| Sandbox | Denis Howe defined 'sandbox' (Free On-line Dictionary of Computing - FOLDOC, 1993) as a 'Common term for the R&D department at many software and computer companies (where hackers in commercial environments are likely to be found). Half-derisive, but reflects the truth that research is a form of creative play.'
Today, 'sandbox' is more likely to refer to the code technology that provides the basis of Java's security. 'Trusted' code is allowed full access to the system. 'Untrusted' code is restricted to the sandbox, a protected and limited area of memory in which the code may 'play' without causing any damage to the host system. In practice, this usually means that a Java application has full access to the system, while a Java applet (as downloaded from the Internet) is limited to the protected sandbox. |
| Script kiddies | A derogative term used to describe 'wannabe hackers'. Given that the original meaning of 'hacker' was not pejorative, but described a person with great systems knowledge and ingenuity, a script kiddie is someone who likes to break into other peoples computers, but does not have the personal expertise of the genuine hacker.
Instead, the script kiddie relies on scripts and tools written by other people. For example, there are probably hundreds of script kiddies probing computer systems with tools like SATAN at any time.
Script kiddies are probably more of an infernal nuisance than a serious threat. But it is a serious nuisance:
"We are creating hordes and hordes of script kiddies. They are like cockroaches. There are so many script kiddies attacking our networks that it's hard to find the real serious attackers because of all the chaotic noise."
Marcus Ranum, speaking at the Black Hat Security Conference, 2000. |
| Security Awareness | A term used to describe the understanding of security requirements and methods. All companies should operate security awareness programmes to teach staff about the need for information security, the threats to information security and the methods for maintaining information security. Security awareness and security awareness training should be built into the security policy which should be part of the contract of employment. |
| Shadow Passwords | On most Unix systems, users' passwords are stored in a file to which every user has read/write access. It is relatively easy for a hacker to obtain a copy of this file and, by using one of a number of commonly available tools, to decode the encrypted user passwords stored within it.
More secure Unix versions use a system called Shadow Passwords. Here, the globally-readable password file contains various details about users, but not their actual passwords. These are held in a separate file which can be accessed only by a process running at root level. Such passwords can still be accessed (in encrypted form, of course) by hackers, but only by those which manage to gain root level access to the system. |
| Shareware | Software distributed by the shareware method. To obtain the software you simply copy it from a friend or colleague, or download it from an online service. You then evaluate it (normally for a period of 30 days). If you then decide that you wish to use the software, you send a payment direct to the author. If you do not intend to use the program you simply delete it.
Many people refer to software as being either “shareware” or “commercial”. This gives the impression that software distributed by the shareware method is not commercial. However, it is, and using shareware beyond the evaluation period without sending the registration fee is no different from using a pirated copy of a conventional software package. |
| Shell | A utility program that enables the user to interact with the UNIX operating system. Commands entered by the user are passed by the shell to the operating system for execution. The results are then passed back by the shell and displayed on the user's display. |
| Smurf | A common technique of performing a DoS (Denial of Service) attack -- but one that takes a different approach to the usual DoS routine. DoS would normally use default pings to overwhelm a given host. But to really overwhelm the resources of a given target, the attacker would have to compromise many computers, and have them ping the target simultaneously.
The difference that Smurf provides is the ability to launch a DoS against a target from only a single computer. Smurf works by sending a ping packet to the broadcast address of a network, using a spoofed source IP address. The source IP address is the actual target. When all the clients of the network respond to the ping packet, they will all be sending a reply to the single spoofed address. It is this multiple response that is the actual DoS attack, overwhelming the spoofed target system. |
| Sniffer | A program that monitors network traffic. Sniffers are used to capture data transmitted on a network. The act is called sniffing.
Like so many security applications, sniffers can be used to either enhance or weaken network security. Intrusion Detection Systems use sniffers to detect suspicious traffic; hackers use sniffers to obtain passwords. |
| Spam | Spam is the term given for electronic junk mail -- indiscriminate unsolicited commercial e-mail. It is a growing problem, and no e-mail user is immune. It is generally accepted that the name originated from Monty Python, but it is not clear whether it comes from the menu sketch that offered spam with everything, or the Viking chorus that sang “spam, spam, spam” until it obliterated all other conversation. Both derivations fit. Incidentally, electronic spam should be written in lower case to avoid confusion with the SPAM™ of Hormel Foods Corporation.
But despite the humorous etymology, spam is a serious problem. It can lead to denial of service. It can cost thousands of dollars in wasted employee time. It can lead to the unwitting display of pornographic material on users' screens. And it causes an awful lot of heat under the collar.
One of the problems is that there is a tendency to omit the term 'indiscriminate' from the definition of spam. As a result, many users now consider the receipt of all unsolicited commercial e-mail to be spam. Commercial e-mail is a fact of life, and we should get use to it - just as we get used to physical junk mail. What we don't like we bin without opening it.
Overreaction just causes problems all round. Genuine spammers, those who fire off indiscriminate junk e-mail so that you receive half a dozen copies of the same mail in a single day, or different mails from the same source every day, almost invariably cover their tracks. They hijack other servers; they forge mail headers; they piggyback on vulnerable software (as has happened with FormMail); and they use ISPs in less well regulated countries. Thus, complaints to abuse@TheSendersISP.com will hardly ever solve the problem of genuine spam.
There are organizations that compile lists of known spammers (sometimes called black holes) that are made available to ISPs who can then decide to block them, or insert a spam-warning in the e-mail header. The problem with this approach is that there is a serious risk that genuine commercial communication could be erroneously blocked. This is effectively censorship by a third party who is involved with neither the sender nor the receiver and almost certainly hasn't read the message itself. Nevertheless, there is something to be said for it. In one case, Virgin.Net was black-holed because one of its users sent out 250,000 junk e-mails - which clearly qualifies for spam. You could say that Virgin.Net was unjustly treated - or you could say that it should have had procedures in place to prevent such an occurrence. The real victims, given that the ISP had an estimated 250,000 customers, were the other 249,999 innocent users who suddenly found their e-mails being bounced by other ISPs.
Spam is a problem. There is no easy solution. Overreaction doesn't help. Over-restriction doesn't help. Each individual needs to seek a solution that works for him or her. |
| Spammer.Family.Variant | Mail Spam Program (programs which send unsolicited mail) |
| Spoofing | Faking the origin; for example, forging mail headers to make it appear that messages originated elsewhere. One spoof incident reported by CERT involved messages sent to users, supposedly from local system administrators, requesting them to change their password to the new value provided in the message. These messages were not from the administrators, but from intruders trying to steal accounts.
Web spoofing. Academics at Princeton university published a paper describing how easy it is for Web spoofers to produce a 'fake' site that can sit between the user and his or her intended destination. Ths spoofers could receive messages and then pass them on to the true destination, and could receive replies and pass them back to the user. In this way it would be possible to 'filter' valuable information, possibly without the parties concerned ever knowing that it had occurred. |
| Spyware | Spyware is any product that employs a user's Internet connection in the background without his or her knowledge, and gathers/transmits information on that user or his or her behaviour. It is a rather loose term for a class of software that is generally unrequested, hidden and unknown on the user's PC. Its purpose is to quietly mail home with information about the user, and is usually associated with adware.
It is insidious in that it is often built into genuine and useful shareware programs - and there is often 'small print' in the agreement that nobody reads but confirms its acceptance by the user. In this way, spyware usually defeats personal firewalls since it is specifically allowed by the user.
It often defeats Anti-virus software on legal grounds. Since the spyware is either wholly or part of a 'commercial' product, any attempt by AV software to remove it could be considered restraint of trade. AV companies tread very carefully here.
In general, spyware is used for commercial purposes - to help the vendor build a profile of the likes and dislikes, habits and preferences of the user. At these times, spyware is more of a threat to privacy than it is to security.
However, there is another category of spyware that is altogether more worrying. This has nothing to do with adware, but is more concerned with snooping. Such systems can, for example, make a record of all the users' keystrokes (which would include, for example, web sites visited, passwords entered, and credit card numbers used) and surreptitiously mail them to the spyware 'owner'. The developers of this type of spyware often claim legitimacy by pointing out that it could be used by worried parents wanting to keep a tab on their children's use of the Internet. |
| SQL (Structured Query Language) Injection | refers to a technique or type of malicious attack which exploits security vulnerabilities within an applications database layer. It allows an attacker to add or inject unexpected SQL code to a Web form and thus to gain access to and manipulate the database content.
For instance, any on-line shop displays a login Web page for customers authentication. The alphanumeric strings you insert as the username and password in the corresponding form fields are included in a query which addresses the database. If the combination between your username and password matches the one stored within the database, you gain further access and you are allow to start shopping, place orders and manage other account settings. On the other hand, if the username and password pair you insert does not match any of the possible combinations from the database, your access is denied.
The scenario I just outlined represents the normal usage of the Web form, where the database expects from the user those two specific alphanumeric strings as part of the SQL query addressing the database. The unexpected code previously mentioned, the one a harvester or other cybercriminal would employ to gain database access, refers to specific SQL instructions he or she might input in the Web form fields instead of the username and password. Although the database rejects an incorrect combination, it might just accept and process one or several SQL statements, which are, in effect, alphanumeric strings. This happens because the Web forms and databases behind them cannot block or reject by themselves such input (i. e. other than username and password). Thus, the harvester can easily get access to the database content and retrieve or alter the information stored within. |
| SSID (Service Set IDentifier) | The SSID is a secret key, set by the network administrator. It identifies an 802.11 network. You need to know the SSID in order to connect to the network - and it is consequently a prime target for hackers and crackers. It has several weaknesses: vendors often provide a default that is frequently left unchanged by network administrators; it can be discovered by sniffing; and it is an administrative problem since the act of 'locking out' one user requires that the SSID be changed for all other users. |
| Subdomain | A subdivision of a master domain, e.g. 'en' in en.wikipedia.org . |
Powered by