An A-Z guide to the technical terms used in digital security
The Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) is a commonly used challenge-response test to prevent attackers from using computer-generated responses to perform certain repetitive actions, such as signing up for email accounts, submitting online forms and so on.
This test may be used as a security measure on websites, web-based email systems and other services where an automated-response type attack might reasonably be expected.
A CAPTCHA test usually involves the user attempting to solve a challenge that current software cannot solve, such as deciphering a distorted visual image to discern numbers and letters; a correct answer to the challenge leads to the assumption that the user is human and is therefore permitted to use the service.
The widespread use of CAPTCHA security precautions have, ironically, led to the development of attack techniques specifically designed to crack CAPTCHA; most of these attacks still involve human interaction at some stage.
A program or file that has been identified as 'clean' does not contain malicious code or behavioral routines, and performs its stated function.
Under certain circumstances, a clean program may be inadvertently identified as 'malicious', most often due to similarity between the program and a known malware. This miscategorization is known as a 'False Positive' or 'False Alarm'.
The converse, where amalicious file is miscategorized as clean, is known as a 'false negative'.
A type of online attack that involves misappropriating a user's actions on a website to perform unauthorized and unintended actions.
This type of attack generally involves an attacker embedding malicious code or script on the website, often by exploiting an iframe vulnerability. The code is then triggered by certain actions performed by an unsuspecting user, who believes they are performing actions on the actual website.
As an example, the attacker can inject an invisible iframe layer that 'floats' over an existing webpage, with buttons on the floating layer lying directly over buttons on the visible page. If the user clicks on a visible button, they also unintentionally click the corresponding button on the invisible layer, causing unexpected actions to occur.
Almost always used with malicious intent, code injection involves introducing or 'injecting' code into a computer program, causing it to perform in an unexpected manner.
Code injection attacks typically involve an input mechanism, which the attacker can use to enter malicious code instead of the expected input. The attack code may then exploit a flaw or loophole in the logic used to validate the input.
Today, the most common form of code injection attack targets websites using SQL databases to provide dynamic user-generated content services, such as comment boards, forums, etc. In an SQL injection attack, the attacker enters code into a web form, which is improperly validated; a successful attack may grant the attacker access to the SQL database and its content.
Command and Control
The command and control (C&C, or CC) server of a botnet is the main control point for the entire network of enslaved computers.
A command line interface (CLI) allows users to type in text- only instructions directing a program to perform specific tasks. The instructions must be read and interpreted by a command line interpreter in order to be executed.
Most operating systems and many technical business applications include a CLI in addition to the standard Graphic User Interface (GUI) interface, for the benefit of advanced users who often find it more efficient to issue instructions via the CLI.
Conversely, efficient use of the commandline interface requires familiarity with a large number of esoteric commands, which is often beyond the expertise of more casual users.
A construction or creation kit used by malware authors to easily and efficiently create a malicious program.
Constructor kits make it very easy for a malicious user with little or no programming experience to create malicious programs.Often, these kits are simplified so that a user only needs to select the desired features/actions from a list of pre-prepared components.
A simple data file containing information related to a website visitor's activities. The information contained in the cookie can include such details as the user's site preferences, contents of their electronic carts and so on.
Most websites a user visits will save its own cookie on to the visitor's computer system, and then retrieve it when the same visitor returns to the website at a later date, so that the user can continue their previous activities on the website with minimal disruption.
Due to privacy and/or security concerns, some users may opt to totally or selectively accept cookies, though some websites will not function correctly if cookies are not accepted.
Content filter is a type of screening mechanism based on analysis of the content to be passed, rather than its source, behavior or other criteria. Content filtration is commonly used by business organizations to screen emails for spam and other undesirable communiqués.
Content filtration is also commonly used both at work and at home to screen web content during a browsing session. In a business setting, it may be used to prevent access to non-business related sites; the extent of the filtration is typically outlined in an IT policy or guideline.
In the home environment, a content filter may be set by adult supervisors to prevent minors from accessing undesirable sites or materials.
Cross Site Scripting (XSS)
A type of attack in which malicious scripts are injected into a legitimate website in order to be served to subsequent site visitors.
Cross site scripting (XSS) attacks can result in a variety of effects, including hijacked web browsing sessions, stolen session cookies, information theft and more. As more people become increasingly dependent on web-based services, XSS attacks are becoming increasingly common.
A script maybe injected into a website if an attacker inserts executable code into an input form-for example, a comment box or an enquiry form - that does not properly handle the code.
Ideally, websites should have proper input filtering and sanitizing processes that identify the inserted code as harmful and remove it. If there is a weakness or vulnerability in these processes however, the injected code can bypass the filtering mechanisms and 'sit' on the website, where it can then be presented to the next website visitor, usually with harmful consequences.
A number of website vulnerabilities can be exploited for a successful XSS attack. The way the attack is carried out will usually be specific to the vulnerability being exploited and can be categorized as persistent, non-persistent or DOM-based, depending on which classification systems are used.
Cross-site Request Forgery (CSRF or XSRF)
A type of attack that hijacks the authentication credentials issued by web applications (such as a banking portal) to a trusted user's web browser, in order to perform unauthorized actions on the target website.
To perform this attack, the user must be unwittingly tricked (usually by a social engineering scam or malicious redirect) onto a separate website that runs a script targeting the application. The script issues commands to the application via the user's still-authenticated web browser; the commands are relayed to the application, which assumes the instructions are legitimate and executes them.
Unlike a XSS attack, which subverts a trusted web-based application into sending malicious scripts to a user, a CSRF attack exploits how a web app identifies a trusted visitor. In this case, the vulnerability lies with the application that inadequately verifies the authenticity of the instructions being received.