| Hacker | A hacker is someone with deep knowledge of and great interest in a system. A hacker is someone who likes to delve into the inner workings of a system to find out how it works.
The origin of the term is not clear. Some trace it back to the Model Railroad Club at the Massachusetts Institute of Technology in the '50s - others to early radio enthusiasts.
Today the meaning is in transition. It is being used to describe any computer enthusiast who uses his or her knowledge to break into some other person's computer. This is an unfortunate semantic tendency since it loses some genuine fine distinctions.
We prefer to distinguish crackers as the computer enthusiasts who break into computers.
The genuine hacker is more likely to use his or her own computer, or someone else's computer with permission and approval. The genuine hacker will look for weaknesses in the system, but will publish his or her discoveries. The cracker is more likely to keep discoveries secret or disclosed only to other crackers.
In security terms, put very simply, a genuine hacker is a good guy; a cracker is a bad guy. |
| Hacktivism | Hacktivism is a relatively new term for politically-motivated hacking. The term demonstrates how the two terms 'hacker' and 'cracker' are becoming confused - since there is malicious intent involved, it would be best described as 'cracktivism'.
Nevertheless, hacktivism is what we've got. It describes a growing tendency for politically motivated crackers to break into sites and leave a political comment. It is particularly prevalent at times of heightened tension between two nations. Other targets include corporations with bad environmental reputations, laboratories thought to experiment on animals, and so on.
I have little doubt that there are some genuine hacktivists. I have even less doubt that the vast majority are simple crackers and script kiddies trying to mask a lack of morality in the higher ideals and romanticism of fighting for a just cause. |
| Heuristic Analysis | The ability of a virus scanner to identify a potential virus by analysing the behavior of the program, rather than looking for a known virus signature.
In general, heuristic analysis is not as reliable as signature-based virus scanning as it is not possible to predict precisely what a program will do when executed. However, heuristic scanning is a useful addition to any anti-virus policy.
The main disadvantage of heuristic scanning is that the product often produces false alarms when perfectly innocent code is suspected of behaving as a virus might. The main danger with anti-virus software that produces multiple false alarms is that users will eventually start to take no notice of the false alarms, providing the possibility that a genuine virus outbreak will be missed. |
| Hijacking | Hijacking describes an attack where an active, established, session is intercepted and co-opted by the attacker.
In its simplest form this could be desktop hijacking (using other people's terminals while they are away getting coffee).
A more advanced form is known as IP hijacking. This is made possible by the attacker knowing or guessing an IP session's ISN (Initial Sequence Number) sequence. The ISN is used by TCP to sequence and verifiy the individual packets.
Since authentication has already taken place, the hijacker gains all of the privileges of the original client that is being hijacked. A meaningful attack, however, requires that the attacker already knows both the client and the host, and that the client has sufficient privileges for the attacker's purposes.
It is, furthermore, an old and well understood Internet vulnerability. Several systems randomize the ISN to make guessing the correct next number more difficult -- while encryption defeats it altogether. |
| HLP.Family.Variant | Windows Help virus (virus infecting Windows Help files) |
| Hoax.Family.Variant | Pseudo-virus, usually a e-mail alerting about a virus that doesn't exist |
| Hoax Virus | The Internet has long been used to perpetrate hoaxes because of the ease with which 'forgeries' can be made. Usually these are meant to be humorous, such as the many spoof press releases sending up companies such as Microsoft and IBM. Sometimes, however, they can be more sinister. In the Summer of 2000 a false press release about Emulex was distributed. Within an hour of its publication, Emulex suffered a 62% fall in its stock value.
The problem is that there are few easy ways in which information appearing on the Internet can be checked.
The most common hoax, however, is the hoax virus. This usually consists of an e-mail message warning recipients about a new and terribly destructive virus. It ends by suggesting that the reader should warn his or her friends and colleagues, perhaps by simply forwarding the original message to everyone in their address book...
The result is a rapidly growing proliferation of pointless e-mails that can increase to such an extent that they overload systems. Ironically, although a hoax is not a virus, a successful hoax virus nevertheless displays many of the characteristics of a real computer virus. It includes a mission component (denial of service), a trigger component (fear), and a self-replicating component (the gullibility of socially engineered users). |
Powered by