Wizernary - Translating Geek to English
Have you ever nodded your head to pretend to know what your Tech Team is talking about?
Now you don't have to! Introducing....
A fabulous collection of cyber security definitions with all of the wit, humor, and sarcasm of Wizer Warlock, Chris Roberts! So entertaining, you'll want to read them over and over!
Inspire us by sharing your own term!
2FA (Two factor authentication)
That code you get on your phone from the Internet
Power corrupts, absolute power corrupts absolutely… it’s like having the master key to life, but in the digital realm.
When your phone or system lets you make whatever changes you want, irrespective of any consequences beyond simply asking “are you sure?”
No permission required…
Your digital enemy, they’re out there, in the trenches, the forest, or the building next door, just watching for that opportune moment to take advantage of you, your family, team, company, or the supply chain you so perilously rely upon.
Someone who wants to steal from you or do harm to you
Advanced Persistent Threat
It’s like the digital version of WMDs. We’ll scream from the top of our lungs that we’re about to be brought to our knees with APT’s coming in from (pick a country we don’t like in the moment) until someone gives us money OR allows us to go on the rampage… Then we find out we actually got breached because some numpty left the digital keys under the front door mat.
Really sneaky adversary who doesn’t set off the alarms
You know when you go to look at one website and all of a sudden thing start appearing on your screen like mushrooms after a good rainfall? That’s adware at work. They are the unwanted pop-ups that appear all over your screen trying to entice you to click or subscribe OR pleading for you to just stay etc.
It’s a form of malware that’s really just unwanted or nuisance advertising. You can stop it with the correct settings on your device, and you can clean it up with the right software… Think of it as the digital version of mace, sometimes that’s what it takes to stop someone from pestering you.
Unwanted digital billboards
You know how someone takes over a conversation, or hijacks a point you’re just about to make? OR that person that won’t ever let you finish a sentence because they “always” know the answer? Welcome to the human version of arbitrary code execution. It’s simply when a computer allows someone else to run THEIR programs instead (or as well as) yours… Basically, they’re taking the wind out of your sails and leaving you high and dry.
Sneaking in a program using unlocked side entrance….
Artificial Intelligence (AI)
Really smart computer, it can beat you at chess, but still can’t make good coffee.
It’s the digital equivalent of you leaving your door open, your window ajar, or car unlocked. It’s simply another way to say how someone may attack or take advantage of you. It’s simply the method used to break into you.
How do I love thee? Let me count the ways… See, even Elizabeth Barrett Browning was doing assessments in the 1800’s.
Taking advantage of you
This is simply the name for the process by which we work out "you are who you say you are." Be you're at the ATM and having to put your PIN number in, sitting at a keyboard typing in a password, or looking at the phone while it decides if that moustache is real or false…They are all methods of authentication. It’s simply working out if you are true, genuine, and valid.
Remember trust AND verify… this is the verify part.
Remember snakes and ladders? A backdoor is like finding that one ladder on your first go that puts you right at 99… Typically, backdoors are disguised or hidden by their creator. More often than not, they used to be fun. (Easter eggs where if you knew the keyboard sequence you could get the program to do something fun) BUT, these days, theirs always talk of putting backdoors into encryption. Problem is, a secret entrance is no longer a secret once more than one person knows about it.
It’s the not-so secret entrance…
It’s an analog dollar in a digital world. Think about it… if I hand you $1, I can’t spend it again, but in the digital world I could copy that digital dollar as many times as I want, so we put that digital dollar in a ledger (so it balances) and we show that I gave YOU my electronic dollar , and we write it down and share it with everyone…so now everyone knows I gave you my digital $1. In the real world, I could just shout out to everyone around me that I gave you my money, but in the digital world it’s all recorded on all the systems that I did it… So, I can spend it once, and if I help WITH the system I can become part of the “mint” (I can even run my own digital printing press as long as I have enough computers) and I can tell that ledger that I’m doing it. Welcome to Bitcoin, a digital dollar in an analog world.
Digital dollars in a digital wallet
Remember the old way of doing accounting? Two ledgers? It’s a digital version of that, but a whole lot more ledgers and a LOT more accountants, all working furiously to record transactions and make sure that they agree AND that nobody can mess with the books.
It’s a digital version of your check register that’s shared with ALL your friends and family.
Your computer. Really, it’s YOUR computer, or anyone’s system that’s infected with malicious code that’s then used to attack and infect others.
A lot of computers being controlled by someone else other than their owners
Remember the Dutch story about the kid that saved the country from flooding? Yeah, it’s like that, but there’s no kid, the hole’s big enough to drive a bus through, and the water? That’s YOUR data leaving…
Someone you didn’t invite in just backed up ALL your data, snuck it out, and has it.
When someone breaks into your home, office or computer
When I don’t know the answer, I guess… and the system lets me keep guessing. Mostly used against passwords where I can “guess” up to a billion times a second using certain types of computer equipment.
Using a digital sledgehammer to crack the walnut
In computer terms, (and not Mother Nature’s creepy crawlies) it’s a coding error, a flaw, an error, or someone, somewhere forgot to put a ";" where it was needed… The program will often still work, but somewhere, something has taken notice and it’s eating memory (making your computer slow) or simply it’ll stop working (for those of you old enough the Microsoft blue screen of death…)
It’s estimated that there’s 15-50 “bugs” per 1,000 lines of code, and most modern cars have 100 million lines of code in them… Think about that next time you are speeding on the motorway.
It’s a flaw, unless you are Apple or Microsoft in which case it’s an “enhancement”
Bring Your Own Device - What it really means is that the company doesn’t want to buy you a computer or phone and you can use your own OR they want to give you one from the stone age and yours is better.
Using your personal device to do work on…
How DO we know what’s at the other end of a keyboard? Ask it a question? Get it to explain emotions? Tell it to solve a riddle? OR do we show it a picture of zebra crossings and traffic lights and ask it to select all the squares with squirrels? Do we show some abstract art cunningly disguised as numbers and letters? Welcome to captcha, one way to (hopefully) slow down the number of automatic computer programs that flood our systems with spam emails and absolute rubbish… The idea is simply to work out if there’s a human or a machine at the other end of the keyboard.
Separating the humans from the microchips…
We don’t know how it works, what it looks like, or who’s hands were on the keyboard…we just have to trust that it works, carries on working, and doesn’t break (too often). This is the realm of closed source software or systems. Remember as a kid when you asked how something worked, and the adult answered, “it just does!”? That’s closed source in a nutshell. It’s the total opposite of open-sourced where the developers, companies and folks put their code and their inventions out there for everyone to look at, review, understand, use, and possibly improve or enhance.
You’re NOT allowed behind the green curtain…
The easy answer is “it’s someone else’s computer” BUT that's like comparing an AMC Pacer to a Bugatti Chiron… Technically true, but about as far from the reality of things as possible. Think of cloud computing as VERY specifically designed and built for one core purpose…the flexibility to allow the rest of us to move all our data, systems, and lives TO it with minimal fuss and hassle…
Next door's computer (you know I had to leave that one in…)
Shared computers and storage in large buildings all over the world
It’s not edible, at least by you… your computer likes them, and websites LOVE feeding them TO your computer. Some of them are nice, the good ones just want to remember what you looked at, what your preferences are, and they help with customizing your experience ON the website. However, there’s a LOT of cookies out there that are NOT nice and are used by advertisers NOT associated with the website you are on. Typically, they are called 3rd party cookies and they will track you, your movement, and do their level best to profile you and work out how to sell you something or worse.
Think of them as a digital fingerprint of where you’ve been on the Internet, what you looked at, and what you did…
It’s a digital (software) tracking device.
This is the digital equivalent of someone coming into your shed, borrowing all your tools to run their gardening company…or coming into your kitchen, using your stove, and ingredients and then selling it…right under your nose AND you don’t even get a free sample.
It’s someone using your computer for their benefit (normally your web browser) so they get to crunch numbers with your processor and slurp up your electricity and likely all you see is a slow computer and keep wondering why your internet’s as slow as molasses.
SETI gone bad...
This is one example of where marketing won over common sense. Cyber is simply the collective name that’s been associated with anything related to the Internet, computers, and the digital age. It’s a combination word taken by blending computer, networks, virtual reality, visions of the future, and whatever else they could find to make Information Technology sound cool and appealing.
We can go back to the Greek and take their word for pilot or steersman (nautical) as those who held the future, and we’ve also got the 1940’s to blame with cybernetics which was the study of control systems and the communications between people and machines. Ultimately though, Information Technology was too much of a mouthful, so cyber was resurrected, dusted off, and the marketing machine ate it up.
Technology… OR a box of microchips doing something fancy…
The protection of computers, networks, systems, hardware, software, and all things related. To protect from theft, damage, or attack by others. To guard against disruption, misdirection, and to safeguard the data entrusted to us. That’s meant to be the heart of Cyber Security. Arguably, we have one job... to protect others. People before process and always before technology.
To ensure confidentiality, integrity, and availability of information and the very systems we all rely upon.
The digital guardians
Denial of Service (DoS)
Think of this as someone unplugging the Internet, or part of it… you can’t get to what you want, your web browser’s sulking, and Netflix is offline. IF you are experiencing a DoS then it means you’ve annoyed someone enough that they worked out how to unplug you or your computers from the Internet, either by attacking your network devices or computers. (office ones or on the Internet somewhere.)
Stopping you from using your digital world
We understand physical security. (locks on doors, windows, and boobytraps in the lawn…) This is the digital equivalent. Think of all the ways we work to try and protect you, your identity, computer, phone, files, and pictures in “our” world. It’s an all-encompassing term that is used to describe the entire process of digital protection.
The cover-all term for all things cyber, cyber, cyber…
The use of digital technology to supplement people and processes in solving problems. Taking something that was manual or human intensive and working out IF and HOW technology could help. The greater goal of digital transformation is cultural and breaking down borders and barriers by bringing everyone together to solve problems, share solutions and simply benefit humanity in all manner of unique ways.
By bringing a diverse cultural experience to a wider audience, in simple terms it would be a market trader in Uganda working out they could sell their goods online. (Etsy, Amazon, Etc.) All of a sudden they’ve got an audience of 4 billion as opposed to whoever’s passing by on the street. It’s got benefits (audience) and challenges (shipping, logistics, tracking, etc.) Opening a business’s eyes to the digital world…
Opening a business’s eyes to the digital world…
Distributed Denial of Service (DDoS)
Like the Denial of Service but typically done from a whole lot of different computers…think of this as the movie “300.” You’re guarding that passageway and a WHOLE LOT of digital Persians are throwing the entire digital version of the kitchen sink at you…eventually you’re going to fail…so go make a cuppa tea and start to go through your Incident Response Plan (see below)
Remember those times at a party or when you’re out enjoying yourself, there’s a crowd of noise and you’re trying to hear ONE person, OR when everyone’s talking to you at the same time and you’re trying to listen to ONE voice… that’s a distributed denial of service.
Think of this as the digital version of turning it up to 11…
An Englishman’s digital castle… Think of a domain as your piece of the digital world. You’ve decided to go onto the Internet and want to stake your claim (remind anyone of the Oregon Trail game… same idea, and as bad a consequence sometimes). A domain is yours (rented for however many years you pay) where you can put whatever you want in it or on it, congratulations you can become the next Amazon, OR could fade away like Myspace…
It’s your own country in the digital world.
It’s that first part of that address you type into the browser… (Amazon, Yahoo, Facebook, etc.)
Domain Name Server (DNS)
Think of it as the contact list or address book for the Internet. However unlike an address book this one’s distributed, and the first place you ask doesn’t always know where to send you…so it goes and asks someone else for the address (root server) that then often goes and asks another server (top level domain server) for where it’s hiding the location… anyway, long story short, your request CAN bounce around while the right owner OF the right address is found. Once that’s discovered your computers told where to go, and off you wander. The upside OF this whole system is that you don’t have to remember an almost infinite number of IP addresses (digital version of a phone number) NEITHER do you have to wait for Elizabeth to come into work and tell you the address (for those of us that remember the REALLY old days!)
The internet's phonebook...
Think of this as the digital version of the WWI and WW2 Windtalkers (or code talkers) that were engaged by the US Military. Originally, the Cherokee and Choctaw peoples helped in the first Great war, then the Navajo in the second. The logic being that only the sender and recipient can understand the message, and to everyone else it’s simply noise.
Turning perfectly usable data into mumbo jumbo since 1900BC, or around 1990 if we are talking the modern digital equivalent.
It’s the digital version of invisible ink.
In the physical world, it’s the crowbar that was used on Pandora’s box, or the same one used to get into your house, shed, or car. It’s simply the act of taking advantage of a vulnerability OR causing a situation where a vulnerability opens up…
To take advantage of you
It’s meant to be a barrier between you and the rest of the Internet when you are sitting at home or in your office, it’s meant to protect you from some of the bad stuff out ON the Internet (or the office next door) but in practice it’s as leaky as an old sieve and as much use as a chocolate fireguard. The problem is, it can’t BE a barrier because it has to let SOME traffic through (the stuff you WANT to see) but in opening that door it’s not very good at stopping uninvited guests from sneaking in too. It tries to ask everyone for their invites, or to ask them why they want to come in, but the attackers are sneaky and will lie to your firewall, and unfortunately, most of the time, it believes the lies.
It’s like Jeeves at home, it’s great at being nice to the right guests who come to the front door, and it can sometimes catch the ruffians trying to sneak in, but it’s fairly useless at watching the windows, the back door, and heavens forbid someone sneaks in through the coal chute… You can’t pension Jeeves off, but you can’t rely upon him to REALLY guard the place.
The digital butler, great if you abide by the rules, totally flummoxed otherwise.
It’s the programs that make the hardware work. When you mash a key on the keyboard OR you yell at Alexa OR print something, there’s a layer between what you’ve done and the app or computer software that shows you the results. That’s the firmware. The keyboard tells the firmware what was pressed, that then tells another piece of software in the operating system (Windows, Linux, Mac, iOS, Android) what you did, and then lo and behold it appears on the screen in the right place… Same for Alexa, the sound hits the microphone which translates waves into 1’s and 0’s, the firmware tells the software what it heard and the rest happens…it’s the layer that makes things work.
It’s THE doorway between human interaction and digital reaction.
To harshly insult you using the Internet as the delivery method. More often than not, it’s done anonymously. (one of the worst aspects OF the Internet is the ease in which people can hide…)
The digital equivalent of “Your mother was a hamster, and your father smelt of elderberries!”
As in the physical world, so be it in the digital one… In the human world, ghosting means to abruptly end a relationship by burning the cards, throwing away the phone, and deleting the email account… In the digital realm, it’s when that’s done TO you… All of a sudden you don’t exist, your cards don’t work, you have no credit, and apparently your social security/national insurance number was given to a squirrel that’s now stuffed on the mantle piece of your adversary. You have become a non-entity, congratulations now you can join the CIA. ;-)
You’ve been erased, wiped out, digitally you are no more.
That’d be me, us, a community, and a LOT of folks who are day-walkers OR who don’t necessarily prance round in hoodies ALL the time. We’re the good folks, and according to Hollywood, we can stop ships, take control of power stations, AND hack aliens using an Apple Mac. Apparently, the media and the marketing folks in our industry didn’t get those particular memos.
We’re the tinkerers, wizards, witches and warlocks of the digital age…
The physical elements of the computer, system, device, or blinky lights that you’ve purchased… Those things WITH form that occupy space, gathering dust bunnies, or cluttering up the cupboard. (Once they’ve been superseded (Betamax player anyone?))
The things you can touch, the keyboard, screen processor, hard drive, mouse, etc.
The part of the computer you CAN throw across the room when it reboots unexpectedly…
It’s the mathematical formula or function that takes whatever you’d typed on the keyboard or pointed it at and scrambles the heck out of it so that it looks like it makes no sense to anyone apart from the computer itself. (or whatever program or reason it got hashed for in the first place.) The value is unique to the original text, file, picture, OR entire hard drive, so if you change something and run that hash function again… you’ll get a different output. We use the function (or formula) for a whole bunch of things from encryption to forensics and
indexing. (think Google etc.)
Converts one thing into another, often leaving the output “looking” strange BUT really useful.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is a federal law that’s meant to protect sensitive patient information from being disclosed without their consent or knowledge. It tries to cover the areas of physical and digital security as well as administrative best practices. It’s meant to cover anyone that has OR would come into contact with any of your data, from the Dr. you see, the hospital, dentist or other locations AND all the people, companies, and 3rd parties that interact with them.
If HIPAA was taken in the spirit of what it embodies, it would be effective and do a fantastic job of protecting the patient and all their data, however, that’s not always the case which is why we still see so many breaches in healthcare.
Healthcare’s Golden Rule
Why be you when you can be new? OR why be you when you can be someone else? Identity theft is simply the act of becoming someone else for the sake of financial gain, enforcement, avoidance, or something else where being “you” is detrimental to the situation. In the real world as kids, some of us would forge our parent/guardian’s signature on the homework record? In the digital world, it would simply be the act of becoming the parent…
In the digital world, we truly can be anyone we want to be…
Incident Response Plan
When all hell is breaking around you and you’re sitting there in the middle of things as calm and as cool as a cucumber. It’s because YOU have a plan. You know what to do, where to be... and as soon as you can get everyone’s attention, you’ll start to bring order to chaos. Think of the IR plan as a series of instructions on what to do just before the end of the world.
It’s our version of those flight safety cards, instead of telling you to put your head between your legs and kiss your ass goodbye, we simply want you to unplug the computers, grab the office dog, and exit safely.
A set of Instructions for when all hell breaks loose
It is the application or use of technology to store, retrieve, transmit, and work with data. (information) It’s typically applied within the business world, but has its modern origins firmly rooted in the mid 1940’s when the first programmable digital electric computer was designed and used (Colossus) for deciphering enemy encryption. Since then, information technology has infiltrated almost every facet of modern life as we strive to store more, read more, and share more, faster and faster with each passing year. The origins of our digital world…
The origins of our digital world...
A risk that originates from inside. Doesn’t have to be an employee, and often is overlooked as a potential issue within many organizations. Historically we called this an “insider job” and history is littered with examples of banks being robbed by their own managers etc.
The digital rotten apple
Internet of Things (IoT)
This has become the collective noun for everything that has a microchip in it that’s connected to a network. From the toothbrush that talks to your phone, to the fridge and microwave arguing with the doorbell… It is the billions of devices we are surrounded with that are apparently meant to make our lives easier and free up time. From your home, your vehicle, place of business, and everything in between, we interconnect these devices in the hopes they help us. It’s Skynet before gaining consciousness.
It’s Skynet before gaining consciousness.
Internet Protocol (IP) Address
If you look at an IP address it’s often a 4 sets of numbers separated by a “.” Each block has a meaning, and each part of that block will help speed your digital message, mail or YouTube video to and from the right place (most of the time… like the post office, sometimes it DOES go pear shaped.) We have two different types of addresses, but for all intense and purpose they do the same thing…they help work out where to send your digital life.
Your digital street address on the internet
ups… (those annoying windows that flood the screen sometimes…)
It’s the glue that holds YOUR Internet experience together.
It’s THE computer program that’s at the core of the operating system you use, it talks to the hardware, the memory, keyboard, and then takes those conversations and discusses them with operating system and applications you use. Think of it as the broker between you mashing that keyboard and the letters appearing
on the screen…there’s something REALLY complex that has to happen, and the kernel makes sure that it does.
Digital Gandalf or Mercury (winged messenger)
These are programs that watch what you type. They sandwich themselves in the digital world between your keyboard and the operating system or on a mobile device. They often hide RIGHT in front of you as a “cover” for your keyboard. (It looks just like your normal keyboard on your phone.) Their job is to simply record everything you type (mistakes and all) on the keyboard. They are logging passwords, messages, notes, and where you go on the Internet or who you’re talking with. That data is then sent to whomever installed the program on your machine. Often times, they do this without you knowing about it. They’re sneaky, malicious, and often go undetected for a long time.
Remember the Yellow Pages advert “Let your fingers do the walking?” A keylogging program would be the one watching those fingers walk EVERYWHERE…
It’s the unwanted digital assistant watching your every move.
Leet Speak (l337)
These days, more often than not, it’s someone who drank too much of their own Kool-Aid or hasn’t found their way out of the bulletin boards. (our digital meetings places before we had Myspace, Facebook, Etc.)
It’s a form of substitution using characters, numbers, and other things to substitute the alphabet within a word. (Hacker becomes h4x0r, etc.)
1t's 4ll gr33k t0 m3 (It’s all Greek to me…)
Long Lost Uncle
See Scam. Your uncle never was lost in the jungle, nor did he leave a fortune in the bank, nor does that person at the other end of the email OR phone call REALLY care about you. Hang up and never answer the message. Please.
Media Access Control (MAC) Address
A unique code given to every single network interface controller ever made. This is the physical part of the puzzle that allows systems to find and talk with each other in the digital world.
Your physical street address on the Internet.
See Artificial Intelligence. Just slightly dumber than Clippy.
Any program that is intentionally designed to cause harm. It’s a collective term that shelters viruses, trojans, worms, ransomware, spyware, adware, etc. Often folks have accused Microsoft of being malware, sometimes with considerable merit to the argument.
The digital hand grenade
When you used to take a picture (back in the old days) if you wanted to know what it was, which great Aunt was in the shot, or when it was taken you had to scribble notes on the back AFTER you got them from the developers. These days, that job is handled by the metadata. Whether we like it or not, there’s metadata ALL
around us. This document I’m typing into has it. (date, author, file location, version, owner, content, statistics) We call that the properties. Your images have metadata, the location (if you have it turned on) file size and a heap of other little snippets of information ABOUT the information.
It's the data's data.
Millions in the Bank
See Scam. Even if I do have cancer or I’m terminally ill, I’m not leaving my fortune to you, a total stranger whom I’ve just met on the Internet. Seriously, if I have millions in the bank, the relatives will be crowding round me like a pack of vultures and you, my Internet friend will see nothing but an IOU. So run, and run now... and never answer that email. Please.
(Sent in by Rachel Arnold)
Throughout history each era has had its helpers. The unsung heroes or heroines that gladly follow the main character of the plot through thick and thin, often carrying the luggage or cleaning up after whatever skirmish just happened. They can be found clutching bottomless bags filled with weapons, pulling handy levers upon request, or robbing the cemetery for another spare set of limbs for the latest creation. In our digital realm, these are the minions, the carriers of antenna, the first one over the barbed wire fence, the ones to both find AND fetch the Starbucks, or the ones coding the exploit at 3am while the head geek’s taking 40 winks on the sofa.
The unsung underlings
National Security Agency (NSA)
The National Security Agency started life just before the USA entered the FIRST World War (April 1917) back then it was the Cable and Telegraph Section. It had a rocky and somewhat patchy existence until November 4 th, 1952 when the Armed Forces Security Agency was renamed the NSA. (including in 1929 when it was shut down because “Gentlemen do not read each other’s mail”) The agency these days is considered a center of excellence for cryptanalytic research and other matters pertaining to surveillance in both the physical and digital domains. Oh, and yes, nowadays they DO read the emails IF they’ve got the time…
No Such Agency (Once upon a time its existence WAS classified, and you couldn’t buy souvenir mugs or shirts!)
See Scam. Nigeria is a republic, ruled by a democratically elected president, so no prince here.
Nigeria is also a federation of 36 states, so no central prince, however, there ARE parts of the country that still maintain a tribal or ethnic view that a person can be chosen to represent their community or town, however their jurisdiction is limited, and the chances of them having a few million in the bank JUST to send to you is so far from reality we’ve not even discovered the science to find it. So, don’t respond, ever. Please.
Imagine sitting in the middle of the most crowded street in your area. You are painting or writing a book and EVERYONE can come and look at it, watch you work, and eventually provide feedback to you. They can also use your writing or picture for their own use or simply take it and change it. (Salvador Dali style if they so choose…) In the digital world, this is open-source software. You get to build things and then put them out there for others to use, study, or change if they so feel inclined. What it means is you potentially have an amazingly diverse set of eyes and keyboards looking at your work.
The logic behind open source is collaboration and cooperation. When it comes to software code, we ALL make mistakes (lots of them sometimes) so the more eyeballs that are on the code, then the theory goes, the better chance that the code has less mistakes in it.
Many hands (hopefully) make light work…
It might be simpler to explain what a password should NOT be, than what it is! Anyone using 123456, 111111, 123456789, etc. is doing nothing more than providing a quick fence hop into their data and rarely would any of us consider it a password. IF, however we break down what it IS, we arrive at the simple fact that it’s a word, phrase, string of characters or something similar that must be regurgitated to gain access to whatever you are looking to get into. More often than not it’s found on a Post-It-Note attached to the computer, or under the keyboard, however we DO encourage people to store them in nice, comfortable, warm and safe things like password vaults or managers…
The simplest secret that allows you into the digital world...
Remember the days when you used to darn a sock or sew a patch onto that pair of trousers? This is the digital version. Software, systems, and everything we make in the electronic and digital world has bugs or errors in it. Sometimes those errors only come to light (or are found) when you and I are mashing away on the keyboard in a manner NO tester or programmer ever thought possible OR we worked out how to hold down ALL the keys at once just to see what happens. The program breaks. (just as your clothing tears or wears a hole etc.) Patching is simply another piece of software that is laid over the top of (and sometimes replaces) some of the code that you already have. Repairing the hole, the error, or the bug, and allowing you and I to get back to doing things they never thought possible.
The digital equivalent of darning your socks…
Payment Card Information (PCI)
The PCI requirements are a set of standards and guidelines that folks who handle YOUR credit card are meant to adhere to. The standards cover all aspects of how someone takes, holds, stores, moves and processes the data that’s on YOUR credit card. The logic FOR the standards is to try and cut down on credit card fraud by making it harder for adversaries or criminals to steal the information when YOU hand it over to other people. (For those folks who don’t know that black stripe on the back of your credit/debit card hold a LOT of very personal data that is used for both validating you and the card AND can be used to re- create/steal for criminal purposes.)
Compliance is NOT security, ‘nuff said
Penetration Testing (Nice Version)
Think of it as the digital equivalent of a friendly break in where the burglar leaves helpful notes ALL over the house reminding you to lock your doors, to turn on the cameras, not to leave the keys for the cars on the shelf, and that you should really change the combination to the safe. You get all the lessons, you have all the information at your fingertips to help you improve and make changes, AND you have the logic as to “why” to do this. Testing and assessing done in collaborative settings can help all parties learn about themselves in a manner that’s controlled, safe and educational.
Realism without the lawyers and headaches
Penetration Testing (The Rant)
If approached incorrectly, it can be an outdated and outmoded method of shaming a company into paying more money for binky shit that they don’t need. IF done right (and there’s only a few places that are good), it can be a collaborative, cooperative experience where both parties benefit.
Penetration testing puppy mill, a company that employs cheap bodies, gives them crappy tools and then rebrands Nessus reports as “assessments” and charges for the pleasure. (See Scams)
Even within our own industry, we can’t agree what a penetration test is, or what a scan or an assessment is, therefore I’m not even going to attempt to do it. Suffice to say, when someone wants to “test” you, make sure you know what you’re getting into, what questions to ask, and expectations to have, AND make sure it’s a reputable company that WILL take the time to educate you, help you improve, and isn’t in it for just the money.
You’re naked, and they have 50 gallons of lube and rubber gloves.
Personally Identifiable Information (PII)
It’s YOUR information that is stored and identifies YOU. Your full name, address, social security number (National Insurance Number for folks NOT in the USA), your passport, driver’s license, bank, or other numbers or information that point the large digital finger in YOUR direction. Many states are now passing laws to better protect how that data is handled by the very companies you hand it to and what to do (whom to notify, apologize to, etc.) when they eventually lose it.
The catalog of who YOU are...
We all recognize it when it’s pointed out, yet, many of us still fall for the digital confidence trickster that masquerades as a trusted entity. The lawyer claiming to represent your long lost, deceased uncle who left you millions, or the dying elderly lady who wants to give you all her money because you’re kind, or the banker in some far flung country who’s willing to share the entire content of the safe with you IF you’ll split it with them AND if you’ll send them some money so they can send you LOTS more… Don’t fall for these OR any of the other scams PLEASE!
Fool me once, shame on you, click it twice, shame on me...Digital confidence trickster...
A form of active wiretapping, typically done (a long time ago) when we would sneak into a connection while it wasn’t active (between conversations) and actively get “between the lines” to listen in on conversations, monitor status, and other things. In networking terms piggybacking was also used when sending an acknowledgement packet WITH the response/data packet at the same time (as one packet, thereby saving bandwidth).
In the physical world it’s when someone follows you into a building OR you are civilized and open the door FOR them, often without asking them to badge in, provide identification, etc. It’s a social engineering attack that targets human courtesy, often called tailgating.
Leaving your computer for two minutes to go get that cuppa coffee? Thanks, I’m going to wait for you to leave, sit down AT your desk (because you didn’t lock your computer) and piggyback on your access to do what I want/need to do while I’m in the building and guess who takes the blame?
Bad Internet? Terrible connection from one side of the house or building…wait! Your neighbor’s got open wireless, where’s the harm in piggybacking off their signal (although this is iffy given the idiots at Xfinity/Comcast openly LEAVES a names WiFi account “open” on YOUR network for anyone who’s THEIR customer to use…
Sneaking in UNDER the radar…
windows and doors
evicted and locked out
The world of fraud and the tricksters themselves have found the Internet... and with it, they can scheme and scam tens, hundreds, and thousands of people at once. Where before, they were the street hustler, peddler, or petty criminal, they can now, with the aid of a computer and some simple programs; trick targeted groups of people in ever increasingly innovative ways.
There is no pot of gold at the end of the rainbow, the cake is a lie, the check is not in the post, you are NOT a winner, and no, you’re not getting your long-lost uncle's inheritance from outer Mongolia IF you just pay a little something up front.
1001 digital ways to part you from your money
This is where the proverbial rubber meets the road. This is where we have to take what we know about the state of the digital union (and it’s not good) and somehow describe it in terms that everyone else can understand. This is ALL about how WE take what we know and drop it into your noggin. Awareness in its natural state is being conscious of something...to perceive, be aware of, feel, or become cognizant of the ONE simple fact. YOU, in the digital world, are nothing more than a walking chicken McNugget for everyone else unless you wise up, learn some of the basics, and start to defend yourself AND others around you.
Instead of taking up Yoga or Tai-Chi, first take up the digital equivalent. You’ll find it much more rewarding AND I promise you that your future self will appreciate the reduction in stress, ALL without having to bend your left leg around your right ear…
Think before you click! Oh and by the way, we have our own Security Awareness Training!
Picture, video, or music file with hidden messages- some deemed malicious
See (2FA) Two Factor Authentication. Typically, the way to check you are who you say are is by the company or website (bank, Amazon, etc.) sending a code to the phone THEY think you have (or you told them that you own).
Threat Intelligence Platform
Community Submission from Rachel Arnold:
We have a lot of friends with a lot of good vulnerability gossip that we just CANNOT wait to feed to YOU!
Trojan (or Trojan Horse)
You, the user
Won the Lottery
See Scam. No, you didn’t win, neither did you come in second, or get another bit of the apple, and even (by some fluke) you DID win, do you really think they’d ask you to either prove who you are OR ask you to pay THEM money for the money they owe you? No. Never. It’s NOT how it works. So, don’t hand over your identity, your money EVER. Please.
© 2020 Wizer Inc. All rights reserved.