access server on the network and are thereby given access.To gain access, the request needs to be consistent with the server’s remote access policies, the account needs to be approved for remote access, and the user-server authentication needs to be successful. After users are authorized, their access to the network might be limited to specific servers, subnets, or protocol types, depending on the users’ profiles. Services typically available to users connected to a local area network—file and print sharing,Web access, and messaging—are similarly available to users through remote access connection. Crackers are drawn to poorly configured remote access points, for often they provide an open door into the network—and crackers do not have to worry about security devices at the Internet border.The reality is that although most networks have remote access points, the majority of these do not have enough security. Firms such as Sun Microsystems, Inc., which acquired remote-access software maker Tarantella, Inc. for about $25 million in May 2005, build software programs allowing organizations to access and manage their information and applications across all platforms, networks, and devices. See Also: Authentication; File and Print Sharing; Local Area Network (LAN);Network; Outof- Band Management; Protocol. Further Reading: Habersetzer,V.Thwarting Hacker Techniques: Securing Remote Access Points. [Online, February 25, 2005.] TechTarget Website. http://www.searchSecurity.com/tip/ 1,289483,sid14_gci1062436,00.html?track+NL-358&ad=506214; In Brief. Sun Acquiring Maker of Remote Access Software. The Globe and Mail, May 12, 2005, p. B8; Microsoft Corporation. Planning Distributed Security. [Online, 2001.] Microsoft Corporation Website. Regression Test 266 http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/ techinfo/reskit/en-us/deploy/dgbe_sec_xqlf.asp. Remote Administration Trojans (RATs) (general term):Typically malicious code appearing to be harmless or to be doing proper applications.Trojans tend to be created to cause losses or theft of computer information and are even capable of destroying information systems. RATs let a cracker get unrestricted access to another person’s computer whenever that user is online.The cracker can then do such things as transfer files, add or delete files, and even control the mouse and keyboard.Trojans are usually distributed as email attachments or bundled with another software program. See Also: Code or Source Code; Electronic Mail or Email; Malicious Code;Trojan. Further Reading: Webroot Software, Inc. Spyware Defined. [Online, 2004.] Webroot Software, Inc.Website. http://www.webroot.com/wb/products/spysweeper/spywaredefined.php. Remote Attacks or Exploits or Intrusions (general term):A common way to classify attacks, exploits, or intrusions is to indicate whether they are done remotely by a cracker across the Internet or by a user’s having privileges on the system. It is important to note that remote attacks can be launched by any of the hundreds of millions of people on the Internet—at any time and without first logging on. In a case of remote cracking that occurred in March 2005, Limp Bizkit singer Fred Durst’s home computer was the subject of a remote attack. The cybercriminals made a copy of a 2003 threeminute private video in Durst’s possession. Saying that the video was not meant for public viewing, Durst became visibly upset when the video appeared on at least ten Websites. Durst filed a lawsuit in U.S. federal court, seeking more than $70 million in damages and any profit that the Website operators gained as a result of the video’s appearance on the Web.Though the singer secured copyrights to the video before commencing the lawsuit, he maintains that the Website operators invaded his privacy and misappropriated his name and appearance. See Also: Crackers; Internet. Further Reading: Associated Press.This Just In: Limp Bizkit’s Durst Sues Websites Over Sex Tape. The Globe and Mail, March 10, 2005, p. R2; Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/ hacking-dict.html. Remote Authentication Dial-In User Service (RADIUS) (general term): A network protocol enabling remote access servers to talk with a central server to authenticate dial-in users and grant access to the computer system or service. RADIUS allows an organization to store user profiles in a central location that can be shared by all remote servers.This centralization provides better security by enabling a company to define a policy at a single administered point in the network. See Also: Authentication; Authorization. Remote Data Objects (RDO) (general term): An application program interface (API) from Microsoft Corporation permitting individuals writing Windows applications to get access to the 267 Remote Data Objects (RDO) database. RDO statements embedded in the code use the lower-layer Data Access Objects (DAO) for allowing database access. Databases reply to these requests by writing to the DAO interface. RDO has developed into ActiveX Data Objects (ADO), the program interface that the Microsoft Corporation currently suggests for new programs. ADO not only gives individuals access to nonrelational databases but also is considerably easier to use than RDO. See Also: ActiveX Data Objects (ADO); Code or Source Code. Further Reading: TechTarget. Remote Data Objects. [Online, July 27, 2001.] TechTarget Website. http://searchdatabase.techtarget.com/sDefinition/0,,sid13_gci214261,00.html. Remote Procedure Call (RPC): A sender makes a request via a function, method, or procedure call. RPC then translates these into requests transmitted over the network to the intended destination. A relatively common programming technique available in UNIX since the 1990s and introduced into the Windows family with Windows NT more recently, the RPC receiver processes the request on the basis of a procedure’s name and list of arguments and then sends a response to the sender when this step is completed. RPC applications implement software modules called “proxies” and “stubs” to broker the remote calls and cause them to appear to the programmer to be identical to local procedure calls. Applications making use of RPC programming operate synchronously, meaning that they wait until the remote procedure returns a result. RPC incorporates a “time-out” logic to deal with network failures or scenarios in which RPCs do not return. See Also: Network; UNIX. Further Reading: About, Inc. RPC. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/cs/programming/g/bldef_rpc.htm. Remote Service Crash (general term):Typically caused by a fault in the particular service or daemon software that causes the service to terminate.A remote service crash is initiated or caused over the network. See Also: Daemon. Remote System Crash (general term):Typically caused by a fault in the operating system software that makes it stop working properly, if at all.A remote system crash is caused by a fault or exploited vulnerability in the networking components of the operating system. See Also: Operating System Software. Replay Attack (general term): Using a previously recorded or captured message to attack a computer system or network or to gain access to somewhere one is not authorized to be (a form of identity theft). Many people consider biometrics to be a very secure means of authentication and a rather effective means of fighting off a replay attack.However, the 1983 movie War Games showed how someone can fool cryptographic systems if the systems are created in a naïve and vulnerable manner. For example, a cracker can record an authorized person’s voice and replay it in order to access a system. This replay attack can be enhanced if the cracker uses digitalized information.The 1997 movie Gattaca showed how even more sophisticated DNA-based computer security systems could be fooled. The movie tells a futuristic story about a genetically imperfect man who has an unrequitable need to travel in space, so he takes on the identity of an athlete who is genetically able to pursue the dream. Remote Data Objects (RDO) 268 See Also: Cracker;War Games of 1983. Further Reading: Barmala,C.Attack. [Online, 2004.] Christian Barmala’s Free CA Website. http://ca.barmala.com/attack.en.php#replay; Rees, C. Plot Summary for Gattaca (1997). [Online, May 19, 2005.] Internet Movie Database, Inc.Website. http://www.imdb.com/title/ tt0119177/plotsummary. Request for Comments (RFC) (general term): University and corporate researchers publish RFC documents to get feedback from others regarding new Internet technologies, and many of the most widely implemented networking standards such as IP and Ethernet have been documented in RFCs. The first RFC is thought to have been published in April 1969. Though today the RFC’s plaintext format has remained the same as it was in the early days, as the Internet technologies have evolved, the need for RFCs has markedly decreased. Some RFCs are still being developed for cutting-edge research regarding Internet-based networking, however. See Also: Ethernet; Internet; Internet Protocol (IP). Further Reading: About, Inc. RFC. [Online, 2004.] About, Inc. Website. http:// compnetworking.about.com/library/glossary/bldef-rfc.htm. Resident (general term): A piece of code, whether a regular program or a virus, that is not cleared from memory after its execution.A resident virus loads its replication module into memory and makes sure that the operating system always calls this module when it wants to execute another program, thus allowing the virus to spread. See Also: Means of Infection;Virus. Residue or Residual Data (general term): Also sometimes referred to as “ambient data,” this is data or information that is not actively used on a computer system. Residual data includes data found in unallocated blocks on storage media; data found in the slack space of files and file systems; and data within files that has technically been deleted so that it is not accessible by the application used to create the file.To access any of these three types, one must undelete or use special data-recovery tools. Forensic investigators sift through the residual data to find traces of wrongdoing on computer systems under investigation. See Also: Remanence. Reverse-engineering (general term): Involves analyzing a computer system to identify its components and their relationships.Then, the parts of the system are put together in a different form or at some other abstraction level. Reverse-engineering is often done to redesign a system for increased maintainability or to produce system replicas without having access to the original design. For example, an individual might take the code of a computer program, execute it to review how it behaves with different inputs, and then write a program that performs the same as before, or, preferably, even better. On the Black Hat side of the equation, an integrated circuit might be reverse-engineered by a firm that wants to make unlicensed (and therefore illegal) copies of a hot-selling chip. Researchers who reverse-engineer software to find programming flaws cannot legally publish their findings online in France. During the first week of March 2005, a French court ruled that 269 Reverse-engineering when researcher Guillaume Tena discovered a number of vulnerabilities in the Viguard antivirus software in 2001 and then published his findings online in March 2002, he violated article 335.2 of the Code of Intellectual Property.Though he could have gone to jail for four months, he was set free but was fined 5,000 Euros. See Also: Black Hats; Code or Source Code. Further Reading: Farlex, Inc. Reverse-Engineering.[Online, 2004.] Farlex, Inc.Website. http://computing-dictionary.thefreedictionary.com/reverse%20engineering; Kotadia, M. France Puts a Damper on Flaw Hunting. [Online, March 9, 2005.] CNET Networks, Inc.Website. http://news.com.com/France+puts+a+damper+on+faw+hunting/2100-7350_3-5606306.html. REXEC Protocol (general term): See r Services. RFID or Radio Frequency Identification (general term):A tiny communication chip placeable on just about anything. Some high-tech experts tout it as being the next biggest technological development since the Internet. RFID is particularly exciting to the business community. For example,Wal-Mart and other major retailers in the United States and elsewhere plan to use it to replace the soon-to-be oldfashioned bar code.The reason for RFID use is to reduce inventory losses through theft as well as personnel costs by hundreds of millions of dollars. Moreover, RFID usage is expected to improve just-in-time stocking issues. RFID appears to be consumer friendly. For example, at the Barcelona Baja Beach Club,VIP (Very Important People) customers have embedded chips under their skin so that staff members at the club can treat them with special respect. A volunteer watchdog group in Canada, Britain, the United States, and Australia monitors the accuracy of the old-fashioned bar code scanners in stores.The group began its activities in 2002 to discipline businesses that refused to reimburse consumers when the store bar scanners overcharged them.With RFID, the group may choose to close down their shop. Speaking at the March 1, 2005,Wireless/RFID Conference and Exhibition in Washington, D.C., wireless experts said that the growth of wireless technologies such as RFID chips and nano-scale “smart dust” is not all positive; it has privacy losses as well as consumer-friendly gains. Generally, wireless networks become vulnerable to attack because system administrators fail to properly configure wireless access points with password protection. Also, they tend to use little or no encryption, fail to disable infrared ports and P2P aspects of the wireless networks, and tend to provide little to no private network protection. See Also: Encryption or Encipher; Infrared or IrDA Ports; Internet; Peer-to-Peer (P2P); Wireless. Further Reading: In Brief. Bar-Code Scanner Practices Scrutinized. The Globe and Mail, January 20, 2005, p. B9; Grami, A. and Schell, B. Future Trends in Mobile Commerce: Service Offerings,Technological Advances and Security Challenges. Proceedings of Second Annual Conference on Privacy, Security and Trust. University of New Brunswick, New Brunswick, Canada, October 13–15, 2004. [Online, October, 2004.] Privacy, Security, Trust 2004 Website. http://www .unb.ca/pstnet/pst2004/; Olsen, F. Security Through Layers. [Online, March 1, 2005.] FCW Media Group Website. http://www.fcw.com/fcw/articles/2005/0228/web-wiresec-03-01-05.asp; Ticoll, Reverse-engineering 270 D. RFID:The Tiny Chip That Can Do Just About Everything. The Globe and Mail, July 22, 2004, p. B8. Rhosts Mechanism (general term): The Berkeley rlogin utility allows remote users to obtain access to a system without supplying a password through the .rhosts mechanism, a list of host names and/or IP addresses considered to be trusted. Because it is considered to be highly insecure, experts recommend replacing this service with the more secure and encrypted SSH. If rlogin access is required, the service should be protected by the use of TCP Wrappers. See Also: IP Address; Password; r Services; SSH;TCP Wrappers;Trust. Further Reading: UNIX Systems Support Group. Common Services. [Online, August 16, 2004.] Indiana University Website. http://uwsg.iu.edu/index.php?option=articles&task= viewarticle&artid=15&Itemid=3. Ridge,Tom (person; 1946– ):The first U.S. Secretary of Homeland Security, a position created in October 2001 after the September 11, 2001, terrorist events. Prior to this appointment, Ridge was Governor of Pennsylvania from 1995–2001, was a member of the House of Representatives from 1983–1995, and is a Vietnam combat veteran.Tom Ridge resigned from his post as Secretary of Homeland Security on November 30, 2004 and stayed on the job until February 2005. Ridge, the seventh cabinet member to announce his departure since George W. Bush was reelected U.S. President in October 2004,may be remembered for the heavily ridiculed color-coded terrorist warning system that he introduced, as well as for his comment that duct tape might be helpful in the event of a poison-gas attack.After he left his post, Ridge became a speaker worldwide on the importance of Homeland Security for all nations. For example, in a speech to a Toronto Bay Street audience on May 11, 2005, Ridge rejected recent U.S. complaints that Canada’s security and immigration systems are lax and therefore responsible for helping terrorists invade U.S. borders. He added, however, that Canada and the European Union should develop a unified approach to identifying suspected terrorists, suggesting that biometric scanning is a likely solution. On December 2, 2004, President Bush announced that Bernard Kerik, who directed New York City’s emergency response to the September 11 attacks in his capacity as New York City’s police commissioner, was chosen to assume the leadership role of the Department of Homeland Security. Kerik soon withdrew his nomination, however, and was replaced by federal Judge Michael Chertoff. See Also: Department of Homeland Security (DHS); September 11, 2001,Terrorist Events. Further Reading: CP. Canada’s Doing Its Part on Security, Ridge Says. The Globe and Mail, May 12, 2005, p.A14; GNU_FDL.Tom Ridge. [Online, 2004.] GNU Free Distribution License Website. http://www.wordiq.com/definition/Tom_Ridge;Koring, P. Ridge Quits U.S. Post. The Globe and Mail, December 1, 2005, p. A17; Riechmann, D. Bush Picks Ex-Police Officer as Homeland Security Chief. The Globe and Mail, December 3, 2004, p. A20. Rip (general term): It means to make an illegal copy of a copyrighted work. See Also: Computer Underground (CU); Copyright Laws. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. 271 Rip RIPE (general term): Stands for Réseaux IP Européens and is one of the five regional bodies that administer the IP Address space. RIPE is set up as a collaboration between the European operators of IP networks. See Also: AfriNIC;APNIC;Arin; LatNIC. RIPE MessageDigest (general term): The base class for hashing algorithms in the Java programming language. Implementations of MessageDigest algorithms must extend this class and implement all the abstract methods.The integration of this algorithm into the programming language standard libraries is an example of how higher-level programming languages include security-aware programming features enabling programmers to write better, more secure software. See Also: Algorithm; Hash, One-Way; Java. Further Reading: Sun Microsystems, Inc. Overview Package. [Online, 1999.] Sun Microsystems, Inc.Website. http://java.sun.com/products/javacard/htmldoc/javacard/security/ MessageDigest.html. Risk (general term): In security, its assessment is an attempt to assess or measure the likelihood that a cracker will successfully exploit system or network vulnerabilities. In its 2004 Global Security Survey, Deloitte reported that 83% of respondents confirmed that their companies’ systems had been exploited in some way in 2003—and the percentage is likely higher because of respondent underreporting.These compromised systems cost companies money. For example, in 2002, NetworkITWeek in the United Kingdom noted that KMPG consultants estimated that security breaches cost businesses an average of $108,000. The underlying principle behind risk assessment considers three critical elements: assets, threats, and vulnerabilities. Assets include tangible items having value, such as computer systems, as well as intangible items having value, such as the company’s reputation.Thus, a primary step in risk assessment is to determine the items of value and their approximate value amounts—just as homeowners would determine their items of value and their approximate value amounts in order to buy the appropriate amount of insurance. Threats are defined as the means that could be used by crackers or company insiders to compromise the company’s computer systems.An action plan and appropriate security devices should be employed to counter these threats. Vulnerability assessment indicates the likelihood that an exploit could occur, including where in the system and how. Questions that typically need answering include, for example, the following: Are passwords produced properly and amended regularly? Are systems locked-down and are networks adequately secured? A major challenge facing system administrators is to consider the threats to which valued company assets are vulnerable and determine what security efforts are required—and in what priority—to not only stop possible exploits from occurring but also to be able to quickly and effectively recover from these exploits should they occur. See Also: Administrator; Cracking; CSI/FBI Survey; Exploit;Vulnerabilities of Computers. Further Reading: McLean,D. Companies Neglect IT Security At Their Peril. The Globe and Mail,May 12, 2005, p. B9; Schell, B.H. and Martin,C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004. RIPE 272 Risk Analysis (general term): In an IT security context, it is the process of determining the actual likelihood or risk that an organization’s security will be breached, and what kind of material or immaterial losses will potentially result from such a security breach. Immaterial losses typically describe hard-to-measure losses such as loss of reputation. An example for such a loss would be a successful attack on a bank or financial institution in which data privacy was violated. The risk is typically expressed as a financial risk and used to budget for investments in IT security technology, personnel, and processes; it is similar to insuring against a natural disaster or a theft. See Also: Risk. Ritchie, Dennis (person; 1941– ): In 1969, he and Ken Thompson developed an open set of rules to run computers on the virtual frontier. They called their standard operating system UNIX, and to hackers then and now, it was and is a thing of beauty. See Also: Thompson, Ken; UNIX. ROFL or ROTFL (general term): Chat room talk meaning “rolling on the floor laughing.” Root (general term): In UNIX, it is the superuser or administrator account having complete control over everything in the machine. See Also: Administrator; Superuser or Administrative Privileges. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Root Servers (general term): A group of thirteen servers located throughout the world that are responsible for the basic level of the Domain Name System (DNS). See Also: Domain Name System (DNS); Root. Rootkit (general term): A backdoor Trojan horse hiding behind or within processes and files that can provide crackers remote access to a compromised system. Besides being the name of a specific software tool, the term rootkit is often used in a more general sense to describe a tool providing system administrators access privileges to snoop while avoiding detection. During the week of February 17, 2005, Microsoft Corporation security experts cautioned about a new group of system-monitoring programs, or kernel rootkits, that are nearly impossible to detect using present-day security products.This new generation of rootkits therefore pose a serious security challenge to companies’ systems. Going by names such as Hacker Defender, FU, and Vanquish, these rootkits not only can snoop but also may be creating a whole new group of spyware and worms that can wreak havoc on systems. Experts further feared that online criminal groups would find these to be of extreme interest as a means to commit cyber crimes. See Also: Administrator; Remote Access;Trojan. Further Reading: Roberts, P. RSA: Microsoft on ‘Rootkits’: Be Afraid, Be Very Afraid. [Online, February 17, 2005.] Computerworld Inc. Website. http://www.computerworld.com/ securitytopics/security/story/0,10801,99843,00.html; Symantec Security Response. Rootkit. [Online, November 7, 2003.] Symantec Security Response Website. http://securityresponse .symantec.com/avcenter/venc/data/backdoor.isen.rootkit.html. 273 Rootkit Rotation cipher (general term): A very simple form of encryption. The encryption is performed by shifting the letters of the alphabet by a certain number of places.The cipher Rot13 displaces a character by 13 positions; it was widely used to obscure the content of messages on the Usenet news network. See Also: Encryption. Rough Auditing Tool for Security (RATS) (general term): RATS (not to be confused with RATs, or Remote Administration Trojans) is a set of tools to analyze C and C++ source code for potential security flaws, such as insecure function calls.The tool has not yet reached a state in which it can fix security problems in any automated fashion, but it provides a very good starting point for manual security audits. See Also: Buffer Overflows; Languages. Routers (general term): Specialized computer devices at the border of an Internet-connected network that store a specialized map of the Internet and contribute to this map by informing its neighbors about what it “knows” about its part of the Internet. Internal routers are used to structure larger networks.These contain routing tables representing the internal network structure. Functionally, routers forward data packets to their destinations through the routing process—usually associated with the Internet Protocol. Routing occurs at the layer 3 Network Level of the OSI seven-layer model. Cisco Systems, Inc. and Juniper are two providers of router equipment, and in recent times both have issued advisories regarding vulnerable routing software. For example, on January 27, 2005, Juniper told all M- and T-series router clients using software made before January 7, 2005, to either upgrade the software or risk becoming victimized by a serious security vulnerability that was exploitable either by a device directly attached to the router or by a remote attack. Cited as a “high” risk level, the vulnerability was transmitted to the U.S. Computer Emergency Readiness Team by Qwest. Previously, Juniper had marketed its software as being more stable and more reliable than Cisco’s IOS. On February 16, 2005, Cisco released a fresh line of security products that it claimed could thwart elusive network threats such as phishing, viruses, and DoS attacks.With this news, IT security professionals had both rave but very cautious reviews. See Also: Cisco Systems, Inc.; Denial of Service (DoS); Internet; Network; Phishing;Virus. Further Reading: Duffy, J. Juniper Bitten by Software Bug. [Online, January 27, 2005.] Network World, Inc. Website. http://www.nwfusion.com/edge/news/2005/0127juniper .html; GNU_Free Documentation License. Routers. [Online, May 18, 2005.] GNU_Free Documentation License Website. http://en.wikipedia.org/wiki/Router; Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA: ABC-CLIO, 2004; Storer, A. New Cisco Security Strategy Targets Elusive Threats. [Online, February 16, 2005.] TechTarget Website. http://searchnetworking.techtarget.com/original Content/0,289142,sid7_gci1059436,00.html. Routing and Traceroute Tool (general term): Information is routed through the Internet in small packets, and a traceroute tool can check the path that one packet followed. Rotation cipher 274 To comprehend how routing works and what the traceroute tool does, readers need to understand that all information sent or received on the Internet is just a small piece of the original data. For example, when requestors visit a Website and they want to retrieve a Web page, the server of that Website receives the request for the Web page and sends the Web page to the requestor.The requestor does not receive the whole Web page all at one time; instead, it is divided into little pieces of information called packets.These packets reach the requestor by traveling through the Internet and passing through computers along the way. Each packet is like a letter, in that it has a sender and a receiver. Computers connected to the Internet use a packet-switching technique to transfer packets from one system to another.The packet is, essentially, handled as a “hot potato”; that is, the sending computer (for example, the server of the Website the requestor is visiting) sends it to the closest router.This router receives the packet and looks at the recipient address. If the recipient address belongs to a computer in the same network segment as the router, the router delivers the packet to this computer and the process stops. If the recipient address is not correct, the packet is sent on to the next nearest router. If the recipient address is still not correct, the packet is sent on to the next nearest computer. The cycle continues until the packet reaches the receiver with the correct recipient address. The Web page may pass through routers in several countries before it reaches the right requestor with the right address. Routing tables stored in each router assist in the process of determining the “next nearest” router. Also, if some routers along the way are down, the data will take another active path. Some routers may be found to be too busy or too crowded, so they will take quite some time to respond. For this reason, the traceroute tool was developed.This tool, which can check the path that one packet followed, can be used by system administrators not only to discover the path taken but also ascertain the amount of time the packet took to reach the correct address recipient. Every IP packet has a field named TTL (TimeToLive), which can take values between 0 and 255. Each router processing the packet looks at this value and subtracts 1 from it.This procedure continues until the content of the TTL field is decremented to contain 0 or 1.When the TTL field has reached 0, the router drops the packet. Such a mechanism is needed to keep a packet from traveling on forever, never finding the correct receiver. See Also: Internet; Internet Protocol (IP); Packet;Traceroute and Traceroute Program. Further Reading: Silvestri, M.Traceroute Tools. [Online, 2000.] Wowarea Website. http:// www.wowarea.com/english/researches/wg4_traceroute.htm. Routing Information Protocol (RIP) (general term): An interior gateway protocol specifying how routers exchange information about routing tables. Routers exchange entire tables periodically when they are using RIP. Because this is a rather inefficient process, RIP is currently replaced by the newer Open Shortest Path First (OSPF) protocol. See Also: Open Shortest Path First (OSPF); Protocol. Further Reading: Jupitermedia Corporation. What is Routing Information Protocol? [Online, August 9, 2004.] Jupitermedia Corporation Website. http://www.webopedia.com/ TERM/R/Routing_Information_Protocol.html. 275 Routing Information Protocol (RIP) RSA Public/Private Key Algorithm (general term):The most prevalently used public/private key algorithm. It was invented in the 1970s by Ron Rivest, Adi Shamir, and Leonard Adleman. See Also: Algorithm; Key. Russian FSB (formerly KGB) (general term): President Vladimir Putin recently signed a decree to identify the criteria for reorganizing Russia’s Federal Security Service (FSB).The FSB played a direct part in drafting the decree, a move indicating that most of the proposals made by the counterintelligence service will be accounted for.A number of independent services will be established under the reorganization, as will special subdepartments for combating terrorism and extremism. New organizational decisions are expected to allow Russia’s security services to react more appropriately to contemporary terrorist and cyberterrorist threats. See Also: Cyberterrorism; Intelligence;Terrorism. Further Reading: The Russian Journal Publishing Company.The future of Russian counterintelligence. [Online, July 20, 2004.] The Russian Journal Publishing Company Website. http:// www.russiajournal.com/news/cnews-article.shtml?nd=44715. RSA Public/Private Key Algorithm 276 S (general term): Chat room talk meaning “smiling.” S.1837 (Otherwise Untitled) (legal term): U.S. Senator Robert Torricelli, D-NJ, introduced the bill S.1837 on December 18, 2001, to establish a board of inquiry to review the activities of U.S. intelligence, law enforcement agents, and other relevant agencies regarding their roles and shortcomings in not preventing the terrorist attacks of September 11, 2001. On December 18, 2001, the bill was sent to the Senate committee, was read twice, and was sent to the Committee on the Judiciary. It was not passed in this form. See Also: Intelligence; September 11, 2001,Terrorist Events. Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet. [Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/ legislation/107th/wiretaps/. S/Mime (Secure Multipurpose Internet Mail Extension) (general term):A MIME protocol version supporting message encryption. S/MIME uses the RSA’s public-key encryption as a base technology. See Also: Encryption or Encipher; RSA Public/Private Key Algorithm. Further Reading: Jupitermedia Corporation.What is S/Mime? [Online, February 25, 2004.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/S/S_MIME.html. Safe Frequency (general term): Of backups is the frequency done on a particular computer system at which the maximum possible system loss would be bearable.The safe frequency has to be determined after a thorough risk assessment and an evaluation of what the computing and data assets are worth for a company. See Also: Computer; Risk. Safeguard (general term): A feature, procedure, process, or technique intended to mitigate the effects of intrusion risk but that rarely if ever eliminates all risk. It does reduce risk to some acceptable organizational or institutional level. See Also: Risk. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Sandbox or Sandbox Security Model (general term): Provides an alternative for ensuring that software not coming from the usual trusted sources can be assessed.Thus, the sandbox model lets users accept code from any source. As it is running, the sandbox restricts code from untrusted sources to be able to take actions that could possibly harm a system.The advantage is that users do not need to determine what code they can or cannot trust.Also, they do not need to scan for viruses, for the sandbox prevents any viruses or other malicious code invited into the system from doing any damage they may have been designed to do. Users need to trust software before they run it on their computers, or face the possibility of their experiencing some dire consequences.Traditionally, users have achieved relative security by being careful to use software only from trusted sources and by regularly scanning their systems for known viruses and worms.When viruses or worms have access to a user’s system, they can gain full control. If the virus or software is malicious code, it can cause much damage to the user’s system because no restrictions would be placed on the software by the computer’s runtime environment. See Also: Code or Source Code; Malicious Code. Further Reading: Venners, B. Java’s Security Architecture. [Online, July, 1997.] Artima Software, Inc.Website. http://www.artima.com/underthehood/overviewsecurity2.html. Sanitize (general term): Means to erase a storage device, such as a computer hard drive, so thoroughly that no residual data can be collected from the device. Old computer disks should be sanitized—and not only superficially erased—before they are thrown away in order to avoid the possibility that a cracker can obtain any valuable information from scavenging through an organization’s garbage (electronic dumpster diving). See Also: Remanence; Residue. SANS Institute (general term): Likely the largest information security training and certification source in the world. The SANS Institute develops, maintains, and makes available for free an impressive collection of research documents about information security.The SANS Institute also operates the Internet’s early-warning system known as the Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was started in 1989 as a research and education organization. Today, its programs get to more than 165,000 auditors, Chief Information Officers (CIOs), network administrators, and security professionals who share with each other lessons they have learned about information security.They try to find solutions to the cyber challenges they encounter. The SANS Institute shared resources include a weekly vulnerability digest (@RISK), the weekly NewsBites news digest, the Internet Storm Center warning system for the Internet, flash security alerts, and more than 1,200 award-winning research papers. During the first week of May 2005, for example, the SANS Institute warned that in the first quarter of 2005, more than 600 new system vulnerabilities were detected, including flaws in products by Microsoft Corporation, Computer Associates, Oracle, McAfee and F-Secure, Trend Micro, Symantec Corporation, and some relatively new “players” such as RealPlayer, iTunes, and WinAmp. See Also: Administrator; Network; Security; Symantec Corporation; Vulnerabilities of Computers. Further Reading: Brenner,B. SANS: Security Software, Media Players Increasingly Vulnerable. [Online,May 2, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/originalContent/ 0,289142,sid14_gci1084324,00.html?track=NL-358&ad=513148; The SANS Institute. About SANS. [Online, 2004.] The SANS Institute Website. http://www.sans.org/aboutsans.php. Scanner (general term): Uses rules to scan for vulnerabilities on the network, computer system, application program, or Web-based service, typically working with a list of known vulnerabilities. Some Web-application scanners scan for vulnerabilities within applications. See Also: Network; On-Access Scanner; On-Demand Scanner;Vulnerabilities of Computers. Sandbox or Sandbox Security Model 278 Scavenging Technique (general term): Used by crackers who dial up to the Internet hoping to find connections left dangling when somebody else abruptly hung up.They can then exploit the connections.The term is also used to describe the activity of hunting for Residual Data on erased devices. See Also: Crackers; Residue; Sanitize; Internet. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Schifreen, Robert (person): See Gold, Steven and Schifreen, Robert Case. Schneier, Bruce Books (general term): A well-respected cryptographer who has written a number of books, including Beyond Fear (2003), Secrets and Lies: Digital Security in a Networked World (2000), and Applied Cryptography: Protocols, Algorithms, and Source Code in C (1995). See Also: Algorithm; Code or Source Code; Cryptography or “Crypto.” Schwartz, Randal Case (legal case): A case illustrating that some judgment mistakes can cause a system administrator to become a convicted felon. Randal Schwartz started his career at the Intel Corporation in early 1988 and left at the end of 1993. During Schwartz’s employment at Intel iWarp (a part of Intel’s Supercomputer System Division, or SDD), he recommended to the company that it keep its systems secure by following some standard procedures such as using good passwords.To this end, in 1991 Schwartz began checking passwords by running a software program known as “crack,” distributed by CERT. It attempts to crack a set of passwords found in a UNIX /etc/passwd file. In 1991, Schwartz was no newcomer to “crack”; he served as a beta-tester for its version 3. As part of his job at Intel iWarp, Schwartz gave security training courses to individuals in other firms. Many of these courses focused on Perl, a popular programming language at that time. Because much of his job involved travel, Schwartz set up various ways to read his email at Intel iWarp when off-site.This seemed to be a wise move because starting in late 1993, he was responsible for setting up DNS (Domain Name System) servers for the company. In late 1993, while working for Intel’s SGI division as a system administrator, Schwartz ran the “crack” software on the password file of an SGI computer in his previous division where he still had an account. Schwartz decided to investigate the problem further by testing the password file of the central set of systems at the SSD division, but he thought that he would wait until he had final study results before telling SSD officials what he was doing. One of his staff members noticed that Schwartz was running “crack” and told his manager, who reported the incident to those at the top of the firm.When word reached the top, corporate leaders began to think that Schwartz was a corporate spy. Soon thereafter, the police arrived at Randal Schwartz’s house, took all his computer equipment, and pressed charges under an Oregon law for altering or transporting computerized information. Because the district attorney viewed Schwartz’s moving a password file from one of Intel’s computers to another to be at least transporting, Schwartz was charged on March 14, 1994, with three criminal felony counts—even though the district attorney never alleged that any information ever left Intel’s premises. In September 1995, after a jury trial, Schwartz was given five years of probation, 480 hours of community service, 90 days of initially deferred and then suspended jail time, and he was 279 Schwartz, Randal Case ordered to pay Intel Corporation $68,000 in restitution. On appeal, the court upheld the conviction on all counts but reversed the restitution order, sending it back to the original court for reconsideration. See Also: Administrator; Cracking; Domain Name System (DNS); Server. Further Reading: Pacenka, S. Computer Crime. [Online,April 8, 2001.] Lightlink Website. http://www.lightlink.com/spacenka/fors/; Quarterman, J. System Administration as a Criminal Activity or, the Strange Case of Randal Schwartz. [Online, September, 1995.] MIT Computer Science and Artificial Intelligence Laboratory “Project Mac”Website, http://www.swiss.ai.mit .edu/6095/articles/computer-crime/schwartz-matrix-news.txt. Screensaver (general term): A program that is activated by the operating system after a predetermined period of inactivity by the user. A screensaver serves two goals: By blanking the screen or displaying a constantly-changing pattern, the screensaver avoids the burn-in effect on the screen’s photo-sensitive layers, through which a pattern displayed for longer periods of time remains visible as a ghost image on the screen.The second goal is to lock the access to the computer system after a period of inactivity. Users who return to their workstations have to enter their password to regain access to the computer. Scriptkiddie or Newbie (general term): Inexperienced crackers who rely on prefabricated software to perform computer exploits. See Also: Crackers; Exploit. Scripts (general term): Programs consisting of instructions for an application.Thus, scripts usually have instructions expressed with the application’s syntax and rules.Typically, scripts contain simple control structures. A scripting language is not compiled into machine code but interpreted “on the fly” by a script interpreter, which makes scripting languages slower than compiled languages. Scripting languages are popular among system administrators, primarily because they incorporate many of the tools and syntactical elements that the administrator is already familiar with. In fact, the command-line interpreters in Windows and in UNIX are scripting language interpreters also featuring an interactive mode—the command prompt or shell. See Also: Administrator; Shell; UNIX. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Se7en Controversy (general term): A self-proclaimed hacker with a charismatic pseudonym whose real name is Christian Valor. Valor created controversy when in the late 1990s he conducted an alleged vigilante campaign against online pedophiles. However, some in the Computer Underground believe that he never did this because, they say,Valor lacks the required hacking skills. See Also: Hacker; Computer Underground (CU);Vigilante. Further Reading: Silberman, S. Kid-Porn Vigilante Hacked Media. [Online, February 8, 1999.] Wired Magazine Website. http://www.wired.com/news/culture/0,1284,17789,00.html. Search Engine (general term): Existing in a variety of types, all search engines procure information but organize it in a variety of unique ways, which is why there are so many different Schwartz, Randal Case 280 search engines. At a basic level, a search engine is one of two things: a Robot or a Directory. Though some search engines combine features of both, most are predominantly either Robots or Directories. A Robot uses a software program to search, catalog, and then organize information on the Internet. Organization of data can be completed in a number of ways—including through a harvester, robot, spider, wanderer, and worm—and employing diverse ways of searching Websites to gather data. Directory search engines do not search on the Internet for information but rather obtain it from individuals who enter it into the search engine’s database. Because each Directory has its own means to categorize information, multitudes of them exist. In March 2005, Google, Inc., a popular search engine, released its first official version of its free software for finding information stored on computer hard drives.The software scours hard drives for information contained in Adobe Acrobat’s portable document format (known as PDF), and it scours music, video files, and email content. On Saturday, May 7, 2005, the Google, Inc. search engine went down from 6:45 p.m. until 7:00 pm. Eastern Time. Google spokesman David Krane said that the problem was not a crack attack, as many people thought, but a problem related to the DNS or Domain Name System. He did not elaborate. See Also: Bot or Robot; Domain Name System (DNS); Internet. Further Reading: Churilla, K. Secrets of Searching the Web & Promoting Your Website. [Online, 2004.] Gocee Company Website. http://www.gocee.com/eureka/e_sedef.htm; Google Admin. Google Down? Getting 404! Google Hacked? [Online, May 9, 2005.] Search Engine Forums Website. http://www.submitexpress.com/bbs/post-1601.html&highlight=&sid= cdfcb4b3aa56cdca7df35ed920dd8079; In Brief. Google’s Official Desktop Search Software Released. The Globe and Mail, March 10, 2005, p. B10. Secure HTTP (general term): Abbreviated S-HTTP. Developed in 1995 and extends the HTTP protocol, having as its primary function the transmitting of data in a secure way over the World Wide Web. Not all Internet browsers and servers understand S-HTTP. See Also: HTTP (HyperText Transfer Protocol); Protocol;World Wide Web (WWW). Secure Sockets Layer (SSL) (general term):A network protocol running on top of TCP/IP that assists in improving the safety of Internet communications and serves as a standard for encrypted client/server communications between network devices. SSL and S-HTTP have uniquely different designs and goals, so it is actually possible to put together the two protocols. Whereas SSL has been developed to create a secure connection between two systems, S-HTTP has been developed to securely transmit individual messages. SSL uses different kinds of network security techniques, such as certificates, public keys, and symmetric keys.Websites typically use SSL to safeguard the transmission of an individuals’ personal information such as banking account numbers and credit card numbers. Moreover, both SSL and S-HTTP have been sent to the Internet Engineering Task Force (IETF) to be approved as a standard. See Also: HTTP (HyperText Transfer Protocol); Internet; Internet Engineering Task Force IETF);TCP/IP or Transmission Control Protocol/Internet Protocol;World Wide Web (WWW). 281 Secure Sockets Layer (SSL) Further Reading: About, Inc. SSL. [Online, 2004.] About, Inc.Website. http://compnet working.about.com/cs/securityssl/g/bldef_ssl.htm; Jupitermedia Corporation.What is S-HTTP? [Online, October 7, 2002.] Jupitermedia Corporation Website. http://www.webopedia.com/ TERM/S/S_HTTP.htm. Secure Transactions (general term): Secure Web transactions are increasingly commonplace. If anyone has ever ordered a book, a CD, or any other product or service over the Web (say, through Amazon.com), he or she likely utilized a secure transaction system.The e-commerce company Amazon.com processes thousands of secure e-transactions daily. As do most secure e-commerce Websites, Amazon.com encrypts confidential information with the Secure Sockets Layer (SSL) technology as it is transmitted between the consumer’s Web browser and the online company’s Web server. No computer system can be assumed to be completely secure.Therefore, one needs to understand that security in an e-commerce sense is best defined in terms of acceptable risk—meaning that the consumer must feel comfortable that his or her personal information will be relatively safe from inappropriate use after it is sent online as part of the transaction. Moreover, acceptable risk means that the company operating the server must be confident that it can defy internal and external exploits. Because of concerns regarding e-commerce secure transactions, on February 9, 2005, XRamp Technologies announced that it is now issuing 256-bit digital SSL technology certificates that function with browsers and servers capable of the 256-bit Advanced Encryption Standard (AES). Besides working with the frequently used Mozilla Firefox Web browser, the SSL technology certificates are backward compatible—able to provide encryption for software not meeting this standard. See Also: Advanced Encryption Standard (AES); Exploit; Risk; Secure Sockets Layer (SSL); Security. Further Reading: Cahoon, B.What Are Secure Web Transactions? [Online, May 28, 1998.] Technology Expo ’98 Website. http://www.arches.uga.edu/~cahoonb/techexpo/security.html; XRamp Technologies, Inc. XRamp Offers the Industry’s First 256-Bit Secure Server Certificates. [Online, February 9, 200.] XRamp Technologies, Inc.Website. http://list.windowsitpro.com/ t?ctl=3E11:4FB69. SecureID (general term): A system involving a small, portable device generating a one-time password at set intervals (for example, one minute) and a software component on an access device synchronized with this password-generation mechanism. A user gets access to the system when he or she enters the password displayed on the portable device. Carrying the portable device around (such as in the form of a key ring attachment) is more comfortable than carrying a one-time password list, but it serves the same purpose. See Also: One-Time Password; Password. Further Reading: Experts Exchange LLC. Solution Title: Can you do one time passwords ala SecureID on Linux? [Online, August 16, 2004.] Experts Exchange LLC Website. http://www .experts-exchange.com/Security/Linux_Security/Q_20647635.html. Security (general term): Having protection from one’s adversaries, particularly from those who would do harm—intentionally, or otherwise, to property or to a person. Information Secure Sockets Layer (SSL) 282 Technology security issues include but are not limited to authentication, critical infrastructure protection, disaster recovery, intrusion detection and network management, malicious code software protection, physical security of networks, security policies, the sharing of rights and directories, and wireless security. Security breaches occur daily, with some of them making media headlines and embarrassing the targeted companies or agencies. On January 30, 2005, for example, a security incident occurred that brought considerable embarrassment to the Dutch armed forces. About 75 pages of highly classified documents about human traffickers from the computers of the Dutch Royal Marechaussee (the armed forces contingency that guards the Dutch borders) somehow found their way to the controversial weblog Geen Stijl (meaning “No Style”). The conjecture is that a Dutch armed forces staffer worked on the documents at home and unwittingly shared the contents of his computer’s hard drive to numerous others when he logged onto KaZaA—which is unsecure. This was not the first time that the Dutch have made media headlines over computer security issues. In 2004, the Dutch public prosecutor’s office was equally embarrassed after it was publicized that the prosecutor threw his old PC into the trash, making available for public scrutiny his hard drive with hundreds of pages of classified data on high-profile Dutch crimes— as well as his own credit card numbers and personal tax file information. As a result, the prosecutor resigned from his job. See Also: Harm to Property. Further Reading: Estala, A. Internet Protocol Version 6 (IPv6). The Next Generation. [Online, March 9, 1999.] Geocities.com Website. http://www.geocities.com/SiliconValley/ Foothills/7626/defin.html; Grami,A. and Schell, B. Future Trends in Mobile Commerce: Service Offerings, Technological Advances and Security Challenges. Proceedings of Second Annual Conference on Privacy, Security and Trust. University of New Brunswick, New Brunswick, Canada, October 13–15, 2004. [Online, October 2004.] Privacy, Security, Trust 2004 Website. http:// www.unb.ca/pstnet/pst2004/; Lehtovirta, J. Transition from IPv4 to IPv6. [Online, 2004.] Tascomm Engineering Oy Website. http://www.tascomm.fi/~jlv/ngtrans/; Libbenga, J. Classified Dutch Military Documents Found on P2P Site. [Online, January 30, 2005.] Reg SETI Group Website. http://www.theregister.co.uk/2005/01/30/dutch_classified_info_found_on_kazaa/. Security Account Manager (SAM) (general term): On Microsoft Windows 2000 and NT, user account data is stored within the SAM, which is actually just one file on the disk. SAM is a primary target for crackers. Given that SAM is stored in both an original and a repair version, crackers tend to seek the “repair” version because it is not locked by the operating system. See Also: Crackers. Security Administrator Tool for Analyzing Networks (SATAN) (general term): Dan Farmer and Wietse Venema designed this security tool to assist system administrators in recognizing a number of network-related security problems. SATAN, though a UNIX-based tool,was first designed for SunOS/Solaris and Irix.Today, ports to many other varieties of UNIX now exist, including one for Linux—thereby permitting any individual with a Personal Computer and a Slip/PPP account to get information provided by SATAN (which normally requires root access for execution). 283 Security Administrator Tool for Analyzing Networks (SATAN) As noted, though SATAN is a UNIX-based tool, it can be configured to scan most networks. SATAN works by procuring as much data as possible about system and network services—such as finger, ftp, NFS, and rexd. SATAN also procures data on known software glitches, network configurations, and poorly set up network utilities. On vulnerabilities discovered, SATAN gives rather limited data on fixing the problem, but despite this limitation, it is a useful tool for testing single computers or entire networks. Its successor, known as SAINT, is also on the market. See Also: Administrator; File Transfer Protocol (FTP); Linux; Network File Systems (NFS); REXEC Protocol; Root; UNIX. Further Reading: Computer Incident Advisory Capability (CIAC). Network Monitoring Tools. [Online, 2004.] CIAC Website. http://ciac.llnl.gov/ciac/ToolsUnixNetMon.html #Courtney; The Center for Education and Research in Information Assurance and Security (CERIAS). Info About SATAN. [Online, June 2, 1995.] CERIAS Website. http://www.cerias .purdue.edu/about/history/coast/satan.php. Security Kernel (general term):The part of a computer that realizes the fundamental security procedures for controlling access to system resources. In the formal conceptual framework of a Trusted Computing Base, the security kernel implements the reference monitor. See Also: Access Control; Operating System. Security Policy Checklist (general term): A checklist developed by security experts using questions dealing with a number of security issues. But before detailing the questions (which is not a complete listing), this overriding question needs to be answered by organizations having security policy checklists: Are all of the items on the checklist distributed to all employees and fully understood? Take, for example, the following items: • Administrator rights and responsibilities: Under what conditions may a system administrator examine an employee’s account or his or her email, and what parts of the system should the system administrator not examine (for example, Netscape bookmarks)? Can the system administrator monitor network traffic, and if so, what boundaries exist? • Backups:What systems are backed up, and how often? How are backups secured and verified? • Connections to and from the Internet: What computers should be seen from the outside? If computers are outside the firewall (bastion hosts), how securely are they separated from computers on the inside? Are connections from the Internet to the internal network allowed and, if so, how are they authenticated and encrypted? What traffic is allowed to go outside the internal network? If there is traffic across the Internet, how is it secured, and what protection is in place against worms, viruses, or hostile java applets? • Dial-up connections:Are dial-up connections allowed, and if so, how are they authenticated and what access level to the internal network do dial-up connections provide? How are modems distributed in this company, and can employees set up modem connections to their home or desktop computers? • Documentation: Does a map of the network topology exist, and is it clearly stated where each computer fits on that map? Is there an inventory of all hardware and software, and does a document exist detailing the preferred security configuration of every system? Security Administrator Tool for Analyzing Networks (SATAN) 284 • Emergency procedures:What kinds of procedures exist for installing security patches or handling exploits? In cases of system intrusion, is it company policy to shut down the network immediately, or does the company prefer to monitor the intruder for a while? How and when are employees notified of exploits, and at what stage and at what time are law enforcement agencies called in? • Logs: What information is logged, and how and where? Are the information logs secure from tampering, and if so, are they regularly examined, and, if so, by whom? • Physical security:Are systems physically protected from outsider crackers and adequately secured, where needed, from insider crackers? Are reusable passwords used internally or externally, and are employees told through company policy to change their passwords routinely? • Sensitive information: How are sensitive and proprietary information protected online, and how are backup tapes protected? • User rights and responsibilities: How much freedom do employees have in terms of selecting their own operating system, software, and games for their computers, and can employees in our company send and receive personal email or do personal work on company computers? What policies exist regarding resource consumption (for example, disk or CPU quotas) and abuse (accidental or intentional) of services? What penalties exist, for example, if an employee brings down a server? See Also: Administrator; Electronic Mail or Email; Firewall; Internet; Logs; Modem; Password. Further Reading: Queeg Company. Security Policy Checklist. [Online, October 6, 1997.] Queeg Company Website. http://queeg.com/~brion/security/secpolicy.html. Security Zones (general term): Internet Explorer divides the Internet into these so that users can assign a Website to zones having suitable security levels. Users can ascertain which zone any Web page is in by viewing the right side of the browser’s status bar.When a user tries to download information from any Website, Internet Explorer reviews the security configuration for that site’s zone.The four zones are as follows: • Local Intranet zone: Has addresses not requiring a proxy server, and the addresses here are configured by the system administrator in the Internet Explorer Administrator’s Kit (IEAK). By default, the security level of this zone is Medium. • Trusted site zone: Has sites that users should be able to trust, meaning that they should be able to download or run files without worrying about damage being caused to their computer or information. Users can assign sites to this zone, whose default security level is Low. • Restricted site zone: Has sites that users would not trust because they cannot be sure that they could download or run files without damaging their computers or information. Though users can assign sites to this zone, it defaults to the High security level. • Internet zone: Has information not on the user’s computer, not on an Intranet, and not assigned to any other zone.This level’s default security level is Medium. 285 Security Zones See Also: Administrator, Browser; Internet. Further Reading: Prescription Pricing Authority.What are Security Zones? [Online, 2004.] Prescription Pricing Authority Website. http://www.ppa.org.uk/help/www/int00290.htm. Seepage (general term): The inadvertent distribution of data through uncontrolled holes (or leaks) in the security perimeter.The leak occurs because of a lack of proper security procedures, or because of lax enforcement of such procedures. Employees may not be aware of the potential damage that they cause when sending proprietary information outside of the organization. Further Reading: Beaver, K. Don’t Spring a Leak. Information Security, [Online, Jan 2006], http://informationsecurity.techtarget.com/magPrintFriendly/0,293813,sid42_gci1154838,00. html. Segments Internal Networks, Isolation, and Separation (general term): Internal networks are split into logical segments so that they can be isolated and separated. Initially, these segments were introduced to contain and limit network traffic and to save bandwidth. Now, segmented networks serve as additional elements in a comprehensive security architecture. Additional Firewalls can be introduced between network segments. As a case in point, a financial accounting department’s network might be tightly controlled and not even be accessible from other internal locations. Should one of the internal systems be compromised by crackers, the intruder would face additional barriers before he or she could brag about “0wning” the complete network or having access to the “crown jewels.” See Also: Firewalls; Network; 0wn. Sendmail (general term):Widely used program that implements the SMTP mail delivery protocol on most UNIX and Linux systems. If someone’s ISP delivers email using SMTP, it is important to configure sendmail correctly to avoid “bouncing” email. If sendmail does not know a particular user name, it will reject the email and deliver the error message “550 User unknown.” As with regular land mail, when a recipient is not known because of a wrong or changed address, the land mail will be returned to the sender. The same principle applies to email. Bouncing wanted email is considered to be a beginner system administrator’s mistake by more seasoned experts, especially when it is from a mailing list. Bouncing wanted email can occur when connecting UNIX to the Internet for the first time. These techniques can increase the chances that correctly addressed email is accepted by sendmail. Make sure that: any user name to which email is addressed is defined as a UNIX user, any name used on email is defined as an alias to UNIX users, and email addressed to unknown user names is redirected to defined UNIX users. See Also: Electronic Mail or Email; Internet Service Provider (ISP); Simple Mail Transfer Protocol (SMTP); UNIX. Further Reading: Kempston Webmaster.Solaris Resources at Kempston. [Online, February, 1, 2000.] Kempston Website. http://www.kempston.net/solaris/configsendmail2.html. Sensepost (general term): A South African IT security consulting company as well as the handle of one of its founders, R.Temmingh.This person is a well-respected security professional and frequent speaker at IT security conferences.At the 2005 DefCon hacker gathering, he presented a tool to automate network assessments called “BiDiBLAH.” At the July 2004 Black Hat Security Zones 286 Briefings in Las Vegas, Sensepost’s entertaining and content-rich talk was entitled, “When the Tables Turn.” At the July 2003 DefCon hacking convention, he spoke about vulnerabilities in critical infrastructures. The company Website can be found at http://www.sensepost.com/ company_profile.html. See Also: Black Hat Briefings, DefCon. Sensitive (general term): Certain parts of an organization’s data or information is classified as this; if there is concern about a loss of data or about access to this data by an unauthorized party, resulting in some damage to the organization. Separation of Duties (general term):This principle prevents any part of the computer system from being under the control of a single person. Every duty or transaction therefore requires multiple people to be involved, with tasks being split among them. In banking, this idea has long been part of the security features of the financial community as a means to control fraud and theft. Now the same concept is applied to computer systems and information security practitioners. See Also: Computer; Fraud. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. September 11, 2001, Terrorist Events (general term): The events that took place in the United States on September 11, 2001, had a profound impact worldwide and enhanced citizens’ fears about both terrorism and cyberterrorism.Within minutes, two passenger jets controlled by terrorists of the al-Qaeda network crashed into the twin towers of the World Trade Center in Manhattan and a third crashed into the Pentagon in Washington, D.C., causing one side of the five-sided structure to collapse. Shortly thereafter, a fourth jet crashed in a field about 120 kilometers southeast of Pittsburgh. The latter crash was diverted by passengers on the jet from its intended target: the U.S. Capitol. Prior to this event, the media headlines in the United States tended to focus on crackers’ exploits—and incorrectly labeled the cybercriminal arm as “hackers.” Also, the FBI focused on the exploits of hackers and crackers alike, often seeing both camps as major criminals in society. After the September 11 event, media headlines in the United States and elsewhere—as well as the attention of the FBI—turned sharply toward terrorists and considerably away from hackers.This movement was visible in the anti-terrorist laws that were quickly passed in the United States following the September 11 event. See Also: Crackers; Hacker;Terrorists;Terrorist-Hacker Links. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Server (general term): A computer program carrying out some task on behalf of a user, such as delivering a Web page or sending email messages. Computers on which these server applications are found are also called servers. Servers have often been the focus of computer security attacks. For example, on March 8, 2005, a security researcher announced in an advisory that Microsoft Corporation’s newest operating systems are vulnerable to Denial of Service (DoS) attacks. In particular, researcher Dejan Lavaja said that Windows Server 2003 and XP Service Pack 2 (with the Windows Firewall not 287 Server on) could suffer from LAND attacks—remote DoS incidents created when a packet is sent to a computer on which the source host/port is the same as the destination host/port. Using reverseengineering tools, this researcher discovered that just one LAND packet transmitted to a file server could result in “frozen”Windows Explorers on all the workstations connected to that server. In fact, warned Lavaja, because of this vulnerability the network could totally collapse. Soon thereafter, however, a spokesperson for the Microsoft Corporation said that although the vulnerability exists, the adverse impact of such an attack would result only in the computer’s running sluggishly for a brief period. Users were cautioned to filter traffic with the same IP source and destination address. See Also: Denial of Service (DoS); Electronic Mail or Email; Host; Node; Packet. Further Reading: Naraine, R. Old-School DoS Attack Can Penetrate XP SP2. [Online, March 8, 2005.] Ziff Davis Publishing Holdings Inc.Website. http://www.eweek.com/article2/ 0,1759,1773958,00.asp. Severity (general term):The level assigned to an intrusion incident. Sex Crimes Wiretapping Act of 2001 (legal term): Introduced by U.S. Representative Nancy Johnson, R-CT, on May 16, 2001, the Sex Crimes Wiretapping Act of 2001 was intended to change Title 18 of the United States Code so that sexual crimes with minors as targets would be classified as “predicate crimes for the interception of communications.” On May 22, 2002, this Act was sent to the Senate Committee, was received in the Senate, and was sent to the Committee on the Judiciary. It was not passed in this form. See Also: Child Pornography. Further Reading: Center for Democracy and Technology. Legislation Affecting the Internet. [Online, July 28, 2004.] Center for Democracy and Technology Website. http://www.cdt.org/ legislation/107th/wiretaps/. Shared Drives (general term): Disk drives that are accessible from other computers under the Microsoft Corp. operating system software. In UNIX terminology, the concept is known as “exported” file system. See Also: Network File Systems (NFS); Operating System Software; UNIX. Further Reading: Symantec Security Response. Glossary. [Online, July 15, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/refa.html. Shaw, Eric Team (general term): Eric Shaw, along with his colleagues J. Post and K. Ruby, undertook an innovative 1999 research study to help define the traits and personality profiles of insider crackers, those existing within corporate and government agency walls.The Eric Shaw research team found that insider crackers tend to be introverted individuals with a history of significant family problems in early childhood. They also tend to have an online computer dependency that significantly interferes with or replaces their direct social and professional interactions in adulthood. Insider crackers also seem to have an ethical flexibility allowing them to justify their exploits, and they were found to have a stronger loyalty to their computer specialty than to their employers. Moreover, the Eric Shaw research team found that insider crackers have a sense of entitlement; they think that they are special and thus owed the recognition, privilege, or exception to the normative rules governing other employees with regard to online behaviors. Server 288 See Also: Crackers; Hacker; Insider Hacker or Cracker. Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Shell (general term):The default command-line interface on UNIX systems. See Also: UNIX. Shell Metacharacters (general term): Characters used for input or output in UNIX shells having special meaning. For the shell, these include wildcards, quotes, and logical operators. See Also: Shell. Further Reading: Currie, M. Glossary. [Online, January 9, 1998.] University of Leeds Computer Based Learning Website. http://www.starlink.rl.ac.uk/star/docs/sc4.htx/node75 .html. Shellcode (general term): Code or code fragments for various operating systems that can be pasted onto buffer overflow exploits. When crackers successfully exploit vulnerabilities such as buffer overflows, they typically open a shell at the end of the exploit.With a command-line shell, the cracker then can perform any task he or she desires. However, opening shells within buffer overflow exploits can be difficult. For this reason, crackers often maintain libraries of shellcode. See Also: Buffer Overflows; Crackers; Shell. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Shimomura,Tsutomu (person; 1965– ):A computational physicist who at just 30 years of age helped the U.S. federal authorities catch cracker Kevin D. Mitnick in 1995. At that time, frequent cracker Mitnick (who is now a computer security consultant and computer security book writer), was on the FBI’s Ten Most Wanted fugitives list. Following the capture of Mitnick, Shimomura wrote the book Takedown to describe the event, and in 2002, a movie of the same name was released. He is now a Senior Fellow at the San Diego Supercomputer Center. See Also: Federal Bureau of Investigation (FBI); Mitnick, Kevin (a.k.a. Condor). Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Shoulder Surf (general term): One way in which crackers steal a legitimate user’s passwords— by watching that individual type his or her password on the keyboard. See Also: Crackers; Password. Shunning (general term): In networking terms, is the sensor’s ability to use a network device to prevent entry to either a specific network host or to a whole network. See Also: Network. Further Reading: Cisco Systems Inc. Documentation. [Online, July 28, 2000.] Cisco Systems Inc. Website. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids2/220ug/ preface.htm#4199. Signature (general term): In anti-virus software and intrusion detection systems (IDS), a pattern that the system looks for when scanning files or network traffic.This term should not be confused with a digital signature. Virus or worm signatures are increasingly hard to determine 289 Signature because malicious code has begun to use code-morphing techniques—such that each propagated new signature version looks somewhat different from that of the previous generation. See Also: Anti-Virus Software; Intrusion Detection Systems (IDS); Polymorphic Virus;Virus; Worm. Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html. Simple Mail Transfer Protocol (SMTP) (general term): Email is sent with this protocol, as defined in RFC 821. SMTP has been assigned port 25. If someone knows this information, he or she can use telnet to directly connect to any email server worldwide and send email.The only tools necessary to do this are a telnet client program (included in any operating system supporting TCP/IP, which basically means all modern ones) and a recipient’s email address. Email programs, text editors, and browsers are not needed. See Also: Electronic Mail or Email; Port and Port Numbers;TCP/IP or Transmission Control Protocol/Internet Protocol. Further Reading: Dru. SMTP with telnet. [Online, 1999.] Daemon News Website. http:// www.daemonnews.org/199905/telnet.html. Simple Network Management Protocol (SNMP) (general term): A network protocol used to manage TCP/IP networks. On UNIX systems and in Windows, the SNMP service provides status information about a host on a TCP/IP network, as well as a means of managing network hosts (such as bridges, hubs, routers, and workstations or servers) from a computer running network- management software. SNMP utilizes a distributed architecture of agents and management systems. Because network management is critical for both auditing and resource management, SNMP can be used to do a number of useful things, including auditing network usage, configuring remote devices, detecting network faults and nonauthorized access, and monitoring network performance. See Also: Routers; Server; TCP/IP or Transmission Control Protocol/Internet Protocol; UNIX. Further Reading: Microsoft Corporation. SNMP Defined. [Online, 2004.] Microsoft Corporation Website. http://www.microsoft.com/resources/documentation/WindowsServ/ 2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/ 2003/standard/proddocs/en-us/sag_snmpwhatis.asp. SkipJack (general term): An encryption algorithm developed by the U.S. National Security Agency to be included in the Clipper chip, a device through which U.S. governmental agencies would retain access to information that a user encrypted with the Clipper chip. See Also: Clipper Proposal; Encryption. Skylarov, Dmitry Case (legal case): At the DefCon 9 hacking gathering in Las Vegas in July 2001, Russian Dmitry Sklyarov was arrested about the time he was to give his talk to the hacker crowd. Sklyarov developed a software program sold by his Russian employer ElcomSoft Co. Ltd. to permit users to download e-books from secure Adobe software to more commonly used PDF computer files. He, and later his company, were charged with violating provisions under the Digital Millennium Copyright Act (DMCA) in the United States. Both Skylarov and his company were eventually cleared of any wrongdoing because of jurisdictional issues. Signature 290 See Also: Copyright Laws; DefCon, Digital Millennium Copyright Act (DMCA); Elcomsoft Co. Ltd.; Portable Document Format (PDF). Further Reading: Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. SLIP/PPP or Serial Line IP/Point-to-Point Protocol (general term): Permits users dialup access to the Internet through a serial link. See Also: Internet. Further Reading: Internet Highway, LLC. Internet Terminology: SLIP/PPP. [Online, 1999.] Internet Highway, LLC.Website. http://www.ihwy.com/support/netterms.html. Smart Card (general term):A credit card–sized device (or sometimes smaller) that has a embedded computer chip.This chip not only provides storage functionality but also can run programs. Smart cards are used in a number of security-sensitive applications. One important application of Smart Cards is in wireless telecommunication, where Smart Cards are used as Subscriber Identification Modules (SIM). Another use is the health insurance card now employed in several countries around the world. The patient card contains a patient’s health history and a record of previous prescriptions. In addition to this data, a number of security algorithms are implemented on the card so that only properly authorized parties—doctors and/or nurses—can access and alter this data when they successfully establish their identity and authentication through the usage of a health professional’s version of the card. SMTP or Simple Mail Transfer Protocol (general term): Relates to how email is transmitted between hosts and users in a TCP/IP network. A mail program—such as Microsoft Outlook—sends an outgoing message to an SMTP server typically provided by the Internet Service Provider of the user.This SMTP server connects to an SMTP server at the email’s destination, where an SMTP transfer agent receives the message and puts it into the receiver’s mailbox. See Also: Electronic Mail or Email; TCP/IP or Transmission Control Protocol/Internet Protocol. Further Reading: Internet Highway, LLC. Internet Terminology: SMTP. [Online, Highway, 1999.] Internet Highway, LLC.Website. http://www.ihwy.com/support/netterms.html. Smurf (general term):An exploit sending a ping to a broadcast address using a spoofed source address. Consequently, everyone on the target segment responds to the source address, flooding the targeted site with traffic. With this kind of attack, someone sends an IP ping (or “echo my message back to me”) request to some recipient Website. Actually, the ping packet states that it should be broadcast to more than one host within the recipient Website’s local network.The ping packet also indicates that the request is from another Website, the target site that is to receive the Denial of Service (DoS).The result is that many Ping replies will be flooding back to the spoofed host, and if the flood is severe enough, the spoofed host will no longer be able to distinguish real traffic or receive it. See Also: Denial of Service (DoS); Exploit; Flooding; Internet Protocol (IP); Packet, Ping or Packet Internet Grouper. 291 Smurf Further Reading: Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; TechTarget. Denial of Service. [Online, May 16, 2001.] TechTarget Website. http://searchsecurity.techtarget .com/sDefinition/0,,sid14_gci213591,00.html. Snail Mail (general term): Regular posted mail (for which postage stamps are used). SneakerNet (general term): Jargon term for the method of transmitting electronic information by personally carrying it from one place to another on floppy disk or on some other removable medium, such as tapes or memory sticks.The idea is that someone is using his or her shoes (possibly sneakers) rather than the telecommunications network to quickly move data around. Sneakers of 1992 (general term):The 1992 film Sneakers depicted the adventures of a professional hacking team led by actor Robert Redford.The team’s mission was to go after a device that would break any code. See Also: Code or Source Code. Further Reading: Internet Movie Database, Inc. Sneakers (1992). [Online, May 20, 2005.] Internet Movie Database, Inc.Website. http://www.imdb.com/title/tt0105435/. Sniffer Program or Packet Sniffer (general term):A computer program that analyzes data on a communication network to gather intelligence, such as detecting passwords of interest that are transmitted over the Internet. Sniffers are used by crackers on compromised systems to spy on network traffic and steal access information for even more systems. System administrators can detect whether a sniffer is running on their systems by frequently checking on the network interface settings. If a sniffer is running, the network interface card is set to a “promiscuous” mode, allowing it to read all traffic on the Internet.This setting is not the normal setting and therefore is quite easily detectable. See Also: Administrator; Crackers; Ethernet; Internet; Network; Promiscous Mode Network Interface. Snooper (general term): A program that listens in on a network to gather intelligence. See Also: Intelligence; Sniffer. Further Reading: Pipkin, D.L. Halting the Hacker: A Practical Guide to Computer Security. Upper Saddle River, NJ: Prentice Hall, 2003. SNORT Network-Based IDS (general term): Popular, free of charge, pattern-based Intrusion Detection System specializing in the analysis of network traffic.With the incredible growth of the Internet has come a new aspect of network security, SNORT network-based IDS, or intrusion detection systems. As the Internet continues to grow, so does the potential for damage caused by crackers—which is why intrusion detection systems are so essential. In the recent past, solutions for overcoming intrusions have included firewall components such as packet filters and proxy firewalls, but today such solutions are not enough. Firewalls, for example, cannot detect back doors around the firewall.The security conditions are even worse if proxy firewalls are not being used at all.Moreover, current research suggests that more than half of all recorded breaches in industry, government, and educational computer systems have been caused by an insider legitimately behind the Smurf 292 firewall. For all these reasons, companies have recently started deploying intrusion detection systems (IDS) such as SNORT as an additional part of a network’s security architecture. See Also: Firewall; Internet; Intrusion Detection Systems (IDS); Packet. Further Reading: Honeypots.net. Intrusion Detection Articles, Links and Whitepapers. Honeypot.net Website. http://www.honeypots.net/ids/links/. SoBigF Worm (general term): As of September 15, 2003, Symantec Security Response downgraded the threat of this worm to a Category 2 from a Category 4. More formally known as W32.Sobig.F@mm, this was a mass-mailing worm that sent itself to all the email addresses found in the files with extensions dbx, .eml, .hlp, .html, .htm, .mht, .txt and .wab.The worm used its own SMTP engine to propagate, and though it tried to create a copy of itself on reachable and unprotected network drives, it failed to do so because it had glitches in the code. See Also: Simple Mail Transfer Protocol (SMTP);Worm. Further Reading: Symantec Security Response. W32.Sobig.F@mm. [Online, July 28, 2004.] Symantec Security Response Website. http://securityresponse.symantec.com/avcenter/ venc/data/w32.sobig.f@mm.html. Social Engineering (general term):A deceptive process in which crackers “engineer” or design a social situation to trick others into allowing them access to an otherwise closed network, or into believing a reality that does not exist.To crack computer systems, crackers often employ their well-honed social engineering skills.A robust sample of social-engineering case studies can be found in Kevin Mitnick’s book The Art of Deception. Social engineering can also be used in noncyber-related crimes. A 2005 case involved a 39- year-old U.S.woman by the name of Anna Ayala, who filed a complaint to police in March saying that a human finger was in the chili bowl she purchased from a San Jose Wendy’s fast-food outlet. The police, believing that the complaint was a hoax after they investigated the claim, eventually discovered that the finger belonged to a man who lost his finger in an industrial accident in December 2004. He gave his finger to Anna’s husband, who gave it to Anna. Anna apparently “social engineered” a fake reality and was convicted of filing a false claim and of grand theft and sentenced to nine years in prison.The Wendy’s company offered a $100,000 reward for information regarding the claim, for it said that the crime cost it millions of dollars in sales. Apparently, the company had to lay off dozens of employees at the San Jose worksite because business there was harmed. See Also: Crackers; Human Factor and Social Engineering; Mitnick, Kevin (a.k.a. Condor). Further Reading: Associated Press. Police Identify Source of Finger Found in Chili. The Globe and Mail, May 14, 2005, p.A2; Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004. Social Engineering Techniques (general term): Include glancing over authorized users’ shoulders to see their password entries; recording authorized users’ login keystrokes on video cameras; searching for password notes under authorized users’ desktop pads; calling system operators and saying that one is an employee who forgot his or her password and asking for the legitimate password; going through trash cans and collecting loose pieces of paper with passwords on them; searching for authorized users’ passwords by reading email messages stored on company 293 Social Engineering Techniques computers; and guessing different combinations of personally meaningful initials or birth dates of authorized users—their likely passwords. Though there were all sorts of high-tech conjectures about how Paris Hilton’s cell phone was exploited in February 2005, a piece appearing in The Washington Post online on May 18, 2005, indicated that the exploit may have relied on very basic social engineering techniques— combined with vulnerabilities in the Website of Hilton’s cell phone provider, T-Mobile International.A young cracker involved in the cell phone information heist told the reporter that he was part of an online group that succeeded in its crack attack only after one member tricked—using his social engineering techniques—a T-Mobile employee into releasing information not supposed to be in the public domain. Though protecting the minor’s identity, the reporter said that the young cracker provided him with evidence supporting the claim, including screen shots of what he maintained were internal T-Mobile computer network pages. See Also: Electronic Mail or Email; Logging In; Password; Social Engineering Techniques. Further Reading: Krebs, B. Paris Hilton Hack Started With Old-Fashioned Con. [Online, May 18, 2005.] The Washington Post Company Website. http://www.washingtonpost.com/wp-dyn/ content/article/2005/05/19/AR2005051900711.html; Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America:Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002; Schell, B.H. and Martin,C. Contemporary World Issues Series: Cybercrime:A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004. Social Security Number (SSN) (general term): From the beginning of the Social Security program in the United States in 1935 until the 1970s, the U.S. government issued Social Security numbers (SSNs) to applicants based on their stated identifying information. The government, however, did not ask for evidence verifying that the information given was indeed correct or legitimate.With an increased use of SSNs by both the government and private sectors, the SSN has become a target of greater abuse, particularly in cases of identity theft. Because of the U.S. government’s increased concerns about illegal aliens working in the United States, SSN identity fraud, and the potential abuse of public entitlement programs, in 2003 Congress legislated “evidence requirements”—such as rigorous verification of birth certificates or immigration documentation—for SSN issuing and for the replacement of already issued SSN cards. Even the procedures have been made more rigorous for assigning SSNs to U.S.-born persons aged 12 and older. See Also: Identity Theft or Masquerading. Further Reading: SSA Policy Site. RM 00203.001 Evidence Required for an SSN Card. [Online, October 8, 2003.] SSA Policy Site. http://policy.ssa.gov/poms.nsf/lnx/0100203001. Socket (general term): Is roughly analogous to a port and is a communication endpoint for a TCP or UDP connection. One process is said to open a socket to listen for incoming connections, and a second process connects to a socket to establish a communication session. Sockets can also be used for interprocess communication on a single computer, and multiple sockets can be made to communicate with one another. Sockets are bidirectional, which means that both sides of the connection can send and receive information. See Also: Port and Port Numbers; TCP/IP or Transmission Control Protocol/Internet Protocol; User Datagram Protocol (UDP). Social Engineering Techniques 294 Further Reading: About, Inc. Socket. [Online, 2004.] About, Inc.Website. http://compnet working.about.com/library/glossary/bldef-socket.htm. Software Piracy (legal term): Unauthorized copying of some purchased software. Most software programs purchased are licensed for use by just one user or at just one computer site. Moreover, when someone buys software, he or she is known as a “licensed user” rather than as an owner of the software.As a licensed user, an individual is permitted to make copies of the software program for back-up purposes only. It is a violation of copyright laws in North America, in particular, to freely distribute software copies. Because software piracy is all but impossible to halt entirely, software companies now launch legal suits against individuals violating software copyright laws.Years ago, software companies attempted to prevent software piracy by copy-protecting software, but this strategy was neither foolproof nor convenient for users. Software companies typically require registration at the time of software purchase in an attempt to clamp down on the problem. See Also: Copyright Laws; Digital Millennium Copyright Act (DMCA). Further Reading: Jupitermedia Corporation.What is Software Piracy? [Online, October 9, 2003.] http://www.pcwebopedia.com/TERM/S/software_piracy.html. Solaris (general term): Sun Microsystems’ version of the UNIX operating system. See Also: UNIX. SonicWall Inc. (general term): In 2000 this provider of IT security products for high-speed access subscribers released its SonicWALL Network Anti-Virus tool, a virus-scanning software package. See Also: Anti-Virus Software. Further Reading: SonicWALL, Inc. SonicWALL Network Anti-virus Innoculates Businesses Against Virus Outbreaks:The “ILOVEYOU”Virus Underscores the Need for Active Enforcement of Anti-Virus Policies. [Online, 2002.] SonicWALL, Inc.Website. http://www.sonicwall.com/ General/DisplayDetails.asp?id=48. Sophos (general term): Anti-virus software developed for businesses and networks so that it can be administered and maintained from a single location, with version updates of the virusscanning engine delivered regularly. As soon as new viruses are discovered, virus definition updates can be downloaded from the Internet by users. See Also: Anti-Virus Software; Internet; Malware;Virus. Further Reading: Paul Smith Computer Services.VPOP3 and Sophos Anti-Virus. [Online, 2004.] Paul Smith Computer Services Website. http://www.pscs.co.uk/products/vpop3/sophos .php. Source Route (general term): In network protocols, it lets the user specify the route a packet should take. See Also: Network; Packet; Protocol. Spam (general term): Unsolicited,unwanted, impersonal email.A U.K.-based Spamhaus Project tracks the Internet’s spammers, gangs, and services, as well as provides spam protection for Internet networks. The Spamhaus Project team also partners with law enforcement agents to 295 Spam identify and catch spammers worldwide.This group says that email can be regarded as “spam” if it has all three of the following attributes: (1) the receiver’s personal identity is irrelevant because the email message sent is actually applicable to multitudes of other receivers; (2) the receiver has not given explicit consent for the email to be sent; (3) the sending and receiving of the email message appears to the receiver to give a “disproportionate benefit” to the sender. Spam wastes the time and the resources of the receivers. Spam also frequently includes material that many receivers find offensive, such as the marketing of sexual enhancement devices or child pornography. In the United States, spam reportedly costs nearly $21.6 billion annually in lost productivity, according to the 2004 National Technology Readiness Survey (NTRS).The survey, completed annually, tracks U.S. consumers’ online opinions and behaviors. The loss estimate of more than $21 billion was based on U.S. users’ reports that they spend an average of three minutes per day deleting spam at work.With about 170 million U.S. adults online at work, that results in 22.9 million lost hours a week, or $21.6 billion in lost productivity annually when the average wage is factored into the calculation. Early in 2005, Lycos Europe began offering computer users a weapon against spam-emitting servers.The weapon is actually a screensaver program that automatically visits the Website advertised in the spam.The idea behind this scheme is to have enough of these screensavers running to slow down the Website or make it inaccessible. Lycos Europe encouraged its 22 million users to download the screensaver for their own good, but, they affirmed, anyone who has a computer is welcome to download it. During the first week of February 2005, however, security experts warned that spam levels could increase drastically in future years because spammers have found a new way to deliver spam. Spamhaus said that a new piece of malware, a Trojan, has been created that gains control of a PC and then uses it to send spam through the mail server of that PC’s Internet Service Provider (ISP). Because the spam appears to come from the ISP, it is next to impossible for an anti-spam blacklist to stop it. See Also: Child Pornography; Electronic Mail or Email; Internet; Spammers;Trojan. Further Reading: Demon Spam-Filtering Service. Frequently Asked Questions. [Online, 2004.] Demon Spam-Filtering Service Website. http://www.demon.nl/eng/products/ services/spamfilterfaq1.html; Ilett, D. Spammers tricking ISPs Into Sending Junk Mail. [Online, February 2, 2005.] CNET Networks, Inc. Website. http://news.zdnet.co.uk/internet/ 0,39020369,39186364,00.htm; In Brief. Program Hits Spammers. The Globe and Mail, December 2, 2004, p. B11; In Brief. Spam Wastes $22.9 Million Hours a Week, Survey Finds. The Globe and Mail, February 9, 2005, p. C8. Spammers (general term): Individuals such as online marketers who distribute spam. Email users receive spam for the same reason that people receive junk mail through regular mail: Marketers are trying to sell others their products or services. Because email is cheaper than regular mail, email users tend to get an abundance of spam. Spammers derive their mailing lists from many sources, including by scanning Usenet discussion groups, searching the Web for likely addresses, and guessing email addresses at random. Fighting spammers is a difficult battle at the best of times. During March and April 2005, two legal cases showed both successes and failures in this regard. Spam 296 The March 2005 case involved a North Carolina woman charged and then released from spamming charges. Jessica DeGroot, aged 28, was dismissed of spamming charges under the new Viriginia Antispam law because the jury apparently got buried in a heap of technological evidence that it could not understand.The charged woman allegedly flooded tens of thousands of AOL email accounts with unsolicited bulk advertisements.This case fuels pessimism about stopping spammers despite such efforts as the passage of the CAN-SPAM Act, blacklists, and Bayesian filters that try to differentiate between legitimate mail and spam by applying statistics. The April 2005 case involved spammer Jeremy Jaynes of Raleigh, North Carolina, who went by the name Gaven Stubberfield and was described by prosecutors as being among the top 10 spammers in the world. Jaynes was sentenced to nine years in prison for his spamming exploits. This is considered to be a landmark case because it was the United States’ first successful felony prosecution for transmitting spam over the Internet. The Virginia jury ruled that Jaynes should serve nine years for transmitting 10 million emails daily using 16 high-speed lines. Jaynes apparently earned as much as $750,000 a month on his spamming operation.The case is being appealed. To move ahead in the fight against spammers, Meng Weng Wong, founder of the email forwarding service Pobox.com, is asking enterprises to join a movement to support proposed new standards for email sender authentication. The new services proposed by Pobox.com will rate email messages against thousands of criteria and then send spammers away by treating all email as “guilty” until proven “innocent.” The proposed standards include the Sender Policy Framework (SPF) and Microsoft’s Sender ID Framework (SIDF). SPF is an SMTP extension rejecting messages when the “From” field domain sender names do not match authorized IP addresses for that domain. SIDF combines SPF with Microsoft’s Caller ID for email. The challenge is that SIDF and SPF will be successful only if a critical mass of enterprises agrees to be part of the movement by registering records of their domain names and IP addresses at sites such as Pobox.com. At this early stage of the movement, some companies, such as Microsoft, Amazon, and eBay, are in favor; others, such as Yahoo!, are against the movement for a variety of reasons. In June 2005, an industry working group lead by Yahoo! and Cisco announced a new standard for mail authentication named “DomainKeys Identified Mail,” which was subsequently submitted to IETF for consideration as a standard.Yahoo! is using the standard for their mail systems, and, as of March 2006, claims to process hundreds of millions of messages signed with DomainKeys per day. No commonly used standard has emerged yet. See Also: CAN-SPAM Act of 2003; Spam. Further Reading: Associated Press. Spammer Sentenced to 9 Years in Prison in Landmark Case. The Globe and Mail,April 9, 2005, p. B7; Baard, M. In the Dark About Solutions for Spam? [Online, March 3, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/original Content/0,289142,sid14_gci1064501,00.html; Demon Spam-Filtering Service. Frequently Asked Questions. [Online, 2004.] Demon Spam-Filtering Service Website. http://www.demon .nl/eng/products/services/spamfilterfaq1.html. Jordan, S. Email Authentication Myths and Misconceptions. [Online, 2006]. Messaging News Website. http://www.messagingnews.com/ magazine/2006/03/features/email_authentication_myths_misc.html. 297 Spammers Spamming/Scrolling (general term): Sending unsolicited emails for commercial purposes, sometimes with the criminal intent to defraud. See Also: Fraud; Spam. Spear Phishing (general term): Cyber attack that is targeted at a single organization. Usually, the attack is hidden in an email that seems to come from a trusted sender within the targeted organization. Special Oversight Panel on Terrorism (general term):A U.S. Congressional panel concerned with threats to the United States and its allies from weapons of mass destruction, including bioterrorism and cyberterrorism. In 2000, Dr. Dorothy Denning gave testimony before the panel saying that cyberspace is constantly under assault and vulnerable to cyberattacks against targeted individuals, companies, and governments—a point repeated by White Hat hackers for the past 20 years. See Also: Denning, Dorothy;Terrorism;White Hats or Ethical Hackers or Samurai Hackers. Spider (general term):An automated program that reads Web pages from a Website and then follows the hypertext (HTTP) links to other pages. Spammers use spiders to sift through Web pages to look for (that is, harvest) email addresses. See Also: Bot or Robot; Electronic Mail or Email; HTTP (HyperText Transfer Protocol); Spammers. Spoofing (general term): The cyberspace appropriation of an authentic user’s identity by nonauthentic users, causing fraud or attempted fraud, in some cases, and causing critical infrastructure breakdowns in other cases. Spoofing can also target nonuser-based entities. For instance, an IP address can be spoofed to appropriate the identity of a server and not a human (user). See Also: Cyberspace; Fraud; IP Address; Internet Protocol (IP). Further Reading: Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime:A Reference Handbook. Santa Barbara, CA:ABC-CLIO, 2004. Spyware (general term) Covert software that captures data about online users’ Internet surfing habits.Adware, a form of spyware, gathers information to target unsuspecting users with email pop-up ads or other marketing tools. System administrators are keenly aware that running their desktops while being logged on as an administrator can cause serious security problems. Because administrators have total system authority, any program beginning under this account can perform almost any activity. Recently, spyware pushers have developed means of adding their covert programs to the Windows Firewall’s list of so-called trusted applications. Although trusted applications generally transmit traffic out from the said computer, adding a registry subkey that references the application under the subkey storing trusted applications works only if someone is logged in as an administrator.Administrative accounts should be using sparingly and with caution. A white paper available from Symantec Security Response outlines various risks affiliated with spyware and adware, cites tests available for discovering spyware, and offers security strategies for dealing with these when discovered. The white paper is at http://enterprisesecurity .symantec.com/content.cfm?articleid=5667. See Also: Electronic Mail or Email; Firewall; Symantec Corporation. Spamming/Scrolling 298 Further Reading: Edwards, M.J.Windows Firewall:Another Good Reason Not to Login as an Administrator. [Online, February 22, 2005.] Penton Media, Inc. Website. http://list .windowsitpro.com/t?ctl=3E02:4FB69; Symantec. Symantec’s Anti-Spyware Approach. [Online, May 19, 2005.] Symantec Website. http://enterprisesecurity.symantec.com/content.cfm? articleid=5667;Won, S. and Avery, S. Computer Hackers Step Up e-Commerce Attacks. The Globe and Mail, September 20, 2004, p. B3. SQL Injection (general term):A security vulnerability occurring in an application’s database layer that is caused by the incorrect delimiting of variables embedded in SQL statements. It is an example of a broader class of vulnerabilities occurring whenever a programming or scripting language is embedded inside another. SSH (general term): A command used to remotely log in to a UNIX computer that uses encrypted communication and is therefore the protocol of choice for remote administration of both UNIX and Linux systems. See Also: Linux; Protocol; UNIX. Stack frame (general term):A stack frame procedure, or heavyweight procedure, allocates space for and saves on the stack its caller’s context—information about the part of a program that invokes the procedure, so that this information can be reinstated when the procedure finishes executing. Such a procedure not only saves and restores registers but also makes standard calls to other procedures. The stack frame has both a fixed part (whose size is known at compile time) and an optional, variable part. If the latter is not present, certain optimizations can be completed. See Also: Buffer Overflows. Further Reading: Microsoft Corporation. 3.1.2 Stack Frame Procedure. [Online, 2004.] Microsoft Corporation Website. http://msdn.microsoft.com/library/default.asp?url=/library/ en-us/csalpha98/html/3.1.2_stack_frame_procedure.asp. Stack Smashing (general term): Occurs when a cracker purposely overflows a buffer on stack to get access to forbidden regions of computer memory. A stack smash is based upon the attributes of common implementations of C and C++. See Also: Buffer Overflows; Programming Lanugages C, C++, Perl, and Java. Further Reading: Aleph One. Smashing The Stack For Fun And Profit. [Online, Nov 8, 1996.] Phrack,V 9, # 49, 14 http://www.phrack.org/archives/phrack49.tar.gz . Stallman, Richard (person; 1953– ): In 1982, he founded the Free Software Foundation (FSF) and dedicated himself to producing high-quality, free software. He began the programming and implementation of a full clone of UNIX, written in C and available to the hacker community for free. He succeeded—with the help of a large and active programmer community—to develop most of the software environment of a typical UNIX system, but he had to wait for the Linux movement to gain momentum before a UNIX-like operating system kernel became as freely available as he (and like-minded others) had continuously demanded. In 2002, a book written by Sam Williams entitled Free as in Freedom: Richard Stallman’s Crusade for Free Software, chronicles Stallman’s life, discusses his motivations for wanting free software, and gives insights into his highly creative hacker personality. Stallman’s personal home page can be found at http://www.stallman.org/. 299 Stallman, Richard See Also: Free Software Foundation (FSF); Linux; UNIX. Further Reading: Rothke, B. Stallman’s Crusade For Free Software. [Online, May 22, 2005.] CMP Media LLC Website. http://www.unixreview.com/documents/s=2425/ uni1017174098539/; Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It,Why, and How.Westport, CT: Quorum Books, 2002. Start of Authority (SOA) (general term): Defines global parameters for a DNS zone— meaning a portion of the namespace on the Internet under a single administrative control—as defined in RFC 1035. Only one SOA record is permitted in a zone file. Considered to be not only the most critical but also the most complex record in the zone file, the SOA contains the root name of the zone, the TTL values, the class of record, and the primary or Master Domain Name Server for the zone. See Also: Root. Further Reading: Zytrax, Inc. Start of Authority Record (SOA). [Online, November 17, 2004.] Zytrax, Inc.Website. http://www.zytrax.com/books/dns/ch8/soa.html. Stateful Inspection (general term): Also referred to as dynamic packet filtering. Check Point Software is credited with creating the term stateful inspection when it was used in the company’s 1993 FireWall-1.Today, stateful inspection is generally known as firewall architecture working at the network layer. Different from static packet filtering, which looks at a packet based on the information in the packet header, stateful inspection tracks every connection traveling through all firewall network interfaces to make sure that they are valid. Moreover, a stateful inspection firewall looks at both the header information and the packet contents on all protocol layers including the application layer to ascertain more about the packet than merely its source and destination. A firewall with stateful inspection also monitors the connection state and puts the data together in a state table.Thus, filtering decisions are based not just on configured rules by the administrator (as is the case in static packet filtering) but also on context established by the packets that have previously passed through the firewall. See Also: CheckPoint Software Technologies Ltd.; Firewall; Packet; Packet Filters. Further Reading: Jupitermedia Corporation. What is Stateful Inspection? [Online, August 18, 2003.] Jupitermedia Corporation Website. http://www.webopedia.com/TERM/S/ stateful_inspection.html. Stealth Scan (general term): Mechanism to perform reconnaissance on a network while remaining undetected. Uses SYN scan, FIN scan, or other techniques to prevent logging of a scan. See Also: Synchronize Packet (SYN); Synchronize Packet Flood (SYN Flood). Further Reading: Internet Security Systems. Port Scanning. [Online, 2004]. Internet Security Systems Website. http://www.iss.net/security_center/advice/Underground/Hacking/ Methods/Technical/Port_Scan/. Steganography (general term): The practice of hiding information in e-pictures, MP3 music files, or any binary data format that can be changed without invalidating the data format as well as retain the appearance of being unaltered. Steganography is successful because it is based on the Stallman, Richard 300 fact that digital images and MP3 music files are comprised of thousands of pieces of binary code instructing a computer to color a pixel or to produce a certain sound. Because of the large number of digital information pieces involved, a few can easily be changed to convey secret messages without having a significant impact on the overall effect produced for the normal eye or ear.The secret information tends to be stored in the least important parts of a digital image or MP3 tune. Consider the potential that steganography could have for terrorists trying to communicate with each other over the Internet. In a holiday e-picture, for example, doz