Wizernary - Translating Geek to English
Have you ever nodded your head to pretend to know what your Tech Team is talking about?
Now you don't have to! Introducing....
A fabulous collection of cyber security definitions with all of the wit, humor, and sarcasm of Wizer Warlock, Chris Roberts! So entertaining, you'll want to read them over and over!
Inspire us by sharing your own term!
2FA (Two factor authentication)
That code you get on your phone from the Internet
Power corrupts, absolute power corrupts absolutely… it’s like having the master key to life, but in the digital realm.
When your phone or system lets you make whatever changes you want, irrespective of any consequences beyond simply asking “are you sure?”
No permission required…
Your digital enemy, they’re out there, in the trenches, the forest, or the building next door, just watching for that opportune moment to take advantage of you, your family, team, company, or the supply chain you so perilously rely upon.
Someone who wants to steal from you or do harm to you
Advanced Persistent Threat
It’s like the digital version of WMDs. We’ll scream from the top of our lungs that we’re about to be brought to our knees with APT’s coming in from (pick a country we don’t like in the moment) until someone gives us money OR allows us to go on the rampage… Then we find out we actually got breached because some numpty left the digital keys under the front door mat.
Really sneaky adversary who doesn’t set off the alarms
You know when you go to look at one website and all of a sudden thing start appearing on your screen like mushrooms after a good rainfall? That’s adware at work. They are the unwanted pop-ups that appear all over your screen trying to entice you to click or subscribe OR pleading for you to just stay etc.
It’s a form of malware that’s really just unwanted or nuisance advertising. You can stop it with the correct settings on your device, and you can clean it up with the right software… Think of it as the digital version of mace, sometimes that’s what it takes to stop someone from pestering you.
Unwanted digital billboards
You know how someone takes over a conversation, or hijacks a point you’re just about to make? OR that person that won’t ever let you finish a sentence because they “always” know the answer? Welcome to the human version of arbitrary code execution. It’s simply when a computer allows someone else to run THEIR programs instead (or as well as) yours… Basically, they’re taking the wind out of your sails and leaving you high and dry.
Sneaking in a program using unlocked side entrance….
Artificial Intelligence (AI)
Really smart computer, it can beat you at chess, but still can’t make good coffee.
It’s the digital equivalent of you leaving your door open, your window ajar, or car unlocked. It’s simply another way to say how someone may attack or take advantage of you. It’s simply the method used to break into you.
How do I love thee? Let me count the ways… See, even Elizabeth Barrett Browning was doing assessments in the 1800’s.
Taking advantage of you
(Log, Record, Tools, Trail)
This is simply the name for the process by which we work out "you are who you say you are." Be you're at the ATM and having to put your PIN number in, sitting at a keyboard typing in a password, or looking at the phone while it decides if that moustache is real or false…They are all methods of authentication. It’s simply working out if you are true, genuine, and valid.
Remember trust AND verify… this is the verify part.
Remember snakes and ladders? A backdoor is like finding that one ladder on your first go that puts you right at 99… Typically, backdoors are disguised or hidden by their creator. More often than not, they used to be fun. (Easter eggs where if you knew the keyboard sequence you could get the program to do something fun) BUT, these days, theirs always talk of putting backdoors into encryption. Problem is, a secret entrance is no longer a secret once more than one person knows about it.
It’s the not-so secret entrance…
It’s an analog dollar in a digital world. Think about it… if I hand you $1, I can’t spend it again, but in the digital world I could copy that digital dollar as many times as I want, so we put that digital dollar in a ledger (so it balances) and we show that I gave YOU my electronic dollar , and we write it down and share it with everyone…so now everyone knows I gave you my digital $1. In the real world, I could just shout out to everyone around me that I gave you my money, but in the digital world it’s all recorded on all the systems that I did it… So, I can spend it once, and if I help WITH the system I can become part of the “mint” (I can even run my own digital printing press as long as I have enough computers) and I can tell that ledger that I’m doing it. Welcome to Bitcoin, a digital dollar in an analog world.
Digital dollars in a digital wallet
There are no hats. There’s certainly NO black hat is bad, white hat is good. Did we use it in the past? Yes. Do we have a conference named after it? Yes. Have many of us realized that it does nothing more than perpetuate a stereotype that is both wrong for our industry AND society as a whole? Yes. Are many of us active in trying to do away with this labeling of good vs. evil? Yes.
Will we succeed? We HAVE to.
Remember the old way of doing accounting? Two ledgers? It’s a digital version of that, but a whole lot more ledgers and a LOT more accountants, all working furiously to record transactions and make sure that they agree AND that nobody can mess with the books.
It’s a digital version of your check register that’s shared with ALL your friends and family.
Your computer. Really, it’s YOUR computer, or anyone’s system that’s infected with malicious code that’s then used to attack and infect others.
A lot of computers being controlled by someone else other than their owners
Remember the Dutch story about the kid that saved the country from flooding? Yeah, it’s like that, but there’s no kid, the hole’s big enough to drive a bus through, and the water? That’s YOUR data leaving…
Someone you didn’t invite in just backed up ALL your data, snuck it out, and has it.
When someone breaks into your home, office or computer
When I don’t know the answer, I guess… and the system lets me keep guessing. Mostly used against passwords where I can “guess” up to a billion times a second using certain types of computer equipment.
Using a digital sledgehammer to crack the walnut
In computer terms, (and not Mother Nature’s creepy crawlies) it’s a coding error, a flaw, an error, or someone, somewhere forgot to put a ";" where it was needed… The program will often still work, but somewhere, something has taken notice and it’s eating memory (making your computer slow) or simply it’ll stop working (for those of you old enough the Microsoft blue screen of death…)
It’s estimated that there’s 15-50 “bugs” per 1,000 lines of code, and most modern cars have 100 million lines of code in them… Think about that next time you are speeding on the motorway.
It’s a flaw, unless you are Apple or Microsoft in which case it’s an “enhancement”
Bring Your Own Device - What it really means is that the company doesn’t want to buy you a computer or phone and you can use your own OR they want to give you one from the stone age and yours is better.
Using your personal device to do work on…
How DO we know what’s at the other end of a keyboard? Ask it a question? Get it to explain emotions? Tell it to solve a riddle? OR do we show it a picture of zebra crossings and traffic lights and ask it to select all the squares with squirrels? Do we show some abstract art cunningly disguised as numbers and letters? Welcome to captcha, one way to (hopefully) slow down the number of automatic computer programs that flood our systems with spam emails and absolute rubbish… The idea is simply to work out if there’s a human or a machine at the other end of the keyboard.
Separating the humans from the microchips…
We don’t know how it works, what it looks like, or who’s hands were on the keyboard…we just have to trust that it works, carries on working, and doesn’t break (too often). This is the realm of closed source software or systems. Remember as a kid when you asked how something worked, and the adult answered, “it just does!”? That’s closed source in a nutshell. It’s the total opposite of open-sourced where the developers, companies and folks put their code and their inventions out there for everyone to look at, review, understand, use, and possibly improve or enhance.
You’re NOT allowed behind the green curtain…
The easy answer is “it’s someone else’s computer” BUT that's like comparing an AMC Pacer to a Bugatti Chiron… Technically true, but about as far from the reality of things as possible. Think of cloud computing as VERY specifically designed and built for one core purpose…the flexibility to allow the rest of us to move all our data, systems, and lives TO it with minimal fuss and hassle…
Next door's computer (you know I had to leave that one in…)
Shared computers and storage in large buildings all over the world
It’s not edible, at least by you… your computer likes them, and websites LOVE feeding them TO your computer. Some of them are nice, the good ones just want to remember what you looked at, what your preferences are, and they help with customizing your experience ON the website. However, there’s a LOT of cookies out there that are NOT nice and are used by advertisers NOT associated with the website you are on. Typically, they are called 3rd party cookies and they will track you, your movement, and do their level best to profile you and work out how to sell you something or worse.
Think of them as a digital fingerprint of where you’ve been on the Internet, what you looked at, and what you did…
It’s a digital (software) tracking device.
This is the digital equivalent of someone coming into your shed, borrowing all your tools to run their gardening company…or coming into your kitchen, using your stove, and ingredients and then selling it…right under your nose AND you don’t even get a free sample.
It’s someone using your computer for their benefit (normally your web browser) so they get to crunch numbers with your processor and slurp up your electricity and likely all you see is a slow computer and keep wondering why your internet’s as slow as molasses.
SETI gone bad...
This is one example of where marketing won over common sense. Cyber is simply the collective name that’s been associated with anything related to the Internet, computers, and the digital age. It’s a combination word taken by blending computer, networks, virtual reality, visions of the future, and whatever else they could find to make Information Technology sound cool and appealing.
We can go back to the Greek and take their word for pilot or steersman (nautical) as those who held the future, and we’ve also got the 1940’s to blame with cybernetics which was the study of control systems and the communications between people and machines. Ultimately though, Information Technology was too much of a mouthful, so cyber was resurrected, dusted off, and the marketing machine ate it up.
Technology… OR a box of microchips doing something fancy…
The protection of computers, networks, systems, hardware, software, and all things related. To protect from theft, damage, or attack by others. To guard against disruption, misdirection, and to safeguard the data entrusted to us. That’s meant to be the heart of Cyber Security. Arguably, we have one job... to protect others. People before process and always before technology.
To ensure confidentiality, integrity, and availability of information and the very systems we all rely upon.
The digital guardians
Denial of Service (DoS)
Think of this as someone unplugging the Internet, or part of it… you can’t get to what you want, your web browser’s sulking, and Netflix is offline. IF you are experiencing a DoS then it means you’ve annoyed someone enough that they worked out how to unplug you or your computers from the Internet, either by attacking your network devices or computers. (office ones or on the Internet somewhere.)
Stopping you from using your digital world
We understand physical security. (locks on doors, windows, and boobytraps in the lawn…) This is the digital equivalent. Think of all the ways we work to try and protect you, your identity, computer, phone, files, and pictures in “our” world. It’s an all-encompassing term that is used to describe the entire process of digital protection.
The cover-all term for all things cyber, cyber, cyber…
The use of digital technology to supplement people and processes in solving problems. Taking something that was manual or human intensive and working out IF and HOW technology could help. The greater goal of digital transformation is cultural and breaking down borders and barriers by bringing everyone together to solve problems, share solutions and simply benefit humanity in all manner of unique ways.
By bringing a diverse cultural experience to a wider audience, in simple terms it would be a market trader in Uganda working out they could sell their goods online. (Etsy, Amazon, Etc.) All of a sudden they’ve got an audience of 4 billion as opposed to whoever’s passing by on the street. It’s got benefits (audience) and challenges (shipping, logistics, tracking, etc.) Opening a business’s eyes to the digital world…
Opening a business’s eyes to the digital world…
Distributed Denial of Service (DDoS)
Like the Denial of Service but typically done from a whole lot of different computers…think of this as the movie “300.” You’re guarding that passageway and a WHOLE LOT of digital Persians are throwing the entire digital version of the kitchen sink at you…eventually you’re going to fail…so go make a cuppa tea and start to go through your Incident Response Plan (see below)
Remember those times at a party or when you’re out enjoying yourself, there’s a crowd of noise and you’re trying to hear ONE person, OR when everyone’s talking to you at the same time and you’re trying to listen to ONE voice… that’s a distributed denial of service.
Think of this as the digital version of turning it up to 11…
An Englishman’s digital castle… Think of a domain as your piece of the digital world. You’ve decided to go onto the Internet and want to stake your claim (remind anyone of the Oregon Trail game… same idea, and as bad a consequence sometimes). A domain is yours (rented for however many years you pay) where you can put whatever you want in it or on it, congratulations you can become the next Amazon, OR could fade away like Myspace…
It’s your own country in the digital world.
It’s that first part of that address you type into the browser… (Amazon, Yahoo, Facebook, etc.)
Domain Name Server (DNS)
Think of it as the contact list or address book for the Internet. However unlike an address book this one’s distributed, and the first place you ask doesn’t always know where to send you…so it goes and asks someone else for the address (root server) that then often goes and asks another server (top level domain server) for where it’s hiding the location… anyway, long story short, your request CAN bounce around while the right owner OF the right address is found. Once that’s discovered your computers told where to go, and off you wander. The upside OF this whole system is that you don’t have to remember an almost infinite number of IP addresses (digital version of a phone number) NEITHER do you have to wait for Elizabeth to come into work and tell you the address (for those of us that remember the REALLY old days!)
The internet's phonebook...
Think of this as the digital version of the WWI and WW2 Windtalkers (or code talkers) that were engaged by the US Military. Originally, the Cherokee and Choctaw peoples helped in the first Great war, then the Navajo in the second. The logic being that only the sender and recipient can understand the message, and to everyone else it’s simply noise.
Turning perfectly usable data into mumbo jumbo since 1900BC, or around 1990 if we are talking the modern digital equivalent.
It’s the digital version of invisible ink.
In the physical world, it’s the crowbar that was used on Pandora’s box, or the same one used to get into your house, shed, or car. It’s simply the act of taking advantage of a vulnerability OR causing a situation where a vulnerability opens up…
To take advantage of you
It’s meant to be a barrier between you and the rest of the Internet when you are sitting at home or in your office, it’s meant to protect you from some of the bad stuff out ON the Internet (or the office next door) but in practice it’s as leaky as an old sieve and as much use as a chocolate fireguard. The problem is, it can’t BE a barrier because it has to let SOME traffic through (the stuff you WANT to see) but in opening that door it’s not very good at stopping uninvited guests from sneaking in too. It tries to ask everyone for their invites, or to ask them why they want to come in, but the attackers are sneaky and will lie to your firewall, and unfortunately, most of the time, it believes the lies.
It’s like Jeeves at home, it’s great at being nice to the right guests who come to the front door, and it can sometimes catch the ruffians trying to sneak in, but it’s fairly useless at watching the windows, the back door, and heavens forbid someone sneaks in through the coal chute… You can’t pension Jeeves off, but you can’t rely upon him to REALLY guard the place.
The digital butler, great if you abide by the rules, totally flummoxed otherwise.
It’s the programs that make the hardware work. When you mash a key on the keyboard OR you yell at Alexa OR print something, there’s a layer between what you’ve done and the app or computer software that shows you the results. That’s the firmware. The keyboard tells the firmware what was pressed, that then tells another piece of software in the operating system (Windows, Linux, Mac, iOS, Android) what you did, and then lo and behold it appears on the screen in the right place… Same for Alexa, the sound hits the microphone which translates waves into 1’s and 0’s, the firmware tells the software what it heard and the rest happens…it’s the layer that makes things work.
It’s THE doorway between human interaction and digital reaction.
To harshly insult you using the Internet as the delivery method. More often than not, it’s done anonymously. (one of the worst aspects OF the Internet is the ease in which people can hide…)
The digital equivalent of “Your mother was a hamster, and your father smelt of elderberries!”
As in the physical world, so be it in the digital one… In the human world, ghosting means to abruptly end a relationship by burning the cards, throwing away the phone, and deleting the email account… In the digital realm, it’s when that’s done TO you… All of a sudden you don’t exist, your cards don’t work, you have no credit, and apparently your social security/national insurance number was given to a squirrel that’s now stuffed on the mantle piece of your adversary. You have become a non-entity, congratulations now you can join the CIA. ;-)
You’ve been erased, wiped out, digitally you are no more.
A living, breathing yellow pages...
A digital portal to the world. Be careful what you ask for...
That’d be me, us, a community, and a LOT of folks who are day-walkers OR who don’t necessarily prance round in hoodies ALL the time. We’re the good folks, and according to Hollywood, we can stop ships, take control of power stations, AND hack aliens using an Apple Mac. Apparently, the media and the marketing folks in our industry didn’t get those particular memos.
We’re the tinkerers, wizards, witches and warlocks of the digital age…
The physical elements of the computer, system, device, or blinky lights that you’ve purchased… Those things WITH form that occupy space, gathering dust bunnies, or cluttering up the cupboard. (Once they’ve been superseded (Betamax player anyone?))
The things you can touch, the keyboard, screen processor, hard drive, mouse, etc.
The part of the computer you CAN throw across the room when it reboots unexpectedly…
It’s the mathematical formula or function that takes whatever you’d typed on the keyboard or pointed it at and scrambles the heck out of it so that it looks like it makes no sense to anyone apart from the computer itself. (or whatever program or reason it got hashed for in the first place.) The value is unique to the original text, file, picture, OR entire hard drive, so if you change something and run that hash function again… you’ll get a different output. We use the function (or formula) for a whole bunch of things from encryption to forensics and indexing. (think Google etc.)
Converts one thing into another, often leaving the output “looking” strange BUT really useful.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is a federal law that’s meant to protect sensitive patient information from being disclosed without their consent or knowledge. It tries to cover the areas of physical and digital security as well as administrative best practices. It’s meant to cover anyone that has OR would come into contact with any of your data, from the Dr. you see, the hospital, dentist or other locations AND all the people, companies, and 3rd parties that interact with them.
If HIPAA was taken in the spirit of what it embodies, it would be effective and do a fantastic job of protecting the patient and all their data, however, that’s not always the case which is why we still see so many breaches in healthcare.
Healthcare’s Golden Rule
Why be you when you can be new? OR why be you when you can be someone else? Identity theft is simply the act of becoming someone else for the sake of financial gain, enforcement, avoidance, or something else where being “you” is detrimental to the situation. In the real world as kids, some of us would forge our parent/guardian’s signature on the homework record? In the digital world, it would simply be the act of becoming the parent…
In the digital world, we truly can be anyone we want to be…
Incident Response Plan
When all hell is breaking around you and you’re sitting there in the middle of things as calm and as cool as a cucumber. It’s because YOU have a plan. You know what to do, where to be... and as soon as you can get everyone’s attention, you’ll start to bring order to chaos. Think of the IR plan as a series of instructions on what to do just before the end of the world.
It’s our version of those flight safety cards, instead of telling you to put your head between your legs and kiss your ass goodbye, we simply want you to unplug the computers, grab the office dog, and exit safely.
A set of Instructions for when all hell breaks loose
It is the application or use of technology to store, retrieve, transmit, and work with data. (information) It’s typically applied within the business world, but has its modern origins firmly rooted in the mid 1940’s when the first programmable digital electric computer was designed and used (Colossus) for deciphering enemy encryption. Since then, information technology has infiltrated almost every facet of modern life as we strive to store more, read more, and share more, faster and faster with each passing year. The origins of our digital world…
The origins of our digital world...
A risk that originates from inside. Doesn’t have to be an employee, and often is overlooked as a potential issue within many organizations. Historically we called this an “insider job” and history is littered with examples of banks being robbed by their own managers etc.
The digital rotten apple
Internet of Things (IoT)
This has become the collective noun for everything that has a microchip in it that’s connected to a network. From the toothbrush that talks to your phone, to the fridge and microwave arguing with the doorbell… It is the billions of devices we are surrounded with that are apparently meant to make our lives easier and free up time. From your home, your vehicle, place of business, and everything in between, we interconnect these devices in the hopes they help us. It’s Skynet before gaining consciousness.
It’s Skynet before gaining consciousness.
Internet Protocol (IP) Address
If you look at an IP address it’s often a 4 sets of numbers separated by a “.” Each block has a meaning, and each part of that block will help speed your digital message, mail or YouTube video to and from the right place (most of the time… like the post office, sometimes it DOES go pear shaped.) We have two different types of addresses, but for all intense and purpose they do the same thing…they help work out where to send your digital life.
Your digital street address on the internet
ups… (those annoying windows that flood the screen sometimes…)
It’s the glue that holds YOUR Internet experience together.
It’s THE computer program that’s at the core of the operating system you use, it talks to the hardware, the memory, keyboard, and then takes those conversations and discusses them with operating system and applications you use. Think of it as the broker between you mashing that keyboard and the letters appearing
on the screen…there’s something REALLY complex that has to happen, and the kernel makes sure that it does.
Digital Gandalf or Mercury (winged messenger)
These are programs that watch what you type. They sandwich themselves in the digital world between your keyboard and the operating system or on a mobile device. They often hide RIGHT in front of you as a “cover” for your keyboard. (It looks just like your normal keyboard on your phone.) Their job is to simply record everything you type (mistakes and all) on the keyboard. They are logging passwords, messages, notes, and where you go on the Internet or who you’re talking with. That data is then sent to whomever installed the program on your machine. Often times, they do this without you knowing about it. They’re sneaky, malicious, and often go undetected for a long time.
Remember the Yellow Pages advert “Let your fingers do the walking?” A keylogging program would be the one watching those fingers walk EVERYWHERE…
It’s the unwanted digital assistant watching your every move.
Leet Speak (l337)
These days, more often than not, it’s someone who drank too much of their own Kool-Aid or hasn’t found their way out of the bulletin boards. (our digital meetings places before we had Myspace, Facebook, Etc.)
It’s a form of substitution using characters, numbers, and other things to substitute the alphabet within a word. (Hacker becomes h4x0r, etc.)
1t's 4ll gr33k t0 m3 (It’s all Greek to me…)
Long Lost Uncle
See Scam. Your uncle never was lost in the jungle, nor did he leave a fortune in the bank, nor does that person at the other end of the email OR phone call REALLY care about you. Hang up and never answer the message. Please.
Media Access Control (MAC) Address
A unique code given to every single network interface controller ever made. This is the physical part of the puzzle that allows systems to find and talk with each other in the digital world.
Your physical street address on the Internet.
See Artificial Intelligence. Just slightly dumber than Clippy.
Any program that is intentionally designed to cause harm. It’s a collective term that shelters viruses, trojans, worms, ransomware, spyware, adware, etc. Often folks have accused Microsoft of being malware, sometimes with considerable merit to the argument.
The digital hand grenade
When you used to take a picture (back in the old days) if you wanted to know what it was, which great Aunt was in the shot, or when it was taken you had to scribble notes on the back AFTER you got them from the developers. These days, that job is handled by the metadata. Whether we like it or not, there’s metadata ALL
around us. This document I’m typing into has it. (date, author, file location, version, owner, content, statistics) We call that the properties. Your images have metadata, the location (if you have it turned on) file size and a heap of other little snippets of information ABOUT the information.
It's the data's data.
Millions in the Bank
See Scam. Even if I do have cancer or I’m terminally ill, I’m not leaving my fortune to you, a total stranger whom I’ve just met on the Internet. Seriously, if I have millions in the bank, the relatives will be crowding round me like a pack of vultures and you, my Internet friend will see nothing but an IOU. So run, and run now... and never answer that email. Please.
(Sent in by Rachel Arnold)
Throughout history each era has had its helpers. The unsung heroes or heroines that gladly follow the main character of the plot through thick and thin, often carrying the luggage or cleaning up after whatever skirmish just happened. They can be found clutching bottomless bags filled with weapons, pulling handy levers upon request, or robbing the cemetery for another spare set of limbs for the latest creation. In our digital realm, these are the minions, the carriers of antenna, the first one over the barbed wire fence, the ones to both find AND fetch the Starbucks, or the ones coding the exploit at 3am while the head geek’s taking 40 winks on the sofa.
The unsung underlings
National Security Agency (NSA)
The National Security Agency started life just before the USA entered the FIRST World War (April 1917) back then it was the Cable and Telegraph Section. It had a rocky and somewhat patchy existence until November 4 th, 1952 when the Armed Forces Security Agency was renamed the NSA. (including in 1929 when it was shut down because “Gentlemen do not read each other’s mail”) The agency these days is considered a center of excellence for cryptanalytic research and other matters pertaining to surveillance in both the physical and digital domains. Oh, and yes, nowadays they DO read the emails IF they’ve got the time…
No Such Agency (Once upon a time its existence WAS classified, and you couldn’t buy souvenir mugs or shirts!)
See Scam. Nigeria is a republic, ruled by a democratically elected president, so no prince here.
Nigeria is also a federation of 36 states, so no central prince, however, there ARE parts of the country that still maintain a tribal or ethnic view that a person can be chosen to represent their community or town, however their jurisdiction is limited, and the chances of them having a few million in the bank JUST to send to you is so far from reality we’ve not even discovered the science to find it. So, don’t respond, ever. Please.
Imagine sitting in the middle of the most crowded street in your area. You are painting or writing a book and EVERYONE can come and look at it, watch you work, and eventually provide feedback to you. They can also use your writing or picture for their own use or simply take it and change it. (Salvador Dali style if they so choose…) In the digital world, this is open-source software. You get to build things and then put them out there for others to use, study, or change if they so feel inclined. What it means is you potentially have an amazingly diverse set of eyes and keyboards looking at your work.
The logic behind open source is collaboration and cooperation. When it comes to software code, we ALL make mistakes (lots of them sometimes) so the more eyeballs that are on the code, then the theory goes, the better chance that the code has less mistakes in it.
Many hands (hopefully) make light work…
It might be simpler to explain what a password should NOT be, than what it is! Anyone using 123456, 111111, 123456789, etc. is doing nothing more than providing a quick fence hop into their data and rarely would any of us consider it a password. IF, however we break down what it IS, we arrive at the simple fact that it’s a word, phrase, string of characters or something similar that must be regurgitated to gain access to whatever you are looking to get into. More often than not it’s found on a Post-It-Note attached to the computer, or under the keyboard, however we DO encourage people to store them in nice, comfortable, warm and safe things like password vaults or managers…
The simplest secret that allows you into the digital world...
Remember the days when you used to darn a sock or sew a patch onto that pair of trousers? This is the digital version. Software, systems, and everything we make in the electronic and digital world has bugs or errors in it. Sometimes those errors only come to light (or are found) when you and I are mashing away on the keyboard in a manner NO tester or programmer ever thought possible OR we worked out how to hold down ALL the keys at once just to see what happens. The program breaks. (just as your clothing tears or wears a hole etc.) Patching is simply another piece of software that is laid over the top of (and sometimes replaces) some of the code that you already have. Repairing the hole, the error, or the bug, and allowing you and I to get back to doing things they never thought possible.
The digital equivalent of darning your socks…
Payment Card Information (PCI)
The PCI requirements are a set of standards and guidelines that folks who handle YOUR credit card are meant to adhere to. The standards cover all aspects of how someone takes, holds, stores, moves and processes the data that’s on YOUR credit card. The logic FOR the standards is to try and cut down on credit card fraud by making it harder for adversaries or criminals to steal the information when YOU hand it over to other people. (For those folks who don’t know that black stripe on the back of your credit/debit card hold a LOT of very personal data that is used for both validating you and the card AND can be used to re- create/steal for criminal purposes.)
Compliance is NOT security, ‘nuff said
Penetration Testing (Nice Version)
Think of it as the digital equivalent of a friendly break in where the burglar leaves helpful notes ALL over the house reminding you to lock your doors, to turn on the cameras, not to leave the keys for the cars on the shelf, and that you should really change the combination to the safe. You get all the lessons, you have all the information at your fingertips to help you improve and make changes, AND you have the logic as to “why” to do this. Testing and assessing done in collaborative settings can help all parties learn about themselves in a manner that’s controlled, safe and educational.
Realism without the lawyers and headaches
Penetration Testing (The Rant)
If approached incorrectly, it can be an outdated and outmoded method of shaming a company into paying more money for binky shit that they don’t need. IF done right (and there’s only a few places that are good), it can be a collaborative, cooperative experience where both parties benefit.
Penetration testing puppy mill, a company that employs cheap bodies, gives them crappy tools and then rebrands Nessus reports as “assessments” and charges for the pleasure. (See Scams)
Even within our own industry, we can’t agree what a penetration test is, or what a scan or an assessment is, therefore I’m not even going to attempt to do it. Suffice to say, when someone wants to “test” you, make sure you know what you’re getting into, what questions to ask, and expectations to have, AND make sure it’s a reputable company that WILL take the time to educate you, help you improve, and isn’t in it for just the money.
You’re naked, and they have 50 gallons of lube and rubber gloves.
Personally Identifiable Information (PII)
It’s YOUR information that is stored and identifies YOU. Your full name, address, social security number (National Insurance Number for folks NOT in the USA), your passport, driver’s license, bank, or other numbers or information that point the large digital finger in YOUR direction. Many states are now passing laws to better protect how that data is handled by the very companies you hand it to and what to do (whom to notify, apologize to, etc.) when they eventually lose it.
The catalog of who YOU are...
We all recognize it when it’s pointed out, yet, many of us still fall for the digital confidence trickster that masquerades as a trusted entity. The lawyer claiming to represent your long lost, deceased uncle who left you millions, or the dying elderly lady who wants to give you all her money because you’re kind, or the banker in some far flung country who’s willing to share the entire content of the safe with you IF you’ll split it with them AND if you’ll send them some money so they can send you LOTS more… Don’t fall for these OR any of the other scams PLEASE!
Fool me once, shame on you, click it twice, shame on me...Digital confidence trickster...
A form of active wiretapping, typically done (a long time ago) when we would sneak into a connection while it wasn’t active (between conversations) and actively get “between the lines” to listen in on conversations, monitor status, and other things. In networking terms piggybacking was also used when sending an acknowledgement packet WITH the response/data packet at the same time (as one packet, thereby saving bandwidth).
In the physical world it’s when someone follows you into a building OR you are civilized and open the door FOR them, often without asking them to badge in, provide identification, etc. It’s a social engineering attack that targets human courtesy, often called tailgating.
Leaving your computer for two minutes to go get that cuppa coffee? Thanks, I’m going to wait for you to leave, sit down AT your desk (because you didn’t lock your computer) and piggyback on your access to do what I want/need to do while I’m in the building and guess who takes the blame?
Bad Internet? Terrible connection from one side of the house or building…wait! Your neighbor’s got open wireless, where’s the harm in piggybacking off their signal (although this is iffy given the idiots at Xfinity/Comcast openly LEAVES a names WiFi account “open” on YOUR network for anyone who’s THEIR customer to use…
Sneaking in UNDER the radar…
Think of them as additional digital Lego pieces that you can add to your existing system. You want larger Lego wheels, then you CAN have them. (a custom browser plugin that runs videos) You want tinted Lego windows, install the plugin FROM the distributors site (NOT a 3rd party location) and you’ve got them.
We’ve covered the IP address elsewhere in this compendium, so now we’ve arrived AT the destination, we have to work out how we’re getting into the darn place. This is where ports come in. Think of them as all the various ways INTO your target address, they are the doors, windows, chimney, and coal holes of the digital
world. In the digital house, there’s 65,535 ways in though, ranging from the normal (80/443, HTTP/HTTPS your web browser) to email on 110/995/143/993 (POP3/IMAP) through to the obscure (32887/Ace of Spades) or the more infamous Back Orifice on 31337.
65,535 front doors into your house…
The digital version of being evicted and locked out of your digital life. It’s a type of computer program that, once it has access to your systems can/may and often will encrypt the data, the drives, and then take a copy, leaving you with a ransom note and a limited amount of time to pay up or suffer the consequences. It is simply
there to harvest money from people, companies, and systems that are especially vulnerable or not well maintained. It is an escalation of simply infecting your system and seeing IF you can recover.
The digital gun to your head
Welcome to an adversary (attackers, bad person’s) digital toolbox. The word comes from two familiar ones being smashed together. Root (the “GOD” mode in computing terms) and Kit. (exactly what it is) It’s the Swiss Army knife of the attacker, albeit in digital or code format. The idea is to be able to sneak into your system, drop my rootkit into your operating system and then be able to have all sorts of ways in, out and around without you knowing. I might have ways past your antivirus, or endpoint detection, ways to steal your keystrokes, watch your camera, or harvest your accounts, all with stealth AND be able to package the data up and send it out without you even knowing I’m there.
Adversarial Swiss Army knife…
You remember the days when the police used to stand in the crossroad directing traffic while standing on the podium? (Italy and India still have them…) That’s your router. The router’s main job is to take traffic and move it to the right place, sometimes also doing checks, inspections, and other things as it’s moving those packets.
Many of us have routers connecting our homes to the Internet (that box the cable provider gives you, that’s your router). It takes home traffic and moves it along to the Internet, often directing it along the way towards the right things you’re looking for.
It’s a little smarter than a bridge, repeater, hub, or a switch, or other devices you might find in a network as you can give it instructions rather than just hoping things go from point A-B.
Smarter than your average CAU
It’s a controlled digital testing environment, mimicking the real systems around you, that is often isolated FROM everything around it so you can play, explore, and experiment to your hearts content without damaging anything. Often you can find companies testing email attachments, suspect file,s and other oddities they’ve found on the Internet OR dragged in through email etc.
(You sometimes don’t know if a file has a virus until you can run it and you NEVER want to do that in anything that’s connected to the rest of the world…)
Somewhere to test a digital controlled explosion...Your digital padded cell
The world of fraud and the tricksters themselves have found the Internet... and with it, they can scheme and scam tens, hundreds, and thousands of people at once. Where before, they were the street hustler, peddler, or petty criminal, they can now, with the aid of a computer and some simple programs; trick targeted groups of people in ever increasingly innovative ways.
There is no pot of gold at the end of the rainbow, the cake is a lie, the check is not in the post, you are NOT a winner, and no, you’re not getting your long-lost uncle's inheritance from outer Mongolia IF you just pay a little something up front.
1001 digital ways to part you from your money
A set of instructions in a chosen computer language that reads like a regular to-do list. Think of it as a set of commands that the computer understands (and often we can still read).
Digital to-do list for the computer
Secure Socket Layer (SSL)
This is the older way that we used to communicate securely. The data was encrypted/scrambled in a way where only the sender and recipient understood the instructions. It was the primary way to make sure what you typed into your web browser was only seen by you and whomever you were talking with, buying something from, or selling to (or many other uses to make sure that data wasn’t sent “in the clear” (not encrypted)). It’s now been superseded by Transport Layer Security as a more robust and
secure way to send data.
Our digital carrier pigeon WITH a padlock…
This is where the proverbial rubber meets the road. This is where we have to take what we know about the state of the digital union (and it’s not good) and somehow describe it in terms that everyone else can understand. This is ALL about how WE take what we know and drop it into your noggin. Awareness in its natural state is being conscious of something...to perceive, be aware of, feel, or become cognizant of the ONE simple fact. YOU, in the digital world, are nothing more than a walking chicken McNugget for everyone else unless you wise up, learn some of the basics, and start to defend yourself AND others around you.
Instead of taking up Yoga or Tai-Chi, first take up the digital equivalent. You’ll find it much more rewarding AND I promise you that your future self will appreciate the reduction in stress, ALL without having to bend your left leg around your right ear…
Think before you click! Oh and by the way, we have our own Security Awareness Training!
Social Engineering Attack
The art of using deception, manipulation and other tactics against targeted individuals in order to gain information, trust, or to simply get them to perform certain actions on your behalf. It relies heavily on human interaction and often involves tricking or confusing individuals into deviating from standard practices in order to allow the attacker to gain legitimate, authorized access
to systems or information.
The art of human manipulation
While we talked about scripts above being a set of instructions, we tend to think of software as being a whole collection of those instructions (sometimes we’re talking Tolstoy’s War and Peace scale instructions) to enable someone to work on the computer OR for the computer to simply function. Your operating system is considered software (unless it’s Unix in which case it’s considered an unfathomable jumble of madness). Your web browser is another software package (again, unless it’s Exploder or Chrome, in which case some would consider it malware or spyware). It’s the software that allows us to interact with the very silicon systems
all around us.
Our interface into the digital realm
Life was simpler in the old days... you had someone in the bushes watching the house with a good set of binoculars, you knew there were bugs in the lights, behind the paintings, and under the table… we miss those days of simple spying. Nowadays, we have software that sits, hiding on your systems, watching your keystrokes, taking pictures of your screen, or simply watching and listening for whatever it’s looking for. It can also be listening to your voice (or the keyboard movements) as well as anything else in the house or office that takes its fancy… all without us often knowing it’s happening.
Our unwanted digital shadow
The art of hiding in plain sight through the use of picture, video, or music files with hidden messages concealed within. Think of this as those nested Russian dolls. What you SEE is a single, large, well-manicured doll…what’s hidden are several others inside, often with their own messages, agendas, or specific artwork. The practice goes back at least 1,500 years and is often forgotten in pursuit of cryptography (talked about elsewhere here…) Embedding (hiding) a file within a file…
There's more to the Mona Lisa than meets the EYE...
(Thanks Loannis Samantouros)
You know when you cut corners with that piece of code, or that new walkway, or anything where speed is prioritized over doing it right… Welcome to technical debt. We’ve called it other things over the years, but the basic premise is you ALWAYS have to pay the piper. There’s never an escape (unless you sell the company
at which point it becomes someone else’s problem…welcome to the issues of IoT!)
Digital short cuts coming back to bite…
See Two factor authentication, however it’s typically the way to check that you are who you say are by the company or website (bank, Amazon, etc.) sending a code to the phone THEY think you have (or you told them that you own). We talk a lot about multi-factor authentication being something you know, you are, or you own (pick two). So many times your phone becomes part of that equation. Its certainly NOT the most secure way to do two factors, but for many, it’s the most convenient.
It’s better than JUST a password, but only just…
Threat Intelligence Platform
Community Submission from Rachel Arnold:
We have a lot of friends with a lot of good vulnerability gossip that we just CANNOT wait to feed to YOU!
Transport Layer Security (TLS)
See Secure Socket Layer (SSL) but with added whoomph, handshakes, and mathematical subterfuge...
Turbo digital carrier pigeon with a much bigger padlock!
Trojan (or Trojan Horse)
The Greeks are going to have to take the blame for the name, because, if we believe the fables around 3200 years ago, they very nicely left a parting gift for their foes (a horse) which was taken into the city and
subsequently (much to the surprise of the folks who brought it INTO the city) was found to contain a squadron of warm, annoyed, and very much alive, armed enemies… Now, anyone that brings a heavy horse that seems to be breathing INTO a city they’ve been defending for years deserves to lose the fight. Best set fire to the darn thing outside the gate next time! However, in our digital world, hiding an attacking program inside a nice looking document, image, or file is the equivalent of what the Greeks did. SO, the next time someone tries to send you one of those Internet Cat memes, DON’T download it and go around to their house and set fire to their computer.
Beware of Geeks bearing gifts…
As in fantasy, so in digital… In the fantasy world, a troll is a mythical cave dwelling being (or under the bridge for a change of scenery) depicted in folklore as rarely helpful towards humans (or goats). In the digital world, it’s almost the same. They are often intentionally inflammatory aiming to upset or provoke their targets into an emotional response. As in the fantasy world, the general sentiment among the Internet is that the digital troll also needs to be thrown off the bridge into the gorge below.
Don't feed the trolls.
Virtual Private Network (VPN)
It’s the digital equivalent of having your OWN lane on the crowded highway, with your own security escort, knowing full well no pesky oiks or common folks are going to get in your way…. You have to use the same roads as everyone else (the Internet) yet you have your own lane everywhere you go that protects you from the uncouth rabble around you. Welcome to a “virtual” private network, it looks, smells, tastes, and feels the same as the real thing yet it’s overlayed on top JUST for you…
Your own Digital HOV lane…
A little history...Computer viruses have been around for the last 50 years…the first one targeted the DEC systems linked to the fledgling thing we now call the Internet (ARPANET). For a while, it was fairly quiet. Then, in 1986 and 1988, we had Brain and The Morris, two programs that spread (like a traditional human virus) to infect computers through various security holes or communication protocols. (Worth noting that The Morris infected (accidentally) around 15,000 computers which back in the 80’s was about the sum total OF the Internet.) Basically, take the same thing a biological virus does and bring it into the digital world…. Infect something, copy one’s self, and then look for new hosts.
As in reality, so in digital…
Welcome to you, yourself, and your place in the digital realm. You, the breathing bag of skin, water, and squishy bits. You are the wetware, the thing sitting between the keyboard and the chair. When we talk about a wetware attack, we’re talking about how to circumvent you, how to manipulate you, or “encourage” you to do something you’d not ordinarily do. (like lend money to a total stranger just because they’ve got their own bank in Kenya).
There ARE wetware computers, interfaces, and systems. These typically are bio implants, software designed to interface with neurons or other systems (muscles, etc.) and other interface architectures that allow a human to work more closely or directly with the digital world around them.
The organic bit between the keyboard and chair
See Black Hat. This is the other end of that spectrum and also needs to be learned from and never used in the context of IT/InfoSec/Cyber ever again.
There are NO hats.
It’s a living, breathing digital Encyclopedia Britannica for everything we think we know, compiled by everyone on the planet, curated by volunteer editors, and designed to answer as much as it can about anything IN the known universe. It is one of the (if not THE) largest general reference works on the Internet.
Community brain trust
Won the Lottery
See Scam. No, you didn’t win, neither did you come in second, or get another bit of the apple, and even (by some fluke) you DID win, do you really think they’d ask you to either prove who you are OR ask you to pay THEM money for the money they owe you? No. Never. It’s NOT how it works. So, don’t hand over your identity, your money EVER. Please.
A more independent and intelligent virus. (See Virus) Think of it as the teenager that’s grown up a bit, has gone out into the world on their own, and is exploring around. There’s no need (or little need) for interaction by the host… They just get on with things and wander round. They’re not attached anymore, they like their own company, and can be fairly independent. They’ve NOT worked out how to grow up more or adapt, but they’re still bloody annoying…. just LIKE teenagers. (polymorphic)
Sneaky virus with independence and intelligence
The cynic in me wants to tell you it’s a marketing term or buzzword that’s used to incite panic, fear, and uncertainty into the population to get them to buy more stuff to make them feel safer and protected. However, that aside, there IS a logical explanation for what a 0-Day, or zero-day is, and it’s simply the fact that some enterprising individual, team, or nation state found a flaw in the system that wasn’t discovered during the design, build, testing, or QA process. It’s like stumbling upon that hidden room that nobody knows about by twisting the chandelier 90 degrees… The owner goes, “Damm, didn’t know about that.” The designer goes, “Hmmmm, that’s new…" The testing team wants to talk with you about HOW you plan that AND you’re sitting there with the keys to the kingdom that nobody knows about. The question then is, what ARE you going to do?
Didn’t see that one coming….Undocumented features
© 2020 Wizer Inc. All rights reserved.