Friday, February 28, 2014

Part III-1: Security Terminology


<- Previous Post | Main Post | Book review | Next Post ->

Non-Technology Terminology

          • Maildrop: Rent a mailbox, and them ask victims to send packages or information to the mailbox. 
          • Reverse social engineering: Create a condition to coax victims to call the attacker for help. In this case, the victim has already trusted the attackers. It is very easy for the attackers to ask for information or ask the victims to do something. 
          • Dead drop: A place where you drop an item in order (for you or for others) to retrieve it later; It could be a rented locker, a hidden hole in a wall, or an FTP server in another country. 

Technology-Related Terminology

  • Trojan horse: A malicious software disguised as a useful software; Victims innocently download this software out of their need to do their work, not knowing that the software also contains malware. 
  • Remote command shell: A text-based configuration panel, which helps users achieve task from a remote location; A hack uses this as a tool to access victims’ computers. 
  • Name drop: Refer to someone of high authority or familiarity to establish rapport with the target
  • Dumpster diving: An act of looking through trash for useful information
  • RAT (Remote Access Trojan): A Trojan which lets an attacker controls the victims’ computer system offsite.
  • Backdoor: A secret entry which allows a person into your system. 
  • SSL (Secure Socket Layer): An abstract concept which strengthens security in network communication; Its most widely-used implementation are, for example, SSH or HTTPS. 
  • Phishing: Set up a clone of a legitimate website with the aim to dupe users into entering their user name and password. One of the most effective phishing scheme is to attach ‘-secure’ after the original URL. For example, paypal.com is legitimate, but paypal-secure.com could be a phishing website. 
  • Dumb terminal: A computer without micro-processor.
  • Enumeration: An act of trying several combination in order to find  out the process, services, and user names of a system. 
  • Dictionary attack: An act of guessing password based on words in dictionaries. Here’s how hackers do it. First try, say, 800 most commonly used passwords. If it doesn’t work, try all words in English dictionary. This could take up to less than 30 minutes. Next, try names such as first names, last names, terms in Bible and other movies like Star Trek or Lord of the Ring. 
  • Brute-force attack: A password attack strategy which tries all combinations of text.
  • Shoulder surfing: An act of looking over one’s shoulder in order to see his or her password while he or she is typing.


Source: The Art of Deception: Controlling the Human Element of Security
---------------------------------------------------------------------------------------------------------

Book or Audiobooks?

          Personally, I prefer audiobooks. It's fun, and I can listen when I'm doing something else. It also makes other activities (e.g., jogging) a lot more fun. For more detail about audiobooks, please read [this post].   
          There is one more reason that may encourage you to go for the audiobook version. You can get it now for FREE. Audible offers you a free trial for 14 days. Even if you get the book and cancel the subscription right away (so that you don't have to pay), you can keep the book. And, don't worry if you lost the audiobook file. Just log into audible.com. You can keep downloading the over and over again.

    About the summary: It takes time to finish up a book. And, when you do, sometimes, you want to review what you learn from the book. If you do not make  notes as you read, you might have to go through the book once again. This can be time-consuming when you are dealing with a book. But you can still flip through the book and locate what you are looking for.

However, when the material is an audiobook, it is extremely hard to locate a specific part of content. Most likely you will have to listen to the entire audiobook once again.

This book summary will help solve the pain of having to go through the book all over again.

I am leaving out the details of the books. Most books have interesting examples and case studies, not included here. Reading the original book would be much more entertaining and enlightening. If you like the summary, you may want to get the original from the source below.


1 comment:

  1. Great Article
    Cyber Security Projects

    projects for cse

    Networking Projects

    JavaScript Training in Chennai

    JavaScript Training in Chennai

    The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

    ReplyDelete