Terminology Abuse To maltreat; injure; revile; reproach; vilify; vituperate; asperse; traduce; malign. To use ill; to maltreat; to act injuriously to; to punish or to tax excessively; to hurt; as, to abuse prisoners, to abuse one's powers, one's patience. Abuse of Privilege To use wrongly or improperly. An unjust or wrongful practice. When a user performs an action that they should not have, according to organizational policy or law. Access Control Lists Rules for packet filters (typically routers) that define which packets to pass and which to block. Access Router A router that connects your network to the external Internet. Typically, this is your first line of defence against attackers from the outside Internet. By enabling access control lists on this router, you'll be able to provide a level of protection for all of the hosts "behind" that router, effectively making that network a DMZ instead of an unprotected external LAN. Algorithm A step-by-step problem-solving procedure, especially an established, recursive computational procedure for solving a problem in a finite number of steps. Application-Level Firewall A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host. Authentication The process of determining the identity of a user that is attempting to access a system. Authentication Token A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords. Authorization The process of determining what types of activities are permitted. Usually, authorization is in the context of authentication: once you have authenticated a user, they may be authorized different types of access or activity. B1FF The most famous pseudo, and the prototypical newbie. Articles from B1FF feature all uppercase letters sprinkled liberally with bangs, typos, 'cute' misspellings (EVRY BUDY LUVS GOOD OLD BIFF CUZ HE"S A K00L DOOD AN HE RITES REEL AWESUM THINGZ IN CAPITULL LETTRS LIKE THIS!!!), use (and often misuse) of fragments of talk mode abbreviations, a long sig block (sometimes even a doubled sig), and unbounded naivete. B1FF posts articles using his elder brother's VIC-20. B1FF's location is a mystery, as his articles appear to come from a variety of sites. However, BITNET seems to be the most frequent origin. The theory that B1FF is a denizen of BITNET is supported by B1FF's (unfortunately invalid) electronic mail address: B1FF@BIT.NET. [1993: Now It Can Be Told! My spies inform me that B1FF was originally created by Joe Talmadge , also the author of the infamous and much-plagiarized "Flamer's Bible". The BIFF filter he wrote was later passed to Richard Sexton, who posted BIFFisms much more widely. Versions have since been posted for the amusement of the net at large. --ESR] Bastion Host A system that has been hardened to resist attack, and which is installed on a network in such a way that it is expected to potentially come under attack. Bastion hosts are often components of firewalls, or may be "outside" web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., Unix, VMS, NT, etc.) rather than a ROM-based or firmware operating system. Baud Bits per second. One baud is one bit per second. Hence kilobaud or Kbaud, thousands of bits per second. The technical meaning is 'level transitions per second'; this coincides with bps only for two-level modulation with no framing or stop bits. Most hackers are aware of these nuances but blithely ignore them. Historical note: 'baud' was originally a unit of telegraph signalling speed, set at one pulse per second. It was proposed at the November, 1926 conference of the Comite' Consultatif International Des Communications Te'le'graphiques as an improvement on the then standard practice of referring to line speeds in terms of words per minute, and named for Jean Maurice Emile Baudot (1845-1903), a French engineer who did a lot of pioneering work in early teleprinters. Binary Any file format for digital data encoded as a sequence of bits but not consisting of a sequence of printable characters (text). The term is often used to describe for executable machine code or machine language which is a set of instructions for a specific central processing unit, designed to be usable by a computer without being translated. Binary: Characterized by or consisting of two parts or components; twofold. Boolean Of or relating to a logical combinatorial system treating variables, such as propositions and computer logic elements, through the operators AND, OR, NOT, and XOR: a browser that supports Boolean searches. Of or relating to a data type or variable in a programming language that can have one of two values, true or false. Byte A unit of memory or data equal to the amount used to represent one character; on modern architectures this is usually 8 bits, but may be 9 on 36-bit machines. Some older architectures used 'byte' for quantities of 6 or 7 bits, and the PDP-10 supported 'bytes' that were actually bitfields of 1 to 36 bits! These usages are now obsolete, and even 9-bit bytes have become rare in the general trend toward power-of-2 word sizes. Challenge/Response An authentication technique whereby a server sends an unpredictable challenge to the user, who computes a response using some form of authentication token. Chroot A technique under Unix whereby a process is permanently restricted to an isolated subset of the filesystem. Cracker One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker. An earlier attempt to establish 'worm' in this sense around 1981-82 on Usenet was largely a failure. Use of both these neologisms reflects a strong revulsion against the theft and vandalism perpetrated by cracking rings. While it is expected that any real hacker will have done some playful cracking and knows many of the basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate, benign, practical reasons (for example, if it's necessary to get around some security in order to get some work done --oops I forgot my password). Thus, there is far less overlap between hackerdom and crackerdom than the mundane reader misled by sensationalistic journalism might expect. Crackers tend to gather in small, tight-knit, very secretive groups that have little overlap with the huge, open poly-culture this lexicon describes; though crackers often like to describe _themselves_ as hackers, most true hackers consider them a separate and lower form of life. Ethical considerations aside, hackers figure that anyone who can't imagine a more interesting way to play with their computers than breaking into someone else's has to be pretty losing. Some other reasons crackers are looked down on are discussed in the entries on phreaking. Cryptographic Checksum A one-way function applied to a file to produce a unique "fingerprint" of the file for later reference. Checksum systems are a primary means of detecting filesystem tampering on Unix. Computer A device that computes, especially a programmable electronic machine that performs high-speed mathematical or logical operations or that assembles, stores, correlates, or otherwise processes information. Dark-Side-Hacker A criminal or malicious hacker; a cracker. From George Lucas's Darth Vader, "seduced by the dark side of the Force". The implication that hackers form a sort of elite of technological Jedi Knights is intended. Data Driven Attack A form of attack in which the attack is encoded in innocuous-seeming data which is executed by a user or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the firewall in data form and launch an attack against a system behind the firewall. Doubled Sig A sig block that has been included twice in a Usenet article or, less commonly, in an electronic mail message. An article or message with a doubled sig can be caused by improperly configured software. More often, however, it reveals the author's lack of experience in electronic communication. Defence in Depth The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls. DNS spoofing Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain. Dual Homed Gateway A dual homed gateway is a system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks. Encrypting Router see Tunneling Router and Virtual Network Perimeter. Firewall A system or combination of systems that enforces a boundary between two or more networks. Gigabyte A unit of computer memory or data storage capacity equal to 1,024 megabytes (230 bytes). One billion bytes. : a unit of information equal to one billion (1,000,000,000) bytes or one thousand megabytes Hacker Ethic The belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise by writing open-source and facilitating access to information and to computing resources wherever possible. 2. The belief that system-cracking for fun and exploration is ethically OK as long as the cracker commits no theft, vandalism, or breach of confidentiality. Both of these normative ethical principles are widely, but by no means universally, accepted among hackers. Most hackers subscribe to the hacker ethic in sense 1, and many act on it by writing and giving away open-source software. A few go further and assert that _all_ information should be free and _any_ proprietary control of it is bad; this is the philosophy behind the GNU project. More controversial: some people consider the act of cracking itself to be unethical, like breaking and entering. But the belief that 'ethical' cracking excludes destruction at least moderates the behavior of people who see themselves as 'benign' crackers (see also samurai). On this view, it may be one of the highest forms of hackerly courtesy to (a) break into a system, and then (b) explain to the sysop, preferably by email from a superuser account, exactly how it was done and how the hole can be plugged -- acting as an unpaid (and unsolicited) tiger team. The most reliable manifestation of either version of the hacker ethic is that almost all hackers are actively willing to share technical tricks, software, and (where possible) computing resources with other hackers. Huge cooperative networks such as Usenet, FidoNet and Internet (see Internet address) can function without central control because of this trait; they both rely on and reinforce a sense of community that may be hackerdom's most valuable intangible asset. Host-based Security The technique of securing an individual system from attack. Host based security is operating system and version dependent. Insider Attack An attack originating from inside a protected network. Intrusion Detection Detection of break-ins or break-in attempts either manually or via software expert systems that operate on logs or other information available on the network. IP Spoofing An attack whereby a system attempts to illicitly impersonate another system by using its IP network address. IP Splicing / Hijacking An attack whereby an active, established, session is intercepted and co-opted by the attacker. IP Splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP Splicing rely on encryption at the session or network layer. Least Privilege Designing operational aspects of a system to operate with a minimum amount of system privilege. This reduces the authorization level at which various actions are performed and decreases the chance that a process or user with high privileges may be caused to perform unauthorized activity resulting in a security breach. Logging The process of storing information about events that occurred on the firewall or network. Log Retention How long audit logs are retained and maintained. Log Processing How audit logs are processed, searched for key events, or summarized. Megabyte A unit of computer memory or data storage capacity equal to 1,048,576 (220) bytes. i.e.: (2^20 = 1,048,576 bytes = 1024 kilobytes.) 1024 megabytes are one gigabyte Network-Level Firewall A firewall in which traffic is examined at the network protocol packet level. Network address / Internet address The 32-bit host address defined by the Internet Protocol in STD 5, RFC 791. It is usually represented in dotted decimal notation. A hosts's Internet address is sometimes related to its Ethernet address. The Internet address is usually expressed in dot notation, e.g. 128.121.4.5. The address can be split into a network number (or network address) and a host number unique to each host on the network and sometimes also a subnet address. The way the address is split depends on its "class", A, B or C as determined by the high address bits: Class A - high bit 0, 7-bit network number, 24-bit host number. n1.a.a.a 0 <= n1 <= 127 Class B - high 2 bits 10, 14-bit network number, 16-bit host number. n1.n2.a.a 128 <= n1 <= 191 Class C - high 3 bits 110, 21-bit network number, 8-bit host number. n1.n2.n3.a 192 <= n1 <= 223 The Internet address must be translated into an Ethernet address by either ARP or constant mapping. The term is sometimes used incorrectly to refer to a host's fully qualified domain name. As used by hackers, means an address on `the' network (see the network; this used to include bang path addresses but now almost always implies an {Internet address}). Net addresses are often used in email text as a more concise substitute for personal names; indeed, hackers may come to know each other quite well by network names without ever learning each others' `legal' monikers. Indeed, display of a network address (e.g on business cards) used to function as an important hacker identification signal, like lodge pins among Masons or tie-dyed T-shirts among Grateful Dead fans. In the day of pervasive Internet this is less true, but you can still be fairly sure that anyone with a network address handwritten on his or her convention badge is a hacker Newbie This term surfaced in the newsgroup news:talk.bizarre but is now in wide use. Criteria for being considered a newbie vary wildly; a person can be called a newbie in one newsgroup while remaining a respected regular in another. The label "newbie" is sometimes applied as a serious insult to a person who has been around Usenet for a long time but who carefully hides all evidence of having a clue. from British public-school and military slang variant of 'new boy'] A Usenet neophyte. This term surfaced in the newsgroup talk.bizarre but is now in wide use. Criteria for being considered a newbie vary wildly; a person can be called a newbie in one newsgroup while remaining a respected regular in another. The label 'newbie' is sometimes applied as a serious insult to a person who has been around Usenet for a long time but who carefully hides all evidence of having a clue. Perimeter-based Security The technique of securing a network by controlling access to all entry and exit points of the network. Phreaking The art and science of cracking the phone network (so as, for example, to make free long-distance calls). By extension, security-cracking in any other context (especially, but not exclusively, on communications networks) (see cracking). At one time phreaking was a semi-respectable activity among hackers; there was a gentleman's agreement that phreaking as an intellectual game and a form of exploration was OK, but serious theft of services was taboo. There was significant crossover between the hacker community and the hard-core phone phreaks who ran semi-underground networks of their own through such media as the legendary "TAP Newsletter". This ethos began to break down in the mid-1980s as wider dissemination of the techniques put them in the hands of less responsible phreaks. Around the same time, changes in the phone network made old-style technical ingenuity less effective as a way of hacking it, so phreaking came to depend more on overtly criminal acts such as stealing phone-card numbers. The crimes and punishments of gangs like the '414 group' turned that game very ugly. A few old-time hackers still phreak casually just to keep their hand in, but most these days have hardly even heard of 'blue boxes' or any of the other paraphernalia of the great phreaks of yore. Policy Organization-level rules governing acceptable use of computing resources, security practices, and operational procedures. Polynomial Of, relating to, or consisting of more than two names or terms. An algebraic expression consisting of one or more summed terms, each term consisting of a constant multiplier and one or more variables raised to integral powers. For example, x2 - 5x + 6 and 2p3q + y are polynomials. Also called multinomial. Proxy A software agent that acts on behalf of a user. Typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination. Pseudo An electronic-mail or Usenet persona adopted by a human for amusement value or as a means of avoiding negative repercussions of one's net.behavior; a 'nom de Usenet', often associated with forged postings designed to conceal message origins. Perhaps the best-known and funniest hoax of this type is B1FF. See also tentacle. 2. Notionally, a flamage-generating AI program simulating a Usenet user. Many flamers have been accused of actually being such entities, despite the fact that no AI program of the required sophistication yet exists. However, in 1989 there was a famous series of forged postings that used a phrase-frequency-based travesty generator to simulate the styles of several well-known flamers; it was based on large samples of their back postings (compare Dissociated Press). A significant number of people were fooled by the forgeries, and the debate over their authenticity was settled only when the perpetrator came forward to publicly admit the hoax. Recursive, Recursion An expression, such as a polynomial, each term of which is determined by application of a formula to preceding terms. A formula that generates the successive terms of a recursion Samurai A hacker who hires out for legal cracking jobs, snooping for factions in corporate political fights, lawyers pursuing privacy-rights and First Amendment cases, and other parties with legitimate reasons to need an electronic locksmith. In 1991, mainstream media reported the existence of a loose-knit culture of samurai that meets electronically on BBS systems, mostly bright teenagers with personal micros; they have modelled themselves explicitly on the historical samurai of Japan and on the "net cowboys" of William Gibson's cyberpunk novels. Those interviewed claim to adhere to a rigid ethic of loyalty to their employers and to disdain the vandalism and theft practiced by criminal crackers as beneath them and contrary to the hacker ethic; some quote Miyamoto Musashi's "Book of Five Rings", a classic of historical samurai doctrine, in support of these principles. Subnet address The subnet portion of an IP address. In a subnetted network, the host portion of an IP address is split into a subnet portion and a host portion using an address mask (the subnet mask). See subnet. Screened Host A host on a network behind a screening router. The degree to which a screened host may be accessed depends on the screening rules in the router. Screened Subnet A subnet behind a screening router. The degree to which the subnet may be accessed depends on the screening rules in the router. Screening Router A router configured to permit or deny traffic based on a set of permission rules installed by the administrator. Session Stealing See IP Splicing. An expression, such as a polynomial, each term of which is determined by application of a formula to preceding terms. A formula that generates the successive terms of a recursion. Trojan Horse A software entity that appears to do something normal but which, in fact, contains a trapdoor or attack program. Tunneling Router A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption. Social Engineering An attack based on deceiving users or administrators at the target site. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user, to attempt to gain illicit access to systems. usenet A messaging system that uses a computer network, especially the Internet, to transfer messages organized in thematic groups. A distributed bboard (bulletin board) system supported mainly by Unix machines. Originally implemented in 1979-1980 by Steve Bellovin, Jim Ellis, Tom Truscott, and Steve Daniel at Duke University, it has swiftly grown to become international in scope and is now probably the largest decentralized information utility in existence. As of early 1996, it hosted over 10,000 newsgroups and an average of over 500 megabytes (the equivalent of several thousand paper pages) of new technical articles, news, discussion, chatter, and flamage every day (and that leaves out the graphics...). By the year the Internet hit the mainstream (1994) the original UUCP transport for Usenet was fading out of use (see UUCPNET) - almost all Usenet connections were over Internet links. A lot of newbies and journalists began to refer to "Internet newsgroups" as though Usenet was and always had been just another Internet service. This ignorance greatly annoys experienced Usenetters UUCPNET The store-and-forward network consisting of all the world's connected Unix machines (and others running some clone of the UUCP (Unix-to-Unix CoPy) software). Any machine reachable only via a bang path is on UUCPNET. This term has been rendered obsolescent by the spread of cheap Internet connections in the 1990s; the few remaining UUCP links are essentially slow channels to the Internet rather than an autonomous network. Virtual Network Perimeter A network that appears to be a single protected network behind firewalls, which actually encompasses encrypted virtual links over untrusted networks. Virus A replicating code segment that attaches itself to a programme or data file. Viruses might or might not contain attack programs or trapdoor payloads. In the 1990s, viruses became a serious problem, especially among Wintel and Macintosh users; the lack of security on these machines enables viruses to spread easily, even infecting the operating system (Unix machines, by contrast, are immune to such attacks). The production of special anti-virus software has become an industry, and a number of exaggerated media reports have caused outbreaks of near hysteria among users; many lusers tend to blame _everything_ that doesn't work as they had expected on virus attacks. Accordingly, this sense of 'virus' has passed not only into techspeak but into also popular usage (where it is often incorrectly used to denote a worm or even a Trojan horse). Warez A term used by software pirates use to describe a cracked game or application that is made available to the Internet, usually via FTP or telnet, often the pirate will make use of a site with lax security. Software piracy is illegal and should be reported to the Federation Against Software Theft (FAST). Warez d00dz A substantial subculture of crackers refer to themselves as 'warez d00dz'; there is evidently some connection with B1FF here. As 'Ozone Pilot', one former warez d00d, wrote: Warez d00dz get illegal copies of copyrighted software. If it has copy protection on it, they break the protection so the software can be copied. Then they distribute it around the world via several gateways. Warez d00dz form badass group names like RAZOR and the like. They put up boards that distribute the latest ware, or pirate program. The whole point of the Warez sub-culture is to get the pirate program released and distributed before any other group. I know, I know. But don't ask, and it won't hurt as much. This is how they prove their poweress [sic]. It gives them the right to say, "I released King's Quest IVXIX before you so obviously my testicles are larger." Again don't ask... The studly thing to do if one is a warez d00d, it appears, is emit '0-day warez', that is copies of commercial software copied and cracked on the same day as its retail release. Warez d00ds also hoard software in a big way, collecting untold megabytes of arcade-style games, pornographic JPGs, and applications they'll never use onto their hard disks. As Ozone Pilot acutely observes: Anti-Social Personalities. Failure to bond. Detached. Two-dimensional. Cast-outs. Misfits. Not all, but one or more of these ters describes a Warez d00dz . A Warez d00dz wants to belong. They have been shunned by everyone, and thus turn to cyberspace for acceptance. That is why they always start groups like TGW, FLT, USA and the like. Structure makes them happy. [...] Warez d00dz will never have a handle like "Pink Daisy" because warez d00dz are insecure. Only someone who is very secure with a good dose of self-esteem can stand up to the cries of fag and girlie-man. More likely you will find warez d00dz with handles like: Doctor Death, Deranged Lunatic, Hellraiser, Mad Prince, Dreamdevil, The Unknown, Renegade Chemist, Terminator, and Twin Turbo. They like to sound badass when they can hide behind their terminals. More likely, if you were given a sample of 100 people, the person whose handle is Hellraiser is the last person you'd associate with the name. The contrast with Internet hackers is stark and instructive. Worm A malicious program. [from 'tapeworm' in John Brunner's novel "The Shockwave Rider", via XEROX PARC] A program that propagates itself over a network, reproducing itself as it goes. Compare virus. Nowadays the term has negative connotations, as it is assumed that only crackers write worms. Perhaps the best-known example was Robert T. Morris's Great Worm of 1988, a 'benign' one that got out of control and hogged hundreds of Suns and VAXen across the U.S.