Hacker terms


2600 - A hacker organization who publishes 2600 magazine.

8lgm - 8 Little Green Men hacker group that puts out security tips.

Abuse of Privilege - When a user performs an action that they should
not have, according to organizational policy or law.

Access - The ability for a computer user to view, change,
communicate with a file or record in a computer system.

Access Control - Restriction on a computer user to use a
computer system or a file or record on the computer system.

ActiveX - Microsoft scripting language used for their Internet browser.

Anonymous ftp - An anonymous file transfer protocol that will
accept any user name and an anonymous or no password. This is a common
way for hackers to gain access to a computer.

ASIM (Automated Security Incident Measurement) - Automated security
tool that monitors network traffic and collects information on
targeted unit networks by detecting unauthorized network activity.

ATM (Asynchronous Transfer Mode) - A high-speed form of
networking that supports data communications, video, and
voice communications on the same line.

Attack - An attempt to bypass security controls on a computer.
An active attack alters data. A passive attack releases data. Whether
an attack will succeed depends on the vulnerability of the computer
system and the effectiveness of existing countermeasures.

Audit - To record independently and later examine computer
system activity such as logins, file accesses, and security violations.

Audit Trail - An audit trail may be on paper or on disk. In
computer security systems, a chronological record of when users log in, how
long they are engaged in various activities, what they were doing, whether
any actual or attempted security violations occurred.

AUSCERT - Australian Computer Emergency Response Team.

Authenticate - In networking, to establish the validity of a user
or an object (i.e., communications server).

Authentication - The process of establishing the legitimacy of a node
or user before allowing access to requested information. During the process,
the user enters a name or account number (identification) and password (authentication).

Authorization - The process of determining what types of activities
are permitted. Usually, authorization is in the context of authentication.
Once you have authenticated a user, the user may be authorized different
types of access or activity.

Back door - A hole in the security of a computer system deliberately
left in place by designers or maintainers.

BIP - Base Information Protection office.

Browser - A program designed to help users view and navigate on the
Internet (World Wide Web). Browsers are sometimes also called Web clients,
since they get information from a server.

Bug - An unwanted and unintended property of a program or piece of
hardware, especially one that causes it to malfunction.

C - The name of a programming language used often in the Unix environment.

C++ - An object-oriented programming language. An improved
version of the C programming language.

Callback - A security procedure used with modems connected to
terminals dialing into computer systems. When a computer system
answers a phone call, it does not allow a direct login at that time.
The computer calls back the telephone number associated with the
authorized user's account.

CDS: CSAP Database System - An AFCERT relational database system
containing information ranging from detailed computer hardware and
software specifications, vulnerabilities and countermeasures, malicious
logic, and system connectivity descriptions.

CERT - Computer Emergency Response Team.

CGI - Common Gateway Interface. CGI is the method that Web
servers use to allow interaction between servers and programs.

Chat Group - A virtual meeting place where you can converse with
other users from all parts of the globe. The chat groups are "live."

CIAC - Computer Incidnet Advisory Capability. An organization of
the Depeartment of Energy which provides computer security services.

COAST - Computer Operations, Audit, and Security Tools.
Organization at Purdue University which collects computer security tools.

Communications Security - Procedures designed to ensure that telecommunications messages maintain their integrity and are not accessible
by unauthorized individuals.

Computer Security - Technological and managerial procedures applied
to computer systems to ensure the availability, integrity and confidentiality
of information managed by the computer system.

Computer Security Incident - Any intrusion or attempted intrusion
into a computer system. Incidents can include probes of multiple
computer systems.

Computer Security Intrusion - Any event of unauthorized access
or penetration to a computer system.

Cookie - A handle, transaction ID, or other token of agreement between
cooperating programs.

COPS - Computer Oracle and Password System. A computer network
monitoring system for Unix machines.

Core - The main storage of a computer system. A core dump captures
data and files in memory.

Countermeasure - Action, device, procedure, technique, or other
measure that reduces the vulnerability of an automated information system.

Crack - a password cracking program.

Crack Root - To defeat the security system of a Unix machine.

Cracker - One who breaks security on a computer system.

Crash - A sudden, usually drastic failure of a computer system.

Crytographic Checksum - A one-way function applied to a file to produce
a unique "fingerprint" of the file for later reference. Checksum systems are
a primary means of detecting file system tampering on Unix.

CSAP (Computer Security Assistance Program) - Program to implement
information protection operations capabilities using a combination of
administrative controls, reporting procedures, specially developed
automated security tools, incident response, intelligence threat data,
and special survey and analysis capabilities.

CSET (Computer Security Engineering Team) - The CSET focus on specific
systems and networks. The team overtly surveys policy, procedures,
training, awareness, connectivity and physical security of a specific
system. CSETs document problems with policy and directives, operating
procedures, configuration management, training and awareness, system
connectivity, physical security, and unauthorized software.

Cyberspace - Information space loaded with visual cues and navigable
by computers.. The Internet is considered as a crude cyberspace.

Daemon - A program that is not invoked explicitly, but lies dormant
waiting for some condition to occur.

Data Encryption Standard (DES) - An encryption standard developed by
IBM and then tested and adopted by the National Bureau of Standards. This
is a private key encryption algorithm adopted as the federal standard for
the protection of sensitive but unclassified information .

DNS (Domain Name System) - A distributed networked-based
naming service on the Internet.

DNS Spoofing - Assuming the DNS name of another system by
either corrupting the name service cache of a victim system, or by
compromising a domain name server for a valid domain.

Dump - An undigested and large amount of information routed to
an output device. Usually it is a backup of computer files and data.

Email - Electronic mail automatically passed through computer
networks and/or modems over common-carrier lines.

Encryption - The process of scrambling files or programs, changing
one character string to another through an algorithm (such as the
DES algorithm).

FAQ - Frequently Asked Question. A collection of common questions.

Filter - A program that processes an input data stream into an
output data stream in some well-defined way.

Finger - A program that displays information about a particular
user or all users logged on a computer system.

Firewall - Computer on a network used to isolate, filter, and protect
local systems from external connectivity by controlling the amount
and kinds of traffic that will pass between the two.

Fix - A patch or solution to a reported computer problem.

Flame - An online message intended to insult or provoke other users.

Flooding - Sending lots of text to the screen at once.

Freeware - Free software distributed by email or bulletin boards.

FTP - file transfer protocol. Used to get or put files from
one computer to another.

Gateway - A bridge between two networks.

GIF - Graphical Image Format. An image file.

GNU - A Unix-woralike development effort of the Free Software
Foundation.

Good Times - A hoax virus.

Guru - A computer expert.

Hack - Any software in which a significant portion of the code
was originally another program.

Hacker - A person who enjoys exploring the details of computers and
how to stretch their capabilities.

Home Page - A World Wide Web (WWW) repository for information.

HTML - Hypertext Markup Language. Computer language and tags
used by web browsers.

Incident - Any intrusion or attempted intrusion into a computer
system. Incidents can include probes of multiple computer
systems.

Internet - A collection of worldwide computer networks.

Intrusion - An unauthorized access or penetration of a
computer system.

Intrusion Detection - Detection of break-ins or break-in attempts
either manually or via software expert systems that operate on logs or
other information available on the network.

IP Spoofing - An attack whereby a system attempts to
illicitly impersonate another system by using its IP network address.

IRC (Internet Relay Chat) - A worldwide "party line" network
that allows one to converse with others in real time.

ISDN (Integrated Services Digital Networking) - A network
that shares high-speed data communications along with voice
communications on the same wires. It splits basic service into
shared channels, each of which can be used for different calls.

ISP - Internet Service Provider. An ISP is a company that
sells Internet access.

Java - A computer language developed by Sun for web browsers.

Joe Password - A type of logging into a computer system where the
password is the the same as the user name.

JPEG - An image file.

Letterbomb - A piece of email containing data or a program intended
to do bad things to the recipients's machine or terminal.

LAN (Local Area Network) - An interconnected system of computers
and peripherals. LAN users share data stored on hard disks and can
share printers connected to the network.

Link - A word or picture you select on a Web page, usually
by clicking your mouse on it, leading to a new page.

Linux - A free Unix workalike program available on the Internet.

Logic Bomb - A type of programmed threat. A mechanism for
releasing a system attack of some kind. It is triggered when a
particular condition, such as a certain date, occurs.

Mailbomb - To send, or urge others to send, massive amounts of email
to a single system or person with intent to crash the system. This
is a denial of service attack.

Malicious Logic - Hardware, softwae, or firmware that is intentionally
included or introduced into a system for unauthorized purposes.

MUD (Multi-User Dungeon) - A virtual reality adventure game
played over the Internet.

Network - A data communications system that allows a number of
systems and devices to communicate with each other.

Operational ASIM site - ASIM has been installed, is capturing and
analyzing data, and is sending the data to the AFCERT.

Packet - A group of data elements transmitted together that
generally form part of a larger transmission made up of a number
of packets.

Packet Sniffer - A device or program that monitors the data
traveling between computers on a network.

Password - A secret sequence of characters that is used to
authenticate a user's identity, usually during a login of a computer.

Patch - A temporary addition to a piece of code to fix an
existing bug or misfeature.

Perl - Practical Extraction and Report Language. An interpreted
computer language used mostly with Unix systems.

phf Hack - Phonebook file demonstration program that hackers
use to gain access to a computer system and potentially
read and capture password files.

PGP - Pretty Good Privacy. An encryption program.

Phreaking - The art and science of cracking the phone network.

Ping - Slang term for a small network message (ECHO) sent by
a computer to check for the presence of another computer.

Pkzip - A program to compress a file or files.

Probe - Any effort to gather information about a machine or its users
on-line for the apparent purpose of gaining unauthorized access to the
system at a later date.

Protocols - Agreed-upon methods of communications used by computers.
It is the set of rules and formats for the exchange of information,
particularly over a communications network.

Proxy - A software agent that acts on behalf of a user. Typical
proxies accept a connection from a user, make a decision as to whether or
not the user or client IP address is permitted to use the proxy, perhaps
does additional authentication, and then completes a connection on behalf of
the user to a remote destination.

RFC (Request For Comment) - One of a long-established series
of Internet informational documents and standards.

Root - The superuser account in a Unix system.

Rootkit - A hacker security tool that captures passwords
and message traffic to and from a computer.

SATAN - Security Administrator Tool for Analyzing Networks. A tool for
remotely probing and identifying the vulnerabilities of systems on
Internet Protocol networks.

SCSI - Small Computer System Interface. A bus-independent
standard that interfaces a computer with peripheral devices.

Sendmail - A Unix mail program with lots of known vulnerabilities
to hack into a computer system.

Server, Web - A computer which feeds documents and media to
the browsers that request them.

Shell - A computer command interpreter used to pass commands
to an operating system.

Snarf - To grab a large document or file for the purpose of
using it with or without the author's permission.

Sneaker - An individual hired to break into computer systems to
test their security.

Sniffer - A program to capture data across a computer network.
Used by hackers to capture user id names and passwords.

Spam - To crash a programm by overrunning it with large data.
Also, to cause a person or newsgroup to be flooded with
irrelevant or inappropriate messages.

SPI (Secure Profile Inspector) - A network monitoring tool
for Unix, developed by the Department of Energy.

Spoof - A trick that causes an authorized user to perform
an action that violates system security or that gives away
information to an intruder.

Superuser - The account with all privileges. Root account.
System Administrator or System Administrator-level privileges

Surf - To traverse the Internet in search of interesting stuff.

TCP/IP - Transmission Control Protocol/Internet Protocol.
This is the wide area networking protocol that makes the
Internet work.

Telnet - A communication protocol to Internet hosts.

TFTP - trivial file transfer protocol.

Token - A physical item that is used to provide identity.
Typically an electronic device that can be inserted into a
computer system to gain access.

Trojan Horse - Computer program containing an apparent or actual
useful function that contains additioal (hidden) functions that allows
unauthorized collection, falsification, or destruction of data.

Troll - An online message whose purpose is to attract responses
and make the responders look stupid. People who troll want to make
you waste your time responding to their pointless statements.

Unix - A computer operating system. It is the most widely used
multiuser general-purpose operating system in the world.

URL (Uniform Resource Locator) - This is the address that
identifies a document or resource on the World Wide Web.

Virus - A cracker program that searches out other programs and
infects them by imbeding a copy of itself in them. A
virus cannot infect other computers without assistance.

Vulnerability - Hardware, firmware, or software flow that leaves
a computer processing system open for potential exploitation. The
possible exploitation can be either from an external or internal
source, thereby resulting in risk for the owner, user, or
manager of the system.

War Dialer - A cracking tool that calls a given list or range
of phone numbers and records those which answer to identify
computer systems.

Warez - Cracked versions of commercial software with their
copy-protection stipped off. Warez sites usually contain
illegal, pirated software or games.

Webmaster - The person at a site providing World Wide Web
information who is responsible for maintaining their web site.

Worm - A program that propagates itself over a network,
reproducing itself as it goes.