Audit trail. An audit trail is literally a trail of data that can be used to reconstruct what happened at a later date.
Columbus Day Virus. This refers to a virus that received incredible amounts of publicity via worldwide mass media; it was scheduled to go off on Columbus Day but turned out to be a false alarm.
Credit union. "A cooperative group that makes loans to its members at low rates of interest." (Websters unabridged.) A credit union is synonymous with a bank to many; you can get ATM and credit cards, have savings and checking accounts, etc. with most of them.
Authentication and encryption. Authentication is a method that verifies the identity of someone or something (a program, a computer system, whatever.) Encryption is a way of transforming something (often called "plaintext", which is typically electronically stored information such as text or programs) into "cyphertext" (something that is unusable and unreadable in its current form.) Depending on the encryption method used and whether keys are available or not you can sometimes you can decrypt the cyphertext back into the original plaintext. (Passwords are often encrypted with a form of encryption that cannot be decrypted, for instance.)
Fingering. "finger" is a command that can be used to determine information about users either locally or on remote machines. The security problems associated with allowing this service to be run were detailed in Wietse's and my paper Improving the Security of Your System by Breaking into It.
RFC. Request For Comments. The Internet has no governing body or way to enforce standards. The Internet Engineering Task Force (IETF) is a group of concerned Internet citizens who meet several times a year to discuss protocols and suggested behaviors. The documents that they produce are called RFC's, and these are essentially the road maps that the Information Super highway follows (rather than the other way around.)
Security policy. A security policy is a written document that details what an organization requires with respect to security from its network, computers, property, and employees.
Shrift.
1. The imposition of penance by a priest on a penitent after confession.
2. Absolution or remission of sins granted after confession and
penance.
3. Confession to a priest.
(Webster's Encyclopedic Unabridged Dictionary of the English Language.)
I just had to look this word up. Cool.
Social engineering. "Social Engineering uses very low cost and low technology means to overcome impediments posed by information security measures" (quote from reference below.) In other words, social engineering is the skill of bullshitting or tricking someone in order to get something that you want from them - for instance, a password or system access. A reference to a really wonderful paper (Information Security Technology?...Don't Rely on It A Case Study in Social Engineering, by Winkler and Dealy) can be found in the papers page.
SPAM. Sending unsolicited junk e-mail or netnews articles to vast numbers of people or locations.
Tiger teams. A tiger team is a group of people who attempt to get past the defenses of a system or an organization that they work for (often indirectly; for instance, the Navy might use its special force team to test the defenses of a Naval base), in order to test its defenses. Using a tiger team is usually a waste of time (compared to a real audit or well-done survey) and not very effective technically, but can often be very flashy and produce political results that are difficult to attain via more conventional methods.
|