Almanac
Almanach erhält neue Bedeutung (W3)

Terrorists and Almanacs
It's so bizarre it's almost self-parody. The FBI issued a warning to police across the nation to be on the watch for people carrying almanacs, because terrorists may use these reference books "to assist with target selection and pre-operational planning."
Gadzooks! People with information are not suspect. Almanacs, reference books, and informational websites are not dangerous tools that aid terrorism. They're useful tools for all of us, and people who use them are better people because of them. I worry about alerts like these, because they reinforce the myth that information is inherently dangerous.
(Aus dem Newsletter von Bruce Schneier vom 15.01.2004.) Der link führt zum FBI-bulletin.

auditserve
Audit Articles

Audit Serve has a 20 year track record of providing industry-leading consulting services. Audit Serve provides a wide range of Audit, Compliance, Security, PCI and SOX Consulting Services.
...

• Audit - General
• IT Cost Management
• Audit - Technical
• Infrastructure
• IT Governance
• Security
• SOX

bernsteinlaw
Bernstein's Dictionary of Bankruptcy Terminology

published by Bernstein Law Firm, P.C.
Suite 2200 Gulf Tower, Pittsburgh, PA 15219

Robert S. Bernstein, managing partner of Bernstein Law Firm, P.C. and former President of the Commercial Law League of America, serves as counsel to bankruptcy trustees, creditors' committees, and creditors in bankruptcy proceedings throughout Pennsylvania, Ohio, and West Virginia. The firm counsels clients in Bankruptcy, Restructuring, Banking, Business, Collections, Mortgage Foreclosure, Insolvency, Real Estate, Administrative, Appellate, and Civil Law.

INTRODUCTION
Bankruptcy is fast becoming an everyday topic of conversation. Its impact on the lives of individuals and corporations can affect them in numerous ways. Like most specialties, bankruptcy law has a language of its own. Its unfamiliar words and phrases make it difficult to comprehend. This dictionary explains the most commonly used bankruptcy terms.
...

black hat (W3)

"Black hat" is used to describe a "hacker" (or, if you prefer, "cracker") who breaks into a computer system or network with malicious intent.
...
The term comes from old Western movies, where "heros" often wore "white hats" and the "bad guys" wore "black hats".

Blooover (W3)

...
Der Name "Blooover" wurde deshalb gewählt, weil das Handy damit zum tragbaren "Bluetooth"-Datensauger wird, in Anlehnung an "Hoover"-Staubsager.
...

...
Since the application runs on handheld devices and sucks information, it has been called "Blooover" (derived from "Bluetooth Hoover").
...

Bloover
Der Wikinger mit dem Staubsauger (W1)

Bluejacker (W3)

Botnet (W3)

Das Anti-Botnet-Beratungszentrum hilft Ihnen, Botnet-Infektionen von Ihrem Computer zu entfernen. Dazu arbeiten wir mit verschiedenen Internetzugangsanbietern zusammen, die betroffene Kunden informieren.

Botnetze sind Netzwerke aus Computern, die nach der Infektion mit Schadsoftware zusammengschlossen werden. Ist Ihr Rechner Teil eines Botnetzes, kann er unbemerkt auf ferngesteuerte Befehle von Cyberkriminellen reagieren und zum Beispiel Spam versenden oder andere Computer infizieren, wenn Sie online sind.

Botnetze fungieren als infrastrukturelle Grundlage von Internetkriminalität und sind eine der größten illegalen Einnahmequellen im Internet. Mit dem Anti-Botnet-Beratungszentrum möchten wir die Zahl der Botnetz-infizierten Computer deutlich verringern und so den Cyberkriminellen die Grundlage entziehen. Jeder einzelne Rechner, der von Schadprogrammen befreit wird, hilft dabei.

...
Unter einem "Botnetz" wird ein Netzwerk aus Computern verstanden, die nach der Infektion mit Schadsoftware zusammengeschlossen werden und, sobald eine Internetverbindung besteht, auf ferngesteuerte Befehle von Cyberkriminellen reagieren können. Die einzelnen Computer werden als "Bot" oder "Zombie" bezeichnet; dabei ist ein "Bot" prinzipiell das schädigende Programm selbst, dessen Bedeutung jedoch auch mit dem System assoziiert wird.
...

bucket brigade attack (W3)

CAN-SPAM (W3)

The "CAN-SPAM" Act of 2003 (acronym for "Controlling the Assault of Non-Solicited Pornography And Marketing" Act of 2003) officially came into law on January 1, 2004. The CAN-SPAM Act applies to almost all businesses in the US that use e-mail, and provides recipients of "spam" with the right to opt-out of these "spam messages", and have their opt-out (or unsubscribe) request acted upon. Under the CAN-SPAM Act of 2003, permission of the e-mail recipient is not required prior to sending out the e-mails, however if a recipient wants to unsubscribe or opt-out of the mailings then the business must stop sending the e-mails as per the opt-out request or face severe penalties.
In addition to enforcing an opt-out or unsubscribe system for recipients, the CAN-SPAM Act of 2003 also prohibits some of the common spammer trickery such as:

• changing mail servers to send the spam,
• changing e-mail headers or the "from" e-mail address to hide the identity of the sender, and
• using deceptive subject heading.

Damages for non-compliance can result in the spammer facing fines of up to $250 per illegal e-mail message up to a maximum of $2 million or more if the offense includes certain aggravating violations. In situations involving e-mail deception, the penalty could be jail time.

CAPTCHA, Turing test (W3)

Carnivor (W3)

CISA (W3)

Das Hauptprodukt der "ISACA" ist die Ausbildung und Zertifizierung des "Certified Information Systems Auditor" als international anerkannte Qualifikation auf dem Sektor der Informationssystem-Prüfung.

Für IT-Fachleute eröffnen sich durch die Ablegung des CISA-Examens neue Karrierechancen: Schlüsselpositionen in IT-Abteilungen verschiedenster Unternehmen werden in den USA und auch zunehmend in Europa von CISAs besetzt. Das Zertifikat zeichnet vor allem jene Fachleute aus, die sich an die schnell ändernden IT-Umgebungen und die damit verbundenen hohen Anforderungen optimal anpassen können, da neben der Ablegung der Prüfung auch die notwendige laufende Fortbildung mit dem Zertifikat verbunden sind.
...

CME
CME-1234567 (W3)

Das US-amerikanische Computer Emergency Readiness Team (US-Cert) koodiniert eine von mehreren Herstellern ergriffene Initiative, einheitliche Bezeichnungen für Computerviren und andere elektronische Schädlinge durchzusetzen.

So haben sich McAfee, Microsoft, Symantec und Trend Micro gemeinsam mit dem Department Of Homeland Security (DHS) dafür ausgesprochen, einen Standard für "Common Malware Enumeration" (CME) zu entwickeln und damit die Verwirrungen um unterschiedliche Namen von Würmern und Viren zu beenden.

Bisher konnte jeder Hersteller, der einen neuen Virus entdeckte, diesen willkürlich bezeichnen. Das führte mitunter dazu, dass fast zeitgleich entdeckte Schädlinge verschiedene Namen erhielten. Das soll nun anders werden. In Anlehnung an die Auflistung der "Common Vulnerabilties and Exposures" (CVE), die das US-Cert gemeinsam mit dem Anbieter Mitre Corp. verwaltet, ist der Aufbau einer CME-Datenbank vorgesehen. Künftig sollen Viren dann nach dem Schema "CME-1234567" dort erfasst werden. Als Ergänzung dazu sollen aber Namen wie "Blaster" oder "Slammer" auch in Zukunft erlaubt sein.
...

File Extension "CME" = "Crazy Machines Level File" (Pepper Games)

"Chicago Mercantile Exchange" - "CME"

"CME" sigle, masculin. [sécurité] [décisionnel]. "Crise Management Exercice". "Exercice de gestion de crise". Pour ne pas paniquer, normalement, le jour J.

"CME" = "Continuing Medical Education"

COBIT (W3)

Cop (W3)

cryptogram, CRYPTO-GRAM (W3)

CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. Back issues are available.

csoonline
The Devil's Infosec Dictionary

24/7 | Access Control List (ACL) | Analyst, security | Back door | Backup | Biometrics | Bot | Business case | Client/server | Clean desk policy | Confidentiality, integrity and availability | Crackers | Cryptography | Cybercrime | Distributed Denial of Service (DDoS) | Downtime | | Firewalls | Hackers | Help desk | Identity theft | Intrusion Detection Systems (IDS) | JOOTT ("jute") | Laptop | Logging | Logical security | Mission critical | Non-repudiation | O.S. hardening | Passwords | Patching | PKI (Public-Key Infrastructure) | Regression testing | Road warriors | Scope creep | Security administrator | Security officer | Total Cost of Ownership (TCO) | Worm | Zombie

CSRC (W3)

csrc home | groups | publications | drivers | Federal Register Notices | news & events | archive

Digital Warfare, InfoWar, Cyberwar, Elektronische Kriegsführung, Information Warrior, Electronic War, Krieg der Zukunft, ABCD-Waffen (W3)

• Digital Warfare = Digitale Kriegsführung
• InfoWar = Informationskrieg
• Cyberwar = Krieg im Cyberspace, also im und um virtuelle(n) Computernetz(e)
• Elektronische Kriegsführung
• Information Warrior = der Kämpfer im virtuellen Raum
• Electronic War = Krieg um die Elektronen
• Krieg der Zukunft

• Atomar
• Biologisch
• Chemisch
• Datentechnisch

FBI (W3)

On July 26, 2008, the FBI celebrated its 100th anniversary as an intelligence agency and national security organization and a century of service to the American people. Please explore these pages to learn how a small group of 34 investigators has grown into a cadre of more than 30,000 employees, evolving right along with the changing threats facing our nation.
...

...
The following month, Attorney General Bonaparte appointed a force of Special Agents within the Department of Justice. Accordingly, ten former Secret Service employees and a number of Department of Justice peonage (i.e., compulsory servitude) investigators became Special Agents of the Department of Justice. On July 26, 1908, Bonaparte ordered them to report to Chief Examiner Stanley W. Finch. This action is celebrated as the beginning of the "FBI".

Both Attorney General Bonaparte and President Theodore Roosevelt, who completed their terms in March 1909, recommended that the force of 34 Agents become a permanent part of the Department of Justice. Attorney General George Wickersham, Bonaparte's successor, named the force the "Bureau of Investigation" (pictured left) on March 16, 1909. At that time, the title of "Chief Examiner" was changed to Chief of the "Bureau of Investigation".
...

Fingerprinting (W3)

Firewall (W2)

fismapedia
National Information Assurance (IA) Glossary

Pages in category "CNSSI 4009 Terms" The following 200 pages are in this category, out of 1,267 total.

• A
• Access | Access Control | Access Control List | Access Control Mechanism | Access Level | Access List | Access Profile | Access Type | Accountability | Accounting Legend Code | Accounting Number | Accreditation | Accreditation Boundary | Accreditation Package | Accrediting Authority | Add-On Security | Adequate Security | Advanced Encryption Standard | Advisory | Alert | Alternate COMSEC Custodian | Alternative Work Site | Anti-Jam | Anti-Spoof | Application | Assurance | Assured Software | Attack | Attack Sensing and Warning | Audit | Audit Trail | Authenticate | Authentication | Authentication System | Authenticator | Authorization | Authorized Vendor | Authorized Vendor Program | Automated Security Monitoring | Automatic Remote Rekeying | Availability
• B
• BLACK | Back Door | Backup | Banner | Benign | Benign Environment | Binding | Biometrics | Bit Error Rate | Boundary | Brevity List | Browsing | Bulk Encryption
• C
• CCI Assembly | CCI Component | CCI Equipment | CNSSI 4009 Terms | COMSEC Account | COMSEC Account Audit | COMSEC Aid | COMSEC Assembly | COMSEC Boundary | COMSEC Chip Set | COMSEC Control Program | COMSEC Custodian | COMSEC Demilitarization | COMSEC Element | COMSEC End-Item | COMSEC Equipment | COMSEC Facility | COMSEC Incident | COMSEC Insecurity | COMSEC Manager | COMSEC Material | COMSEC Material Control System | COMSEC Modification | COMSEC Module | COMSEC Monitoring | COMSEC Profile | COMSEC Survey | COMSEC System Data | COMSEC Training | CRYPTO | Call Back | Canister | Cascading | Category | Central Office Of Record | Certificate | Certificate Management | Certificate Revocation List | Certification | Certification Authority | Certification Authority Workstation | Certification Package | Certification Test And Evaluation | Certifier | Challenge And Reply Authentication | Check Word | Checksum | Cipher | Cipher Text | Cipher Text Auto-Key | Ciphony | Classified Information | Classified Information Spillage | Clearance | Clearing | Client | Closed Security Environment | Code | Code Book | Code Group | Code Vocabulary | Cold Start | Collaborative Computing | Command Authority | Commercial COMSEC Evaluation Program | Common Criteria | Common Fill Device | Communications Cover | Communications Deception | Communications Profile | Communications Security | Community Risk | Compartmentalization | Compartmented Mode | Compromise | Compromising Emanations | Computer Abuse | Computer Cryptography | Computer Security | Computer Security Incident | Computer Security Subsystem | Computing Environment | Concept Of Operations | Confidentiality | Configuration Control | Configuration Management | Confinement Channel | Contamination | Contingency Key | Continuity of Operations Plan | Controlled Access Area | Controlled Access Protection | Controlled Cryptographic Item | Controlled Interface | Controlled Space | Controlling Authority | Cooperative Key Generation | Cooperative Remote Rekeying | Correctness Proof | Countermeasure | Covert Channel | Covert Channel Analysis | Covert Storage Channel | Covert Timing Channel | Credentials | Critical Infrastructures | Cross Domain Solution | Cryptanalysis | Crypto-Alarm | | Crypto-Ancillary Equipment | Crypto-Equipment | Crypto-Ignition Key | Cryptographic | Cryptographic Component | Cryptographic Initialization | Cryptographic Logic | Cryptography | Cryptology | Cryptonet | Cryptoperiod | Cryptosecurity | Cryptosynchronization | Cryptosystem | Cryptosystem Analysis | Cryptosystem Evaluation | Cryptosystem Review | Cryptosystem Survey | Cyclic Redundancy Check
• D
• Data Aggregation | Data Encryption Standard | Data Flow Control | Data Integrity | Data Origin Authentication | Data Security | Data Transfer Device | Decertification | Decipher | Decode | Decrypt | Dedicated Mode | Default Classification | Defense-In-Depth | Degaussing | Delegated Development Program | Demilitarized Zone
• D
• Denial Of Service | Descriptive Top-Level Specification | Designated Approval Authority | Dial Back | Digital Signature | Direct Shipment | Discretionary Access Control | Distinguished Name | Domain | Drop Accountability
• E
• Electronic Messaging Services | Electronic Security | Electronic Signature | Electronically Generated Key | Embedded Computer | Embedded Cryptographic System | Embedded Cryptography | Emissions Security | Encipher | Enclave | Enclave Boundary | Encode | Encrypt | End-Item Accounting | End-To-End Encryption | End-To-End Security | Endorsed For Unclassified Cryptographic Item | Endorsement | Entrapment | Erasure | Evaluation Assurance Level | Executive State | Exercise Key | Exploitable Channel | Extraction Resistance | Extranet
• F
• FIREFLY | Fail Safe | Fail Soft | Failure Access | Failure Control | File Protection | File Security | Fill Device | Firewall | Firmware | Fixed COMSEC Facility | Flaw | Flaw Hypothesis Methodology | Flooding | Formal Access Approval | Formal Development Methodology | Formal Method | Formal Proof | Formal Security Policy | Formal Top-Level Specification | Formal Verification | Frequency Hopping | Front-End Security Filter | Full Maintenance | Functional Proponent | Functional Testing
• G
• Gateway | Global Information Grid | Global Information Infrastructure | Guard
• H
• Hacker | Handshaking Procedures | Hard Copy Key | Hardwired Key | High Assurance Guard
• I
• IA Architecture | IA-Enabled Information Technology Product | Identification | Identity Token | Identity Validation | Imitative Communications Deception | Impersonating | Implant | Inadvertent Disclosure | Incident | Incomplete Parameter Checking | Indicator | Individual Accountability | Informal Security Policy | Information Assurance | Information Assurance Manager | Information Assurance Officer | Information Assurance Product | Information Environment | Information Flow Control | Information Operations | Information Owner | Information Security Policy | Information System | Information Systems Security | Information Systems Security Engineering | Information Systems Security Equipment Modification | Information Systems Security Manager | Information Systems Security Officer | Information Systems Security Product | Initialize | Inspectable Space | Integrity | Integrity Check Value | Interconnection Security Agreement | Interface | Interface Control Document | Interim Approval To Operate | Interim Approval To Test | Internal Security Controls | Internet Protocol | Internetwork Private Line Interface | Intrusion
• K
• Key | Key Distribution Center | Key Exchange | Key List | Key Management Infrastructure | Key Pair | Key Production Key | Key Recovery | Key Stream | Key Tag | Key Tape | Key Updating | Key-Auto-Key | Key-Encryption-Key | Keying Material
• L
• Label | Labeled Security Protections | Laboratory Attack | Least Privilege | Level of Concern | Level of Protection | Limited Maintenance | Line Conditioning | Line Conduction | Link Encryption | List-Oriented | Local Authority | Local Management Device/Key Processor | Lock And Key Protection System | Logic Bomb | Logical Completeness Measure | Long Title | Low Probability of Detection | Low Probability of Intercept
• M
• Magnetic Remanence | Maintenance Hook | Maintenance Key | Malicious Applets | Malicious Code | Malicious Logic | Mandatory Access Control | Mandatory Modification | Manipulative Communications Deception | Manual Cryptosystem | Manual Remote Rekeying | Masquerading | Master Crypto-Ignition Key | Memory Scavenging | Message Authentication Code | Message Externals | Message Indicator | Mimicking | Mobile Code | Mode of Operation | Multi-Security Level | Multilevel Device | Multilevel Mode | Multilevel Security | Mutual Suspicion
• N
• National Information Assurance Partnership | National Information Infrastructure | National Security Information | National Security System | Need To Know Determination | Need-To-Know | Network | Network Front-End | Network Reference Monitor | Network Security | Network Security Officer | Network Sponsor | Network System | Network Weaving | No-Lone Zone | Nonrepudiation | Null
• O
• Object | Object Reuse | Off-Line Cryptosystem | Official Information | On-Line Cryptosystem | One-Part Code | One-Time Cryptosystem | One-Time Pad | One-Time Tape | Open Storage | Operational Key | Operational Vulnerability | Operational Waiver | Operations Code | Operations Security | Optional Modification | Organizational Maintenance | Organizational Registration | Over-The-Air Key Distribution | Over-The-Air Key Transfer | Over-The-Air Rekeying | Overt Channel | Overwrite Procedure
• P
• Parity | Partitioned Security Mode | Password | Penetration | Penetration Testing | Per-Call Key | Perimeter | Periods Processing | Permuter | Plain Text | Policy Approving Authority | Policy Certification Authority | Positive Control Material | Preproduction Model | Principal Accrediting Authority | Print Suppression | Privacy System | Privileged User | Production Model | Proprietary Information | Protected Distribution Systems | Protection Philosophy | Protection Profile | Protection Ring | Protective Packaging | Protective Technologies | Protocol | Proxy | Public Domain Software | Public Key Certificate | Public Key Cryptography | Public Key Infrastructure | Purging
• Q
• QUADRANT
• R
• RED | RED Signal | RED/BLACK concept | Randomizer | Read | Read Access | Real Time Reaction | Recovery Procedures | Red Team | Reference Monitor | Release Prefix | Remanence | Remote Access | Remote Rekeying | Repair Action | Reserve Keying Material | Residual Risk | Residue | Resource Encapsulation | Risk | Risk Analysis | Risk Assessment | Risk Index | Risk Management
• S
• Safeguard | Safeguarding Statement | Sanitize | Scavenging | Secure Communications | Secure State | Secure Subsystem | Security Controls | Security Fault Analysis | Security Features Users Guide | Security Filter | Security In Depth | Security Inspection | Security Kernel | Security Label | Security Net Control Station | Security Perimeter | Security Range | Security Requirements | Security Requirements Baseline | Security Safeguards | Security Specification | Security Target | Security Test and Evaluation | Security Testing | Seed Key | Sensitive Compartmented Information | Sensitive Compartmented Information Facility | Sensitive Information | Sensitivity Label | Shielded Enclosure | Short Title | Simple Security Property | Single Point Keying | Sniffer | Software Assurance | Software System Test And Evaluation Process | Special Access Program | Special Access Program Facility | Spillage | Split Knowledge | Spoofing | Spread Spectrum | Start-Up KEK | Storage Object | Strong Authentication | Subassembly | Subject | Subject Security Level | Superencryption | Supersession | Supervisor State | Suppression Measure | | Syllabary | Symmetric Key | Synchronous Crypto-Operation | System Administrator | System Assets | System Development Methodologies | System High | System High Mode | System Indicator | System Integrity | System Low | System Profile | System Security | System Security Engineering | System Security Officer | System Security Plan
• T
• TEMPEST | TEMPEST Test | TEMPEST Zone | TOE Security Functions | TOE Security Policy | TSEC Nomenclature | Tampering | Target of Evaluation | Technical Controls | Technical Vulnerability Information | Telecommunications | Term: Access | Term: Access Control | Term: Access Control List | Term: Access Control Mechanism | Term: Access Level | Term: Access List (IS) | Term: Access Profile | Term: Access Type | Term: Accountability | Term: Accounting Legend Code | Term: Accounting Number | Term: Accreditation | Term: Accreditation Boundary | Term: Accreditation Package | Term: Accrediting Authority | Term: Add-On Security | Term: Adequate Security | Term: Advanced Encryption Standard | Term: Advisory | Term: Alert | Term: Alternate COMSEC Custodian | Term: Alternative Work Site | Term: Anti-Jam | Term: Anti-Spoof | Term: Application | Term: Assurance | Term: Assured Software | Term: Attack | Term: Attack Sensing and Warning | Term: Audit | Term: Audit Trail | Term: Authenticate | Term: Authentication | Term: Authentication System | Term: Authenticator | Term: Authorization | Term: Authorized Vendor | Term: Authorized Vendor Program | Term: Automated Security Monitoring | Term: Automatic Remote Rekeying | Term: Availability | Term: BLACK | Term: Back Door | Term: Backup | Term: Banner | Term: Benign | Term: Benign Environment | Term: Binding | Term: Biometrics | Term: Bit Error Rate | Term: Boundary | Term: Brevity List | Term: Browsing | Term: Bulk Encryption | Term: CCI Assembly | Term: CCI Component | Term: CCI Equipment | Term: COMSEC Account | Term: COMSEC Account Audit | Term: COMSEC Aid | Term: COMSEC Assembly | Term: COMSEC Boundary | Term: COMSEC Chip Set | Term: COMSEC Control Program | Term: COMSEC Custodian | Term: COMSEC Demilitarization | Term: COMSEC Element | Term: COMSEC End-Item | Term: COMSEC Equipment | Term: COMSEC Facility | Term: COMSEC Incident | Term: COMSEC Insecurity | Term: COMSEC Manager | Term: COMSEC Material | Term: COMSEC Material Control System | Term: COMSEC Modification | Term: COMSEC Module | Term: COMSEC Monitoring | Term: COMSEC Profile | Term: COMSEC Survey | Term: COMSEC System Data | Term: COMSEC Training | Term: CRYPTO | Term: Call Back | Term: Canister | Term: Cascading | Term: Category | Term: Central Office of Record | Term: Certificate | Term: Certificate Management | Term: Certificate Revocation List | Term: Certification | Term: Certification Authority | Term: Certification Authority Workstation | Term: Certification Package | Term: Certification Test and Evaluation | Term: Certified TEMPEST Technical Authority | Term: Certifier | Term: Challenge and Reply Authentication | Term: Check Word | Term: Checksum | Term: Cipher | Term: Cipher Text | Term: Cipher Text Auto-Key | Term: Ciphony | Term: Classified Information | Term: Classified Information Spillage | Term: Clearance | Term: Clearing | Term: Client | Term: Closed Security Environment | Term: Code | Term: Code Book | Term: Code Group | Term: Code Vocabulary | Term: Cold Start | Term: Collaborative Computing | Term: Command Authority | Term: Commercial COMSEC Evaluation Program | Term: Common Criteria | Term: Common Fill Device | Term: Communications Cover | Term: Communications Deception | Term: Communications Profile | Term: Communications Security | Term: Community Risk | Term: Compartmentalization | Term: Compartmented Mode | Term: Compromise | Term: Compromising Emanations | Term: Computer Abuse | Term: Computer Cryptography | Term: Computer Security | Term: Computer Security Incident | Term: Computer Security Subsystem | Term: Computing Environment | Term: Concept of Operations | Term: Confidentiality | Term: Configuration Control | Term: Configuration Management | Term: Confinement Channel | Term: Contamination | Term: Contingency Key | Term: Continuity of Operations Plan | Term: Controlled Access Area | Term: Controlled Access Protection | Term: Controlled Cryptographic Item | Term: Controlled Interface | Term: Controlled Space | Term: Controlling Authority | Term: Cooperative Key Generation | Term: Cooperative Remote Rekeying | Term: Correctness Proof | Term: Countermeasure | Term: Covert Channel | Term: Covert Channel Analysis | Term: Covert Storage Channel | Term: Covert Timing Channel | Term: Credentials | Term: Critical Infrastructures | Term: Cross Domain Solution | Term: Cryptanalysis | Term: Crypto-Alarm | Term: Crypto-Ancillary Equipment | Term: Crypto-Equipment | Term: Crypto-Ignition Key | Term: Cryptographic | Term: Cryptographic Component | Term: Cryptographic Initialization | Term: Cryptographic Logic | Term: Cryptography | Term: Cryptology | Term: Cryptonet | Term: Cryptoperiod | Term: Cryptosecurity | Term: Cryptosynchronization | Term: Cryptosystem | Term: Cryptosystem Analysis | Term: Cryptosystem Evaluation | Term: Cryptosystem Review | Term: Cryptosystem Survey | Term: Cyclic Redundancy Check | Term: Data Aggregation | Term: Data Encryption Standard | Term: Data Flow Control | Term: Data Integrity | Term: Data Origin Authentication | Term: Data Security | Term: Data Transfer Device | Term: Decertification | Term: Decipher | Term: Decode | Term: Decrypt | Term: Dedicated Mode | Term: Default Classification | Term: Defense-In-Depth | Term: Degaussing | Term: Delegated Development Program | Term: Demilitarized Zone | Term: Denial of Service | Term: Descriptive Top-Level Specification | Term: Designated Approval Authority | Term: Dial Back | Term: Digital Signature | Term: Direct Shipment | Term: Discretionary Access Control | Term: Distinguished Name | Term: Domain | Term: Drop Accountability | Term: Electronic Key Management System | Term: Electronic Messaging Services | Term: Electronic Security | Term: Electronic Signature | Term: Electronically Generated Key | Term: Embedded Computer | Term: Embedded Cryptographic System | Term: Embedded Cryptography | Term: Emissions Security | Term: Encipher | Term: Enclave | Term: Enclave Boundary | Term: Encode | Term: Encrypt | Term: End-Item Accounting | Term: End-to-End Encryption | Term: End-to-End Security | Term: Endorsed for Unclassified Cryptographic Item | Term: Endorsement | Term: Entrapment | Term: Environment | Term: Erasure | Term: Evaluation Assurance Level | Term: Executive State | Term: Exercise Key | Term: Exploitable Channel | Term: Extraction Resistance | Term: Extranet | Term: FIREFLY | Term: Fail Safe | Term: Fail Soft | Term: Failure Access | Term: Failure Control | Term: File Protection | Term: File Security | Term: Fill Device | Term: Firewall | Term: Firmware | Term: Fixed COMSEC Facility | Term: Flaw | Term: Flaw Hypothesis Methodology | Term: Flooding | Term: Formal Access Approval | Term: Formal Development Methodology | Term: Formal Method | Term: Formal Proof | Term: Formal Security Policy | Term: Formal Top-Level Specification | Term: Formal Verification | Term: Frequency Hopping | Term: Front-End Security Filter | Term: Full Maintenance | Term: Functional Proponent | Term: Functional Testing | Term: Gateway | Term: Global Information Grid | Term: Global Information Infrastructure | Term: Guard | Term: Hacker | Term: Handshaking Procedures | Term: Hard Copy Key | Term: Hardwired Key | Term: High Assurance Guard | Term: IA Architecture | Term: IA-Enabled Information Technology Product | Term: Identification | Term: Identity Token | Term: Identity Validation | Term: Imitative Communications Deception | Term: Impersonating | Term: Implant | Term: Inadvertent Disclosure | Term: Incident | Term: Incomplete Parameter Checking | Term: Indicator | Term: Individual Accountability | Term: Informal Security Policy | Term: Information Assurance | Term: Information Assurance Manager | Term: Information Assurance Officer | Term: Information Assurance Product | Term: Information Environment | Term: Information Flow Control | Term: Information Operations | Term: Information Owner | Term: Information Security Policy | Term: Information System | Term: Information Systems Security | Term: Information Systems Security Engineering | Term: Information Systems Security Equipment Modification | Term: Information Systems Security Manager | Term: Information Systems Security Officer | Term: Information Systems Security Product | Term: Initialize | Term: Inspectable Space | Term: Integrity | Term: Integrity Check Value | Term: Interconnection Security Agreement | Term: Interface | Term: Interface Control Document | Term: Interim Approval to Operate | Term: Interim Approval to Test | Term: Internal Security Controls | Term: Internet Protocol | Term: Internetwork Private Line Interface | Term: Intrusion | Term: Key | Term: Key Distribution Center | Term: Key Exchange | Term: Key List | Term: Key Management Infrastructure | Term: Key Pair | Term: Key Production Key | Term: Key Recovery | Term: Key Stream | Term: Key Tag | Term: Key Tape | Term: Key Updating | Term: Key-Auto-Key | Term: Key-Encryption-Key | Term: Keying Material | Term: Label | Term: Labeled Security Protections | Term: Laboratory Attack | Term: Least Privilege | Term: Level of Concern | Term: Level of Protection | Term: Limited Maintenance | Term: Line Conditioning | Term: Line Conduction | Term: Link Encryption | Term: List-Oriented | Term: Local Authority | Term: Local Management Device/Key Processor | Term: Lock and Key Protection System | Term: Logic Bomb | Term: Logical Completeness Measure | Term: Long Title | Term: Low Probability of Detection | Term: Low Probability of Intercept | Term: Magnetic Remanence | Term: Maintenance Hook | Term: Maintenance Key | Term: Malicious Applets | Term: Malicious Code | Term: Malicious Logic | Term: Mandatory Access Control | Term: Mandatory Modification | Term: Manipulative Communications Deception | Term: Manual Cryptosystem | Term: Manual Remote Rekeying | Term: Masquerading | Term: Master Crypto-Ignition Key | Term: Memory Scavenging | Term: Message Authentication Code | Term: Message Externals | Term: Message Indicator | Term: Mimicking | Term: Mobile Code | Term: Mode of Operation | Term: Multi-Security Level | Term: Multilevel Device | Term: Multilevel Mode | Term: Multilevel Security | Term: Mutual Suspicion | Term: National Information Assurance Partnership | Term: National Information Infrastructure | Term: National Security Information | Term: National Security System | Term: Need to Know Determination | Term: Need-to-Know | Term: Network | Term: Network Front-End | Term: Network Reference Monitor | Term: Network Security | Term: Network Security Officer | Term: Network Sponsor | Term: Network System | Term: Network Weaving | Term: No-Lone Zone | Term: Nonrepudiation | Term: Null | Term: Object | Term: Object Reuse | Term: Off-Line Cryptosystem | Term: Official Information | Term: On-Line Cryptosystem | Term: One-Part Code | Term: One-Time Cryptosystem | Term: One-Time Pad | Term: One-Time Tape | Term: Open Storage | Term: Operational Key | Term: Operational Vulnerability | Term: Operational Waiver | Term: Operations Code | Term: Operations Security | Term: Optional Modification | Term: Organizational Maintenance | Term: Organizational Registration | Term: Over-the-Air Key Distribution | Term: Over-the-Air Key Transfer | Term: Over-the-Air Rekeying | Term: Overt Channel | Term: Overwrite Procedure | Term: Parity | Term: Partitioned Security Mode | Term: Password | Term: Penetration | Term: Penetration Testing | Term: Per-Call Key | Term: Perimeter | Term: Periods Processing | Term: Permuter | Term: Plain Text | Term: Policy Approving Authority | Term: Policy Certification Authority | Term: Positive Control Material | Term: Preproduction Model | Term: Principal Accrediting Authority | Term: Print Suppression | Term: Privacy System | Term: Privileged User | Term: Probe | Term: Production Model | Term: Proprietary Information | Term: Protected Distribution Systems | Term: Protection Philosophy | Term: Protection Profile | Term: Protection Ring | Term: Protective Packaging | Term: Protective Technologies | Term: Protocol | Term: Proxy | Term: Public Domain Software | Term: Public Key Certificate | Term: Public Key Cryptography | Term: Public Key Infrastructure | Term: Purging | Term: QUADRANT | Term: RED | Term: RED Signal | Term: RED/BLACK Concept | Term: Randomizer | Term: Read | Term: Read Access | Term: Real Time Reaction | Term: Recovery Procedures | Term: Red Team | Term: Reference Monitor | Term: Release Prefix | Term: Remanence | Term: Remote Access | Term: Remote Rekeying | Term: Repair Action | Term: Reserve Keying Material | Term: Residual Risk | Term: Residue | Term: Resource Encapsulation | Term: Risk | Term: Risk Analysis | Term: Risk Assessment | Term: Risk Index | Term: Risk Management | Term: Safeguard | Term: Safeguarding Statement | Term: Sanitize | Term: Scavenging | Term: Secure Communications | Term: Secure State | Term: Secure Subsystem | Term: Security Controls | Term: Security Fault Analysis | Term: Security Features Users Guide | Term: Security Filter | Term: Security In Depth | Term: Security Inspection | Term: Security Kernel | Term: Security Label | Term: Security Net Control Station | Term: Security Perimeter | Term: Security Range | Term: Security Requirements | Term: Security Requirements Baseline | Term: Security Safeguards | Term: Security Specification | Term: Security Target | Term: Security Test and Evaluation | Term: Security Testing | Term: Seed Key | Term: Sensitive Compartmented Information | Term: Sensitive Compartmented Information Facility | Term: Sensitive Information | Term: Sensitivity Label | Term: Shielded Enclosure | Term: Short Title | Term: Simple Security Property | Term: Single Point Keying | Term: Sniffer | Term: Software Assurance | Term: Software System Test and Evaluation Process | Term: Special Access Program | Term: Special Access Program Facility | Term: Spillage | Term: Split Knowledge | Term: Spoofing | Term: Spread Spectrum | Term: Start-Up KEK | Term: Storage Object | Term: Strong Authentication | Term: Subassembly | Term: Subject | Term: Subject Security Level | Term: Superencryption | Term: Supersession | Term: Supervisor State | Term: Suppression Measure | | Term: Syllabary | Term: Symmetric Key | Term: Synchronous Crypto-Operation | Term: System Administrator | Term: System Assets | Term: System Development Methodologies | Term: System High | Term: System High Mode | Term: System Indicator | Term: System Integrity | Term: System Low | Term: System Profile | Term: System Security | Term: System Security Engineering | Term: System Security Officer | Term: System Security Plan | Term: TEMPEST | Term: TEMPEST Test | Term: TEMPEST Zone | Term: TOE Security Functions | Term: TOE Security Policy | Term: TSEC Nomenclature | Term: Tampering | Term: Target of Evaluation | Term: Technical Controls | Term: Technical Vulnerability Information | Term: Telecommunications | Term: Test Key | Term: Threat | Term: Threat Analysis | Term: Threat Assessment | Term: Threat Monitoring | Term: Ticket-Oriented | Term: Time Bomb | Term: Time-Compliance Date | Term: Time-Dependent Password | Term: Traditional INFOSEC Program | Term: Traffic Analysis | Term: Traffic Encryption Key | Term: Traffic Padding | Term: Traffic-Flow Security | Term: Tranquility | Term: Transmission Security | Term: Trap Door | Term: Triple DES | Term: Trojan Horse | Term: Trusted Channel | Term: Trusted Computer System | Term: Trusted Computing Base | Term: Trusted Distribution | Term: Trusted Foundry | Term: Trusted Identification Forwarding | Term: Trusted Path | Term: Trusted Process | Term: Trusted Recovery | Term: Trusted Software | Term: Tunneling | Term: Two-Part Code | Term: Two-Person Control | Term: Two-Person Integrity | Term: Type 1 Key | Term: Type 1 Product | Term: Type 2 Key | Term: Type 2 Product | Term: Type 3 Key | Term: Type 3 Product | Term: Type 4 Key | Term: Type 4 Product | Term: Type Certification | Term: U.S. Person | Term: U.S.-Controlled Facility | Term: U.S.-Controlled Space | Term: Unauthorized Disclosure | Term: Unclassified | Term: Untrusted Process | Term: Updating | Term: User | Term: User ID | Term: User Partnership Program | Term: User Representative | Term: Validated Products List | Term: Validation | Term: Variant | Term: Verification | Term: Virtual Private Network | | Term: Vulnerability | Term: Vulnerability Analysis | Term: Vulnerability Assessment | Term: Web Risk Assessment | Term: Wireless Technology | Term: Work Factor | Term: Worm | Term: Write | Term: Write Access | Term: Zero Fill | Term: Zeroize | Term: Zone of Control | Test Key | Threat | Threat Analysis | Threat Assessment | Term: Privacy System | Term: Privileged User | Term: Probe | Term: Production Model | Term: Proprietary Information | Term: Protected Distribution Systems | Term: Protection Philosophy | Term: Protection Profile | Term: Protection Ring | Term: Protective Packaging | Term: Protective Technologies | Term: Protocol | Term: Proxy | Term: Public Domain Software | Term: Public Key Certificate | Term: Public Key Cryptography | Term: Public Key Infrastructure | Term: Purging | Term: QUADRANT | Term: RED | Term: RED Signal | Term: RED/BLACK Concept | Term: Randomizer | Term: Read | Term: Read Access | Term: Real Time Reaction | Term: Recovery Procedures | Term: Red Team | Term: Reference Monitor | Term: Release Prefix | Term: Remanence | Term: Remote Access | Term: Remote Rekeying | Term: Repair Action | Term: Reserve Keying Material | Term: Residual Risk | Term: Residue | Term: Resource Encapsulation | Term: Risk | Term: Risk Analysis | Term: Risk Assessment | Term: Risk Index | Term: Risk Management | Term: Safeguard | Term: Safeguarding Statement | Term: Sanitize | Term: Scavenging | Term: Secure Communications | Term: Secure State | Term: Secure Subsystem | Term: Security Controls | Term: Security Fault Analysis | Term: Security Features Users Guide | Term: Security Filter | Term: Security In Depth | Term: Security Inspection | Term: Security Kernel | Term: Security Label | Term: Security Net Control Station | Term: Security Perimeter | Term: Security Range | Term: Security Requirements | Term: Security Requirements Baseline | Term: Security Safeguards | Term: Security Specification | Term: Security Target | Term: Security Test and Evaluation | Term: Security Testing | Term: Seed Key | Term: Sensitive Compartmented Information | Term: Sensitive Compartmented Information Facility | Term: Sensitive Information | Term: Sensitivity Label | Term: Shielded Enclosure | Term: Short Title | Term: Simple Security Property | Term: Single Point Keying | Term: Sniffer | Term: Software Assurance | Term: Software System Test and Evaluation Process | Term: Special Access Program | Term: Special Access Program Facility | Term: Spillage | Term: Split Knowledge | Term: Spoofing | Term: Spread Spectrum | Term: Start-Up KEK | Term: Storage Object | Term: Strong Authentication | Term: Subassembly | Term: Subject | Term: Subject Security Level | Term: Superencryption | Term: Supersession | Term: Supervisor State | Term: Suppression Measure | | Term: Syllabary | Term: Symmetric Key | Term: Synchronous Crypto-Operation | Term: System Administrator | Term: System Assets | Term: System Development Methodologies | Term: System High | Term: System High Mode | Term: System Indicator | Term: System Integrity | Term: System Low | Term: System Profile | Term: System Security | Term: System Security Engineering | Term: System Security Officer | Term: System Security Plan | Term: TEMPEST | Term: TEMPEST Test | Term: TEMPEST Zone | Term: TOE Security Functions | Term: TOE Security Policy | Term: TSEC Nomenclature | Term: Tampering | Term: Target of Evaluation | Term: Technical Controls | Term: Technical Vulnerability Information | Term: Telecommunications | Term: Test Key | Term: Threat | Term: Threat Analysis | Term: Threat Assessment | Term: Threat Monitoring | Term: Ticket-Oriented | Term: Time Bomb | Term: Time-Compliance Date | Term: Time-Dependent Password | Term: Traditional INFOSEC Program | Term: Traffic Analysis | Term: Traffic Encryption Key | Term: Traffic Padding | Term: Traffic-Flow Security | Term: Tranquility | Term: Transmission Security | Term: Trap Door | Term: Triple DES | Term: Trojan Horse | Term: Trusted Channel | Term: Trusted Computer System | Term: Trusted Computing Base | Term: Trusted Distribution | Term: Trusted Foundry | Term: Trusted Identification Forwarding | Term: Trusted Path | Term: Trusted Process | Term: Trusted Recovery | Term: Trusted Software | Term: Tunneling | Term: Two-Part Code | Term: Two-Person Control | Term: Two-Person Integrity | Term: Type 1 Key | Term: Type 1 Product | Term: Type 2 Key | Term: Type 2 Product | Term: Type 3 Key | Term: Type 3 Product | Term: Type 4 Key | Term: Type 4 Product | Term: Type Certification | Term: U.S. Person | Term: U.S.-Controlled Facility | Term: U.S.-Controlled Space | Term: Unauthorized Disclosure | Term: Unclassified | Term: Untrusted Process | Term: Updating | Term: User | Term: User ID | Term: User Partnership Program | Term: User Representative | Term: Validated Products List | Term: Validation | Term: Variant | Term: Verification | Term: Virtual Private Network | Term: Vulnerability | Term: Vulnerability Analysis | Term: Vulnerability Assessment | Term: Web Risk Assessment | Term: Wireless Technology | Term: Work Factor | Term: Worm | Term: Write | Term: Write Access | Term: Zero Fill | Term: Zeroize | Term: Zone of Control | Test Key | Threat | Threat Analysis | Threat Assessment | Threat Monitoring | Ticket-Oriented | Time Bomb | Time-Compliance Date | Time-Dependent Password | Traditional INFOSEC Program | Traffic Analysis | Traffic Encryption Key | Traffic Padding | Traffic-Flow Security | Tranquility | Transmission Security | Trap Door | Triple DES | Trojan Horse | Trusted Channel | Trusted Computer System | Trusted Computing Base | Trusted Distribution | Trusted Foundry | Trusted Identification Forwarding | Trusted Path | Trusted Process | Trusted Recovery | Trusted Software | Tunneling | Two-Part Code | Two-Person Control | Two-Person Integrity | Type 1 Key | Type 1 Product | Type 2 Key | Type 2 Product | Type 3 Key | Type 3 Product | Type 4 Key | Type 4 Product | Type Certification
• U
• U.S. Person | U.S.-Controlled Facility | U.S.-Controlled Space | Unauthorized Disclosure | Unclassified | Untrusted Process | Updating | User | User ID | User Partnership Program | User Representative
• V
• Validated Products List | Validation | Variant | Verification | Virtual Private Network | Vulnerability | Vulnerability Analysis | Vulnerability Assessment
• W
• Web Risk Assessment | Wireless Technology | Work Factor | Worm | Write | Write Access
• Z
• Zero Fill | Zeroize | Zone Of Control

fortiguard.com
Threat Encyclopedia
Virus Encyclopedia

Browse the Fortiguard Labs extensive encyclopedia of threats.

Google Hacking, Google Hacker (W3)

Synopsis:
... What many users dont realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through "Google hacking", techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information. This book beats "Google hackers" to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hackers search. Penetration Testing with "Google Hacks" explores the explosive growth of a technique known as "Google Hacking".

hacktivism
Hacktivist (W3)

hacktivism | hacktivist

Formed by combining "hack" with "activism", "hacktivism" is the act of "hacking" into a Web site or computer system in order to communicate a politically or socially motivated message. Unlike a malicious hacker, who may disrupt a system for financial gain or out of a desire to cause harm, the hacktivist performs the same kinds of disruptive actions (such as a DoS attack) in order to draw attention to a cause. For the hacktivist, it is an Internet-enabled way to practice civil disobedience and protest.

Hacktivismus | Hacktivist

Cybercrime Technical Non-Offenses: Cybervigilantism and Hacktivism - technical definition (legal terms)

Two activities that often give rise to criminal prosecutions but do not themselves constitute cybercrimes are cybervigilantism and hacktivism. In the conventional world, neither vigilantism (the act of enforcing targeted others to pay a penalty for breaking the law even though the party who attempts the enforcing does not have the legal authority to do so) nor political activism are, in themselves, crimes. For these reasons, cybervigilantism (using a computer to conduct acts of vigilantism) and hacktivism (using a computer and hacking skills to accomplish political activism objectives) - the cyberspace versions of vigilantism and political activism, respectively - are also technically not designated as crimes. They are therefore known to be technical non-offenses.
...

Hoax
Hoaxing
hocus pocus (W3)

(See CANARD.)

Canard.
A hoax. ...
...

• Malicious Code (Virus and Trojan ) Warnings - Warnings about Trojans, viruses, and other malicious code that has no basis in fact. The Good Times and other similar warnings are here.
• Urban Myths - Warnings and stories about bad things happening to people and animals that never really happened. These are the poodle in the microwave and needles in movie theater seats variety.
• Give Aways - Stories about give aways by large companies. If you only send this on, some big company will send you a lot of money, clothes, a free vacation, etc., etc. Expect to wait a long time for any of these to pay off.
• Inconsequential Warnings - Out of date warnings and warnings about real things that are not really much of a problem..
• Sympathy Letters and Requests to Help Someone - Requests for help or sympathy for someone who has had a problem or accident.
• Traditional Chain Letters - Traditional chain letters that threaten bad luck if you do not send them on or that request you to send money to the top n people on the list before sending it on..
• Threat Chains - Mail that threatens to hurt you, your computer, or someone else if you do not pass on the message.
• Scam Chains - Mail messages that appear to be from a legitimate company but that are scams and cons.
• Scare Chains - Mail messages that warn you about terrible things that happen to people (especially women).
• Jokes - Warning messages that it's hard to imagine that anyone would believe.
• True Legends - Real stories and messages that are not hoaxes but are still making the rounds of the Internet.
• Hacked History - Real stories where the facts have been adjusted to fit someone's political agenda.
• Unknown Origins - I created this section for stories that just don't ring true, but that I cannot prove one way or the other.

The Literary Hoax
David Brooks
University of Sydney

The literary "hoax" is strangely larger than its category. This itself is an odd thing to say perhaps, for how can a thing be larger than it is? Yet the term "hoax", particularly in a contemporary sense, has been used so broadly that it could be said to collapse in upon itself. This is in part because, in its very nature, a "hoax" is chameleonic, reactive, takes its inspiration from something outside it, and usually because that thing is different or strange in the first place - somehow outside the hoaxer’s sense of what is sensible or acceptible - and motivates the hoaxer to copy or parody it in any number of different ways. In their attempts to pin it down, theorists of the "hoax" search for synonyms, but every "hoax" has its own particular qualities and seems to require a different range of qualifiers to describe it. There are times, when a society has been affronted or embarrassed by a "hoax" and begun hoax-hunting, when almost every kind of literary masking or misrepresentation is deemed a "hoax". Attempts to restrict the term, as in some ways seems quite logical, to works which are essentially playful attempts to point up public ignorance or gullibility in matters of literary taste and judgement have proved consistently unsuccessful, in part because they do not take into account the possibility that the term "hoax" can thereby be employed as a kind of repressive tolerance: used, that is to say, as a means of defusing more serious or complex kinds of literary misrepresentation by assuming or exaggerating their ludic aspect. Finding that the term has become vague, unhelpful and unwieldy in this and in other ways, people have spoken instead of the spurious, of fakes, of forgery, of literary fraud, of superchery, of misrepresentation, of pseudonymy, of masking, and, in the attempt to establish a kind of typology of the "hoax", have tried in turn to distinguish between these things. A central question - and it is still an open question (for where would the authority come from to determine it?) - becomes, as a consequence, whether we are to consider all of these things as varieties of the hoax, or to consider that the hoax is one amongst these things.
...

• 038233 04/05/19 14:39 36 Further Antedating of "Hoax"
• 038231 04/05/19 14:19 22 antedating of "hoax"

Ein "Hoax" (engl., "Jux", "Scherz", "Schabernack"; auch "Schwindel") bezeichnet eine Falschmeldung, die per E-Mail, Instant Messenger oder auf anderen Wegen (z.B. SMS und MMS) verbreitet wird, von vielen für wahr gehalten und daher an viele Freunde weitergeleitet wird. Das Wort kommt wahrscheinlich aus der Verkürzung von "Hokus" aus "Hokuspokus". Ein "Hoax" kann auch in Form der "Zeitungsente" oder als "Urban Legend" auftreten. Auch der "Aprilscherz" hat oft die Form eines "Hoax". Es kursieren immer wieder auch solche "Hoax" durch das Netz, die aus diffamierenden und volksverhetztenden Gründen dort eingestellt wurden, so z.B. der "Q33NY"-Hoax (siehe Abbildung).

Der "Hoax" stammt aus England, wo er seit 1796 nachgewiesen ist. Ein typisches modernes Beispiel ist der so genannte "Good-Times-Hoax", eine angebliche E-Mail, die beim Öffnen die Festplatte löscht. Die Warnung vor diesem „Virus” verbreitete sich 1994 millionenfach über E-Mail und wurde auch von vielen Zeitungen und Fachinstitutionen veröffentlicht. Die damals vermeintliche Gefahr durch Viren, die sich per E-Mail verbreiten, wurde allerdings erst Jahre später Wirklichkeit, beispielsweise durch Loveletter.
...

Canular et utopie politique
...
Bien mieux que l'expression française de «canular», le terme anglo-saxon de «hoax» (qui renvoie étymologiquement à la mise en oeuvre d'un «tour de prestidigitation renversant») semble plus approprié pour désigner cette émission spéciale barrée d'un bandeau magrittien «ceci n'est peut-être pas une fiction». Dans le langage courant, en effet, le terme de canular, issu de l'argot ésotérique de Normale sup pour qualifier les «épreuves burlesques et les brimades imposées aux nouveaux élèves», édulcore les enjeux de fond, pour donner à la mystification une dimension de pur divertissement sans risque dysphorique et réellement subversif.
...

A virus hoax is a false warning about a computer virus.
...

Hoax Number (W3)

A composite number defined analogously to a Smith number except that the sum of the number's digits equals the sum of the digits of its distinct prime factors (excluding 1).

The first few hoax numbers are 22, 58, 84, 85, 94, 136, 160, 166, 202, 234, ... (Sloane's A019506), illustrated above as a binary plot, and the corresponding sums of digits are 4, 13, 12, 13, 13, 10, 7, 13, 4, 9, 7, ... (Sloane's A050223).

Honeypot - Rose

honeypot (ARTHRO: Insecta) A wax container deposited inside the entrance of the nest cavity filled with nectar by a solitary queen bumblebee when establishing a colony.

Honeypot (W3)

...
The term "honeypot" is often understood to refer to the English children's character Winnie-the-Pooh, a stuffed bear who was lured into various predicaments by his desire for pots of honey.

During the Cold War it was an espionage technique, which inspired spy fiction. The term "honeypot" was used to describe the use of sexual entrapment to gain information. In a common scenario, a pretty female Communist agent would trick a male Western official into handing over secret information.

An alternative explanation for the term is a reflection of the sarcastic term for outhouses and other methods of collecting feces and other human waste in places that lack indoor plumbing. "Honey" is a euphemism for such waste, which is kept in a honeypot until it is picked up by a honey wagon and taken to a disposal area. In this usage, attackers are the equivalent of flies, drawn by the stench of sewage.
...

Proactive Detection of Security Incidents
Honeypots
2012-11-20

Contents

• 1 EXECUTIVE SUMMARY ............................................................ 9
• 2 INTRODUCTION AND BACKGROUND ................................................. 13
• 2.1 STUDY OBJECTIVES .......................................................... 13
• 2.2 TARGET AUDIENCE ........................................................... 14
• 2.3 SCOPE ..................................................................... 14
• 2.4 METHODOLOGY USED .......................................................... 15
• 2.4.1 Desktop research ........................................................ 15
• 2.4.2 Testing ................................................................. 15
• 2.4.3 Expert group ............................................................ 15
• 2.4.4 Analysis of results, creation of an exercise and the final report ....... 16
• 3 BASIC CONCEPTS .............................................................. 17
• 3.1 WHAT IS A HONEYPOT? ....................................................... 17
• 3.2 TYPES OF HONEYPOTS (BASIC TAXONOMY) ....................................... 17
• 3.2.1 Server-side honeypots ................................................... 18
• 3.2.2 Client-side honeypots.................................................... 18
• 3.2.3 Low-interaction honeypots ............................................... 18
• 3.2.4 High-interaction honeypots............................................... 19
• 3.2.5 Hybrid honeypots ........................................................ 19
• 3.5 HONEYPOTS VS SANDBOXES .................................................... 23
• 3.6 HONEYPOTS VS DARKNETS (NETWORK TELESCOPES) ................................ 24
• 3.7 HONEYPOTS VS INTRUSION DETECTION/PREVENTION SYSTEMS ....................... 25
• 3.8 HONEYPOTS AND WEB SECURITY PROXIES ........................................ 25
• 4 HONEYPOT DEPLOYMENT STRATEGIES .............................................. 27
• 4.1 TYPICAL DEPLOYMENT FACING THE INTERNET .................................... 27
• 4.2 INTERNAL DEPLOYMENT ....................................................... 28
• 4.3 NETWORKS OF SENSORS ....................................................... 28
• 4.4 A NOTE ON THE RISK OF DETECTION............................................ 28
• 4.5 LEGAL COUNSEL ............................................................. 29
• 4.6 CONSIDERATIONS AND REQUIREMENTS FOR DEPLOYMENT ............................ 29
• 4.6.1 Data control ............................................................ 29
• 4.6.2 Data capture ............................................................ 30
• 4.6.3 Data collection ......................................................... 30
• 4.6.4 Data analysis ........................................................... 30
• 4.7 SERVER HONEYPOTS .......................................................... 31
• 4.7.1 Advertisement ........................................................... 31
• 4.7.2 Location ................................................................ 31
• 4.7.3 Level of interaction .................................................... 32
• 4.7.4 Sensor type ............................................................. 32
• 4.7.5 Honeynet characteristics................................................. 33
• 4.8 CLIENT HONEYPOTS........................................................... 33
• 5 INVENTORY AND EVALUATION OF HONEYPOT SOLUTIONS .............................. 35
• 5.1 EVALUATION CRITERIA ....................................................... 35
• 5.1.1 Detection scope ......................................................... 35
• 5.1.2 Accuracy of emulation ................................................... 36
• 5.1.3 Quality of collected data ............................................... 37
• 5.1.4 Scalability and performance.............................................. 38
• 5.1.5 Reliability ............................................................. 39
• 5.1.6 Extensibility ........................................................... 40
• 5.1.7 Ease of use and setting up .............................................. 41
• 5.1.8 Embeddability ........................................................... 42
• 5.1.9 Support ................................................................. 43
• 5.1.10 Costs (Recommendations) ................................................ 44
• 5.1.11 Recommendation on usefulness for CERTs ................................. 45
• 5.2 SERVER SIDE HONEYPOTS ..................................................... 46
• 5.2.1 High interaction server side honeypots .................................. 46
• 5.2.1.1 Argos ................................................................. 46
• 5.2.1.2 HiHAT ................................................................. 50
• 5.2.1.3 HoneyBow .............................................................. 53
• 5.2.1.4 Qebek ................................................................. 56
• 5.2.1.5 Sebek ................................................................. 58
• 5.2.1.6 Summary of high interaction server side honeypots ..................... 64
• 5.2.2 Low interaction server side honeypots.................................... 65
• 5.2.2.1 General purpose honeypots.............................................. 65
• 5.2.2.1.1 Amun ................................................................ 65
• 5.2.2.1.2 Dionaea ............................................................. 69
• 5.2.2.1.3 KFsensor ............................................................ 71
• 5.2.2.1.4 Honeyd .............................................................. 74
• 5.2.2.1.5 Honeytrap ........................................................... 78
• 5.2.2.1.6 nepenthes ........................................................... 81
• 5.2.2.1.7 Tiny Honeypot ....................................................... 83
• 5.2.2.2 Web application honeypots ............................................. 86
• 5.2.2.2.1 DShield Web Honeypot ................................................ 86
• 5.2.2.2.2 GHH (Google Hack Honeypot) .......................................... 88
• 5.2.2.2.3 Glastopf ............................................................ 91
• 5.2.2.3 SSH honeypots ......................................................... 94
• 5.2.2.3.1 Kippo ............................................................... 94
• 5.2.2.3.2 Kojoney ............................................................. 97
• 5.2.2.4 SCADA honeypots....................................................... 100
• 5.2.2.4.1 SCADA HoneyNet Project ............................................. 100
• 5.2.2.4.2 SCADA Honeynet (Digital Bond) ...................................... 102
• 5.2.2.5 VoIP honeypots ....................................................... 106
• 5.2.2.5.1 Dionaea ............................................................ 106
• 5.2.2.5.2 Artemisa ........................................................... 106
• 5.2.2.6 Bluetooth honeypot ................................................... 109
• 5.2.2.6.1 Bluepot ............................................................ 109
• 5.2.2.7 Sinkholes............................................................. 112
• 5.2.2.7.1 HoneySink .......................................................... 112
• 5.2.2.8 USB Honeypots ........................................................ 115
• 5.2.2.8.1 Ghost USB honeypot ................................................. 115
• 5.2.2.9 Summary of low interaction server side honeypots ..................... 118
• 5.3 CLIENT SIDE HONEYPOTS .................................................... 119
• 5.3.1 Low-interaction client honeypots ....................................... 119
• 5.3.1.1 HoneyC ............................................................... 119
• 5.3.1.2 PHoneyC .............................................................. 122
• 5.3.1.3 Monkey-Spider ........................................................ 125
• 5.3.1.4 Thug ................................................................. 127
• 5.3.1.5 Summary .............................................................. 131
• 5.3.2 High-interaction client honeypots ...................................... 132
• 5.3.2.1 Argos ................................................................ 132
• 5.3.2.2 Capture-HPC NG ....................................................... 132
• 5.3.2.3 Shelia ............................................................... 135
• 5.3.2.4 Trigona .............................................................. 138
• 5.3.2.5 Summary of high-interaction client honeypots ......................... 141
• 5.4 HYBRID HONEYPOTS AND SENSOR NETWORKS ....................................... 2
• 5.4.1 HoneySpider Network ...................................................... 2
• 5.4.2 Early warning systems .................................................... 3
• 5.4.3 SURFcert IDS ............................................................. 5
• 5.5 HONEYTOKENS ................................................................ 6
• 5.5.1 Implementation ........................................................... 7
• 5.5.2 Examples ................................................................. 7
• 5.5.2.1 File system ............................................................ 7
• 5.5.2.2 Web server ............................................................. 8
• 5.5.2.3 Email .................................................................. 8
• 5.5.2.4 Financial bait ......................................................... 8
• 5.5.2.5 Copyrights ............................................................. 8
• 5.5.3 Data provision strategies ................................................ 8
• 5.5.3.1 Honeypots and honeytokens .............................................. 9
• 5.5.4 Detecting the use of honeytokens ......................................... 9
• 5.5.4.1 Offensive techniques ................................................... 9
• 6 INVENTORY OF COMMUNITIES, INITIATIVES AND OTHER HONEYPOT RELATED PROJECTS ... 10
• 6.1 THE HONEYNET PROJECT....................................................... 10
• 6.2 NOAH PROJECT .............................................................. 10
• 6.3 WOMBAT .................................................................... 11
• 6.4 ATLAS ARBOR................................................................ 12
• 6.5 PROJECT HONEY POT ......................................................... 12
• 6.6 WASC DISTRIBUTED WEB HONEYPOTS PROJECT .................................... 13
• 7 SANDBOX TECHNOLOGIES AND ONLINE HONEYPOTS ................................... 15
• 7.1 OVERVIEW OF SANDBOX TECHNOLOGIES........................................... 15
• 7.1.1 Cuckoo - a standalone solution for advanced malware analysis ............ 15
• 7.1.2 Online Sandboxes ........................................................ 17
• 7.1.2.1 Anubis ................................................................ 18
• 7.1.2.2 COMODO Automated Analysis System ...................................... 18
• 7.1.2.3 GFI Sandbox ........................................................... 19
• 7.1.2.4 Malwr ................................................................. 19
• 7.1.2.5 Xandora ............................................................... 20
• 7.2 ONLINE HONEYPOTS .......................................................... 20
• 7.2.1 urlQuery ................................................................ 21
• 7.2.2 Wepawet.................................................................. 22
• 7.2.3 JSUNPACK ................................................................ 22
• 7.3 A SUMMARY AND WARNING...................................................... 23
• 8 HONEYPOT SUPPORT TOOLS ...................................................... 24
• 8.1 NEPENTHES SUPPORT TOOLS: PHARM ............................................ 24
• 8.2 DIONAEA SUPPORT TOOLS: CARNIWWHORE ........................................ 24
• 8.3 HONEYD SUPPORT TOOLS: HONEYVIEW, HONEYD2MYSQL, HONEYD-VIZ, HONEYD CONFIGURATION GUI, WINHONEYD AND HOACD ....... 25
• 8.4 KIPPO SUPPORT TOOLS: KIPPO-GRAPH, KIPPO STATS AND DJANGO-KIPPO ............ 26
• 8.5 OTHER TOOLS ............................................................... 26
• 8.5.1 Honeywall ............................................................... 26
• 8.5.2 HP Feeds ................................................................ 27
• 8.5.3 HoneyStats .............................................................. 28
• 9 RECOMMENDED HONEYPOT SOLUTIONS .............................................. 29
• 9.1 THE QUICK WIN ............................................................. 29
• 9.2 WITH ADDITIONAL EFFORT .................................................... 30
• 9.3 FOR THE RESEARCHERS ....................................................... 30
• 10 SHORTCOMINGS, RECOMMENDATIONS AND FUTURE WORK .............................. 31
• 10.1 BARRIERS TO USAGE AND DEPLOYMENT ......................................... 31
• 10.2 GENERAL RECOMMENDATIONS FOR CERTS ........................................ 33
• 10.3 FUTURE DEVELOPMENT AND RESEARCH .......................................... 34
• 11 CONCLUSION ................................................................. 37
• 12 ANNEX I: ABBREVIATIONS ..................................................... 38

...
Honeypots are closely monitored network decoys serving several purposes: they can distract adversaries from more valuable machines on a network, they can provide early warning about new attack and exploitation trends and they allow in-depth examination of adversaries during and after exploitation of a honeypot.
...

To the uninitiated, a "honeypot" is a network resource that has no production value; any attempt to communicate with it represents a sure sign of an attack. It can be deployed on retired servers, routers, on production systems, or via scripts running emulated services.
Ein "Honigtopf" wird hier ein Netzwerk genannt, dass speziell zur Anlockung von Hackern aufgebaut wird. - Natürlich in Anlehnung an den wirklichen Honigtopf, mit dem man z.B. lästige Fliegen ablenkt, bzw. sie sogar einfängt.

Web Application Honeypots

VICTORIA UNIVERSITY OF WELLINGTON
Te Whare Wananga o te Upoko o te Ika a Maui
School of Mathematical and Computing Sciences
Computer Science
Wellington
New Zealand

Taxonomy of Honeypots

Christian Seifert, Ian Welch, Peter Komisarczuk
...

15 Jun 2001 Honeypots and Honeynet, Invicta Networks, DDOS attacks on grc.com

honeypot | Venus' honeypot

An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network.
...

virtual honeypot

Als "Honigtopf" oder auch englisch "Honeypot" wird eine Einrichtung bezeichnet, die einen Angreifer oder Feind vom eigentlichen Ziel ablenken soll oder in einen Bereich hineinziehen soll, der ihn sonst nicht interessiert hätte. Der Ursprung stammt aus der Überlegung, dass Bären mit einem Honigtopf sowohl abgelenkt als auch in eine Falle gelockt werden könnten.

Im übertragenen Sinne werden sehr verschiedene Dinge als "Honeypot" bezeichnet.
...

ISACA (W3)

Das Hauptprodukt der "ISACA" ist die Ausbildung und Zertifizierung des "Certified Information Systems Auditor" als international anerkannte Qualifikation auf dem Sektor der Informationssystem-Prüfung.

Für IT-Fachleute eröffnen sich durch die Ablegung des CISA-Examens neue Karrierechancen: Schlüsselpositionen in IT-Abteilungen verschiedenster Unternehmen werden in den USA und auch zunehmend in Europa von CISAs besetzt. Das Zertifikat zeichnet vor allem jene Fachleute aus, die sich an die schnell ändernden IT-Umgebungen und die damit verbundenen hohen Anforderungen optimal anpassen können, da neben der Ablegung der Prüfung auch die notwendige laufende Fortbildung mit dem Zertifikat verbunden sind.
...

• Sarbanes Oxley Basel II (Februar 2005)
• Biometrie (Juni 2005)
• Schnittstellenprüfung (September 2005)
• Prüfungs-Standards (November 2005)
• Customer Relationship Management (Februar 2004)
• IT Governance (April 2004)
• Eurocacs 2004 (Juni 204)
• Professional Judgement in der IT (September 2004)
• Deutschland (Dezember 2004)
• Zahlungssysteme (2003)
• Registerharmonisierung (2003)
• Datenschutz (2003)
• Ausbildung (2002)
• Kaleidoskop (2002)
• ERB Enterprise Resource Planning (2002)
• CAATs (2002)
• Outsourcing Banken (2002)
• Forensic Account (September 2001)
• e-Shop (Juni 2001)
• Computerkriminalität (April 2001)
• Encryption (Februar 2001)
• Netzwerk (Dezember 2000)
• Accompagnement du projet (Decembre 2000)
• COBIT (September 2000)
• E-Business (September 2000)
• Projektbegleitung (Juni 2000)
• Knowledge Management (April 2000)
• Modern IS Audit (Februar 2000)
• Outsourcing (Februar 2000)
• PKI (Dezember 1999)

ITGI (W3)

Joe Job (W3)

Leet
L33t
Leetspeak (W3)

...
"Leetspeak" (auch "Leetspeek"; von engl. "elite", "Elite") bezeichnet das Ersetzen von Buchstaben durch ähnlich aussehende Ziffern sowie - nach einer erweiterten Definition - Sonderzeichen. So wird der Begriff "Leetspeak" selbst häufig "1337", manchmal "1337 5P34K", selten auch "31337" bzw. "313373" geschrieben.

Häufige Verwendung: Eine "1" sieht wie ein kleines "L" oder "I" aus, "3" ist das Spiegelbild eines "E", und eine "7" ist ein etwas deformiertes "T". Unter der "0" kann man sich ein großes "O" vorstellen. Aus einer "4" wird ein "A" oder ein "h" und aus einer "5" wird ein "S".

Seltenere Verwendung: Eine "2" wird als ein "R" oder auch als "Z" gedeutet. Eine "6" lässt sich als ein "G" deuten, eine "8" als großes "B" sehen und die "9" könnte ein kleines "g" darstellen.

Wenn dazu noch Buchstaben entfallen können bzw. durch gleichwertige Lautkombinationen ersetzt werden, wird aus engl. "Elite" über "Eleet" am Ende "1337".

Leetspeak kann schwer zu lesen sein und ist dadurch als eine Art Geheimcode bestimmter Gruppen der Computerszene zu betrachten. Ursprünglich durchaus ernst gemeint, wird sie heute jedoch fast nur noch selbstironisch in Form von einzelnen bekannten Versatzstücken oder zur Individualisierung von Nicknames mittels Sonderzeichen genutzt. Weitere Verwendung findet Leetspeak bei Nutzern von Internet-Spielen, wobei sich hier nicht genau bestimmen lässt, ob es nun darum geht, weniger erfahrene oder gegnerische Spieler aus der Konversationen auszugrenzen, oder eher anderen Spielern zu imponieren. Traditionell werden nur einzelne Buchstaben durch die ähnlich geformten Ziffern ersetzt. In den letzten Jahren artete dies jedoch dazu aus, dass aus (mehreren) Sonderzeichen einzelne Buchstaben gebastelt wurden; diese moderne Form ist allerdings keine wirkliche "1337-Sprache" mehr.
...

Meme (W3)
Security-Articles

NIST (W3)

Special Publications (800 Series)
Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

nist.gov
National Institute of Standards and Technology (NIST)
Glossary of Key Information Security Terms

NISTIR 7298
Revision 2
Glossary of Key Information Security Terms
Richard Kissel, Editor
...
Glossary of common security terms has been extracted from NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009).

This glossary includes most of the terms in the NIST publications. It also contains nearly all of the terms and definitions from CNSSI-4009. This glossary provides a central resource of terms and definitions most commonly used in NIST information security publications and in CNSS information assurance publications.

Pharming
die neue Form des Phishing (W3)

Die Welt der Informationstechnologie ist reich an schillernden Begriffen, aber auch so dynamisch wie kaum ein anderer Bereich. Daher werden Ausdrücke wie "Phishing", das ja eben erst im 2004 gross aufkam, schon wieder von neuen überlagert. "Pharming" bezeichnet eine neue Generation von Phishing-Attacken. Im Mittelpunkt des klassischen Daten-Phishens stehen E-Mail-Nachrichten, die gefälschte Links enthalten. Durch diese werden Internetnutzer auf täuschend echt nachgebaute Webseiten gelockt, wo sie dann geheime Daten bekannt geben. Beim Pharming fällt dieser Schritt weg: Durch das Ausnutzen von Sicherheitslöchern in Internetbrowsern werden jene Dateien auf dem Computer manipuliert, die eingegebene Internetadressen in die für den Computer nutzbare IP-Adressen übersetzen. Dadurch gelangen Sie auf eine gefälschte Seite. Als PC-Nutzer sollten Sie deshalb darauf achten, die Sicherheitsupdates für die von ihnen verwendeten Browser regelmässig zu installieren.

Pharming and phishing

Phish
Phisher
Freak (W1)
Phishers Freak phisht freshe Phishe
freshe Phishe phisht Phishers Freak

...
"-freak" was a slang combining form indicating any kind of obsessive person, such as a "health-freak" or "control-freak." In the context of "phone-freaking", there may also have been a punning reference to the sound "frequencies" being generated by the phreak's mysterious "blue box."
...

A fleck or streak of color.

1563, "sudden turn of mind," probably related to O.E. frician "to dance" (not recorded in M.E., but the word may have survived in dialect), or perhaps from M.E. frek "bold, quickly," from O.E. frec "greedy, gluttonous." Sense of "capricious notion" (1563) and "unusual thing, fancy" (1784) preceded that in freak of nature (1847).

The verb "freak out" is first attested 1965 in Amer.Eng., from freak (n.) "drug user" (1945), but the verb meaning "change, distort" goes back to 1911, and the sense in health freak, ecology freak, etc. is attested from 1908.

Phishing
Spear phishing (W2)

Die Welt der Informationstechnologie ist reich an schillernden Begriffen, aber auch so dynamisch wie kaum ein anderer Bereich. Daher werden Ausdrücke wie "Phishing", das ja eben erst im 2004 gross aufkam, schon wieder von neuen überlagert. "Pharming" bezeichnet eine neue Generation von Phishing-Attacken. Im Mittelpunkt des klassischen Daten-Phishens stehen E-Mail-Nachrichten, die gefälschte Links enthalten. Durch diese werden Internetnutzer auf täuschend echt nachgebaute Webseiten gelockt, wo sie dann geheime Daten bekannt geben. Beim Pharming fällt dieser Schritt weg: Durch das Ausnutzen von Sicherheitslöchern in Internetbrowsern werden jene Dateien auf dem Computer manipuliert, die eingegebene Internetadressen in die für den Computer nutzbare IP-Adressen übersetzen. Dadurch gelangen Sie auf eine gefälschte Seite. Als PC-Nutzer sollten Sie deshalb darauf achten, die Sicherheitsupdates für die von ihnen verwendeten Browser regelmässig zu installieren.

08/06/2005 - Gare au phishing ! - France

Phishing - gefährliche Umleitung für Ihre Passwörter
...
Seit kurzem gibt es eine weitere Plage: "Phishing". Das klingt nach fischen gehen - und genau so ist es auch. Das Wort setzt sich aus "Password" und "fishing" zusammen, zu Deutsch "nach Passwörtern angeln".
...

Phishing

Gefährliche Umleitung für Ihre Passwörter

Schnell zum Abschnitt

• Trügerische Links und Webseiten
• Woran erkennt man Phishing-E-Mails?
• Woran erkennt man Phishing-Webseiten?

Schlimm genug, dass Spammer Ihre Mailbox zumüllen, andere auf Ihrem PC oder den mobilen Geräten herumschnüffeln wollen oder Schadprogramme einem die Lust am Internet verderben. Phishing: Das klingt nach fischen gehen - und genau so ist es auch. Das Wort setzt sich aus "Password" und "fishing" zusammen, zu Deutsch "nach Passwörtern angeln". Immer öfter fälschen Phishing-Betrüger E-Mails und Internetseiten und haben damit einen Weg gefunden, um an vertrauliche Daten wie Passwörter, Zugangsdaten oder Kreditkartennummern heran zu kommen - die Nutzer geben ihre Daten einfach freiwillig preis.
...

• phishing filoutage (n.m.)
• phishing hameçonnage (n.m.)

Pharming and phishing

phishing (en)

Ausgabe 17 (Februar 2005)

Sicherheitstests von Webapplikationen für Jedermann (B. Fröbe)
Es werden einfach durchzuführende Tests aufgezeigt, mit denen jeder selber erste Erkenntnisse über die Sicherheit seiner Webapplikationen gewinnen kann.

Umlautdomänen - Spoofing by Design? (Dr. T. Johr)
Mit der Einführung von internationalen Domänennamen können unter Nutzung von exotischen Zeichensätzen in der URL Phishing-Angriffe initiiert werden. Technik und Gegenmaßnahmen werden beschrieben.

Sind Blackberrys sicher? (F. Breitschaft)
Die Nutzung von BlackBerry ermöglicht einen einfachen mobilen Zugriff auf E-Mails und erfreut sich deshalb zunehmender Beliebtheit. Die damit verbundenen Sicherheitsprobleme werden analysiert.

1:57 Phishing for cash!

How Phishing Works

Phishing - Hammeçonnage - Phishing

Popular Phishing Scams and What To Do About Them

by Mary Landesman

Updated October 17, 2016

What is phishing?
...

spear-phishing

...
"Spear fishing" is a highly targeted phishing attack. By sending e-mails that appear genuine to all the employees or members of a certain company, government agency, organization or group, spear phishers attempt to trick you into giving out sensitive information.
...

Map of current phishing attacks

Netcraft's phishing attack map provides a real-time visualisation of the phishiest countries in the world. Measurements are determined by using IP address delegation information to attribute current phishing sites in our Phishing Site Feed to countries. We then use the number of active sites found by our Web Server Survey to calculate and display the ratio of phishing attacks to web sites in each country.
...

Phishing is a name derived from the notion of "fishing for information", and "phreaking", which was an eighties term used for people who hacked phone networks and systems to gain access to free calls, or control over parts of the telephony system. It is a simple concept, which is to try to trick people into disclosing their bank account details, so that the attacker may then log in to the person's Internet bank and withdraw their savings.

• Netcraft removes phishing attacks in less than half the industry average time - 2013/01/24
• World map of phishing attacks - 2012/12/13
• Chrome version of Netcraft Anti-Phishing Extension Available - 2012/11/19
• Phishing attacks using HTML attachments - 2012/11/13
• Phishing Alerts for Domain Registries 2012/10/25
• Phishing Alerts for Certificate Authorities 2012/09/19
• Phishing on sites using SSL Certificates 2012/08/22
• Nigerian government hosts Halifax phishing site 2012/01/04
• Phishing sites using Extended Validation SSL 2011/12/30
• Governments hosted 146 new phishing sites in July 2011/08/19
• iPad: New incentive for phishing site reporters 2010/06/11
• HMRC phishing site hosted on gov.uk domain 2009/09/01
• Faster Actions Needed Against Phishing Domains 2009/06/22
• New Phishing Attacks Combine Wildcard DNS and XSS 2009/02/17
• New Incentives for Phishing Site Reporters 2009/01/06
• Ongoing Phishing Attack Exposes Yahoo Accounts 2008/10/26
• Citigroup Phishing surged after Wachovia Announcement 2008/10/03
• Phishing kits take advantage of novice fraudsters 2008/01/03
• January Phishing Site Competition Winners 2007/02/15
• Netcraft Phishing Feed To Protect Microsoft Customers 2007/02/06
• Phishing Attacks Continue to Grow in Sophistication 2007/01/15
• Phishing By The Numbers: 609,000 Blocked Sites in 2006 2007/01/15
• November Phishing Site Competition Winners 2006/12/10
• October Phishing Site Competition Winners 2006/11/15
• September Phishing Site Competition Winners 2006/10/09
• Bank, Customers Spar Over Phishing Losses 2006/09/13
• Who can block the largest number of phishing sites in September? 2006/09/01
• Chinese Bank’s Server Used in Phishing Attacks on US Banks 2006/03/12
• Who can block the largest number of phishing sites in January? 2006/01/05
• Phishing By The Numbers: 41,000 Blocked Sites in 2005 2005/12/31
• Phishing Attacks Evolved Steadily Throughout 2005 2005/12/29
• More than 450 Phishing Attacks Used SSL in 2005 2005/12/28
• eBay Fooled by Fast-moving Phishing Scam 2005/12/05
• Report a phishing site, gain a chance to win an Ipod 2005/11/17
• Bank Shuts Down Web Site After Phishing Attack 2005/10/22
• Phishing Defense a Key Factor in eBay-VeriSign Deal 2005/10/11
• New Phishing Attacks Eliminate Need for Target Web Site 2005/06/24
• Wave of Phishing Attacks Hit Regional Banks, Credit Unions 2005/06/13
• Bank Mergers Provide Opportunity for Phishing 2005/06/09
• Honeynet Reports on Traffic to Phishing Sites 2005/05/20
• Online Vigilantes Fight Back Against Phishing Fraudsters 2005/05/18
• Fraudsters seek to make phishing sites undetectable by content filters 2005/05/12
• Fraudsters deploy Botnets as DNS Servers to Sustain Phishing Attacks 2005/05/04
• Banks Hit by Cross-Frame Phishing Attacks 2005/03/17
• Firefox to Disable IDN Support as Phishing Defense 2005/02/15
• Netcraft Anti-Phishing Toolbar Available for Download 2004/12/28
• Tech Giants Target Phishing as New Threats Emerge 2004/12/08
• Phishing Activity Surges Ahead of Holiday e-commerce Season 2004/11/27
• Google sites plagued by phishing opportunities 2004/11/01
• Google fix second phishing vulnerability 2004/10/22
• Phishing Attacks possible on Google 2004/10/20
• Fraudsters go Phishing on eBay 2004/10/15
• Cardholders targetted by Phishing attack using visa-secure.com 2004/10/08
• Life Span of a Phishing Site Averages 54 Hours 2004/08/14
• Phishing Attacks Using Banner Ads to Spread Malware 2004/08/06
• MyDoom Spread Illustrates Challenge for Phishing Defense 2004/07/27
• Microsoft Releases Fix for IE Phishing Exploit 2004/07/02
• IIS Server Malware is Phishing Scam 2004/06/25
• Phishing Attacks Level Off in May 2004/06/22
• Phishing Worm Installs Trojan Without Trickery 2004/06/02
• Another Huge Surge in Phishing Scams in April 2004/05/25
• Anti-Phishing Site Targeted by Hack Attacks 2004/05/11
• More Than 400 Phishing Attacks in March 2004/04/22
• Phishing Trojan Grabs Browser Screen Shots 2004/04/17
• New Phishing Scam Prompts Warnings 2004/04/01
• Phishing Scam Spoofs U.S. Government Site 2004/03/16
• SSL’s Credibility as Phishing Defense Is Tested 2004/03/08
• Phishing Attacks Rise by 50% month on month 2004/02/25
• Phishing Scam Installs Keylogger Via Web Page 2004/02/16
• Jump in Phishing Attacks in December 2004/01/07

spear phishing

phishing, 30 septembre 2004 | phishing (voice~), 11 août 2006 | voice phishing,11 août 2006

...
Der Begriff ist ein Kunstwort, das sich aus "Passwort" und dem englischen "fishing" (zu Deutsch "fischen ") zusammensetzt.
...

11.03.2014
Thorsten Eggeling
Phishing: Methoden, Gefahren & Prävention
...

• Anti-phishing - Incident Response
• Anti-Phishing Techniques - Detection Measures
• Anti-Phishing Techniques - Protection Measures
• Phishing Questions

5901 Extensions to the IODEF-Document Class for Reporting Phishing P. Cain, D. Jevans [ July 2010 ] (TXT = 97325) (Status: PROPOSED STANDARD) (Stream: IETF, WG: NON WORKING GROUP)

• 15 Jan 2007 Automated targeting system, auditory eavesdropping, licensing boaters, Microsoft anti-phishing, Unabomber's code, transmitters in Canadian coins
• 15 Oct 2005 Phishing, closed-source breathalyzers, automatic license plate scanners, tax breaks for good security, Judge Roberts

Editorial: Der Phisher und die 7 Geißlein

Liebe Kinder, sperrt die Türe gut zu und nehmt euch in acht vor dem Wolf! (...) Der Bösewicht verstellt sich oft, aber an seiner rauen Stimme und an seinen schwarzen Füßen werdet ihr ihn gleich erkennen.
Gebrüder Grimm, Der Wolf und die sieben Geißlein

Fast gleichlautend lesen sich die Mahnungen der deutschen Banken. Letztere leiden unter der zunehmenden Flut von Phishing-Angriffen: Im Mai 2005 zählte Messagelabs über 9 Mio. Phishing-E-Mails, ein trauriger Rekord. Die Anti-Phishing Working Group erhielt im Juli 2005 über 14.000 Phishing-Reports, im Juli 2004 waren es erst 2.000.
...

phishing | phishing kit | phishing via SMS | SMS phishing | spear phishing | spear-phishing | spearphishing

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. ...
...
By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.
Phishing, also referred to as "brand spoofing" or "carding", is a variation on "fishing", the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

All About Phishing
...
Did You Know...
The word "phishing" comes from the analogy that Internet scammers are using e-mail lures to "fish" for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting AOL users. Since hackers have a tendency to replacing "f" with "ph" the term "phishing" was derived.

spear phishing

Phishing

phishing | phone phishing | puddle phishing | spear-phishing

phishing

Spear-phishing

| Anti-Phishing-Toolbar | phishen | Phishing-Angriff | Phishing-E-Mail | Phishing-Mail | Phishing-Raubzug | Phishing-Sicherheitscheck | Phishing-Sperre | Phishing-Technik | Phishing-Verfahren | Phishing-Welle | Phishzug

Phreaking (W3)
Phishers Freak phisht freshe Phishe
freshe Phishe phisht Phishers Freak

Phishing is a name derived from the notion of "fishing for information", and "phreaking", which was an eighties term used for people who hacked phone networks and systems to gain access to free calls, or control over parts of the telephony system. It is a simple concept, which is to try to trick people into disclosing their bank account details, so that the attacker may then log in to the person's Internet bank and withdraw their savings.

van Eck phreaking

Episode 111: Sacrifice
A senior computer-science researcher working on a classified government project is found murdered in his Hollywood Hills home, and data has been stolen from his computer. The investigation reveals that the victim was going through a bitter divorce and was trying to keep his wife from getting his money. Charlie also learns that the project the man was working on may involve baseball.

Math used: sabermetrics, econometrics, Van Eck phreaking

plynt
Palisade
Application Security Intelligence

About Palisade
Palisade is a monthly online magazine that focuses on application security. In each issue, we discuss topics of current interest in developing and using secure software. Palisade articles are written by Paladion's security engineers and usually reflect their work in advising customers develop safer software.
...

Articles in Palisade
All articles are broadly maintained in these three categories. Click on the individual links to go to the article content. Or you could click on the categories themselves. You will be taken to the respective category pages with article summaries.

(E?)(L?) http://palisade.plynt.com/articles/
Features

• Malware Infection on Websites
• Malware - Spreading and Mitigation
• Approach to Business Impact Analysis
• Understanding Encryption Requirements of PCIDSS
• Log Monitoring and Malware Scanning: Stay Ahead of the Threat Curve
• Measuring the Value of Remote Application Security Testing
• Database Links Security
• Defend against Reverse Engineering
• URL Redirection Flaw
• Virtualization - the promised land?
• Mobile Banking Architecture
• Back to Basics: Http Essentials
• Smart Questions for Customer Reference Checks
• HTTP Request Smuggling
• Session Riding Attacks
• Understanding SSL VPN
• The reign of bots
• Pharming on the Net
• Interview: The Challenges of Security Testing
• Security Architecture for Multi-Tier Applications
• Interview: What works in Training Security Testers
• Datamonitor Survey on Software Security Testing
• All About Steganography
• Built-in Intrusion Detection
• Integrating Smart Cards in Web Applications
• Preventing Buffer Overflows

(E?)(L?) http://palisade.plynt.com/articles/
Technical Articles

• Securing a SCADA network - Part I
• Basics of Forensics Log Analysis
• Insight into Web Application Firewalls - Part 1
• Catching Back Doors through Code Reviews
• Testing Mobile Applications for Security Vulnerabilities
• Virtual Keyboard and the Fight Against Keyloggers
• Defeating Encryption in Some Thick Clients
• Cache Control Directives Demystified
• CSRF - The hidden menace
• Common mistakes in two-tier applications
• Wi-Fi Protected Access
• Mobile Banking Architecture
• Application Penetration Tester's Toolkit
• Securing Web Based Payment Systems
• Wireless Security - Cracking WEP
• Wireless Security - How WEP works
• Insecurities in Healthcare Applications
• SaaS Security Testing - The Challenges
• HTTP Request Smuggling
• More on dodging spiders
• Are stored procedures safe against SQL injection?
• Dodging the spiders
• Browser Hijackers
• LinkDemand and InheritanceDemand
• Distributed Reflection Denial of Service: A Bandwidth Attack
• Thick Client Application Security - Attacks
• Security issues in 'Remember Me' feature
• Assert Safely: How to use .Net's Assert wisely
• Rainbow Cracking and Password Security
• Two Factor Authentication
• Defeating Bots with CAPTCHAs
• Securing Documents in Web Applications
• Security in SMS Banking
• Implementing SSL
• Code Obfuscation Part 3 - Hiding Control Flows
• Understanding SSL
• Code Obfuscation - Part 2: Obfuscating Data Structures
• SMS Banking
• Using browser refresh to expose passwords
• Code Obfuscation
• Secure your sessions with Page Tokens
• Security Enhancements in Visual C++
• Google Hacking - Is your web application secure?
• XPath injection in XML databases
• Security Reverse Proxy
• Steganalysis
• Fighting Keyloggers
• Source Code Analyzers
• Backdoors and Trojans in Applications
• Introduction to Code Obfuscation
• Same User, Different Privileges
• Securing Database Connection Strings
• Automated Application Vulnerability Scanners
• Passwords - In Memory Still Green
• Threat Modeling

(E?)(L?) http://palisade.plynt.com/articles/
Best Practices

• Top 5 Secure Coding Tips for PHP applications
• Secure coding techniques in ASP.NET - Part 1
• Best Practices for Protecting Banking Sites
• Securing PHP using Hardening Patch and Suhosin
• Meeting compliance requirements through application & network penetration tests and code reviews
• Selecting Application Security Vendors - Part II
• SAP Baseline Security Audit
• The Payment Application Data Security Standard (PA DSS)
• Mobile Banking - Threats and Mitigation
• 5 Tips for Securing Software as a Service
• Securely Webifying Applications
• Securing IIS Web Servers
• Are Complex Passwords Really Necessary?
• Securing Apache Web Servers
• Thick Client Application Security - Defenses
• Pharming on the Net
• Implementing Password Recovery
• Interviewing software developers
• Encrypting data in Databases
• Selecting Application Security Vendors
• Best Practices in Input Validation
• Catch'em Young - How to discover vulnerabilities early
• Application Logs - Security Best Practices
• Controls for Outsourcing Software Development
• Training your Developers
• Security at Software Requirements Specification
• Authentication - Security Best Practices

privacy
Analyze Your Internet Connection

processlibrary
Process Information

Find the latest information about spywares, adwares, trojans, viruses, system processes and common applications.

RACF (W3)

Goldis Consulting Services is an independent consultancy specializing in technical aspects of computer security. Since the mid 1980's, we’ve been known for our successful penetration studies in RACF, ACF2, and Top Secret environments.
...

Dictionaries

PWCHECK accepts user-defined password dictionaries when running in guessing mode. Two sample dictionaries are included with the software (a general dictionary and a dictionary of sports-related words).

PWCHECK is sensitive to the effectiveness of locally-created dictionaries. The user is expected to revise and improve these over time. You might want to add company names, local geographic names, locally noted personalities or management, and so forth, with various permutations of all these names.

You can find many other specialized dictionaries and wordlists by searching the internet. Here are some examples of specialized lists we sometimes use:

• Cartoons
• Science fiction
• Shakespeare
• Movies

In 1976, IBM® set the standard for security products when RACF® was introduced!
...

• Search the archives February 1996 - July 2005 ...
• Post to the list
• Join or leave the list (or change settings)
• Manage the list (list owners only)

PC Utilities relating to RACF

The 'RACF' utilities are text processing programs which take an IRRDBU00 ASCII flat file download from RACF and produces as output text reports and depending on the program JCL which can be checked, transfered back to mainframe and submitted.

Salami attack
Salami technique (W3)

Scareware (W3)

schneier
Bruce Schneier
Security-Newsletter von Bruce Schneier
Crypto-Gram Back Issues

• 15 Mar 2013 Nationalism on the Internet, automobile data surveillance, court of public opinion, news, chinese cyberattacks, technologies of surveillance, phishing, papal election, getting security incentives right, companies that can't afford dedicated security
• 15 Feb 2013 Power and the Internet, who does Skype let spy?, our new regimes of trust, TSA removing Rapiscan full-body scanners, scrambling fighter jets, massive police shootout despite lack of criminals, New York Times hacked by China, man-in-the-middle attacks against browser encryption
• 15 Jan 2013 Last month's overreactions, public shaming as a security measure, terms of service as a security threat, classifying a shape, Bruce Schneier as a verb, experimental results: Liars and Outliers trust offer
• 15 Dec 2012 Feudal security, e-mail security in the wake of Petraeus, squids on the Economist cover, IT for oppression, dictators shutting down the internet, book review: Against Security
• 15 Nov 2011 Advanced Persistent Threat (APT), qnother ATM theft tactic, remotely opening prison doors, fake documents that alarm if opened
• 15 Oct 2011 Three emerging cyber threats, status report on Liars and Outliers, official malware from the German police, domain-in-the-middle attacks, insider attack against Diebold voting machines, National Cybersecurity Awareness Month
• 15 Sep 2011 Ten-year anniversary of 9/11, terrorism in the U.S. since 9/11, efficacy of post-9/11 counterterrorism, unredacted U.S. diplomatic wikileaks cables published, status report on Liars and Outliers
• 15 Aug 2011 Developments in facial recognition, is there a hacking epidemic?
• 15 Jul 2011 Man flies with someone else's ticket, court ruling on "reasonable" electronic banking security, protecting private information on smart phones, yet another "people plug in strange USB sticks" story
• 15 June 2011 New Siemens SCADA vulnerabilities kept secret, avoiding TSA's full-body scanners, sensitive information and self-restraint, man-in-the-middle attack against the MCAT exam, open-source software feels insecure
• 15 May 2011 Status report on The Dishonest Minority, RFID tags protecting hotel towels, hijacking the coreflood botnet, drugging people and then robbing them, Sony hack
• 15 Apr 2011 Detecting cheaters, ebook fraud, keeping your money in a home safe, changing incentives creates security risks, euro coin recycling scam, wi-fi in London Underground, Epsilon hack, Schneier's Law
• 15 Mar 2011 Anonymous vs. HBGary, NIST Defines New Versions of SHA-512
• 15 Feb 2011 Societal security, Domodedovo airport bombing, bioencryption, scareware, whitelisting vs. blacklisting
• 15 Jan 2011 Security in 2020, stealing SIM cards from traffic lights, recording the police, book review: Cyber War
• 15 Dec 2010 Airline security, full body scanners, closing the Washington Monument, cyberwar and the future of cyber conflict, NIST announces SHA-3 finalists, software monoculture, term paper writing for hire
• 15 Oct 2010 Wiretapping the Internet, cyberwar, putting unique codes on objects to detect counterfeiting, Stuxnet
• 15 Sep 2010 Consumerization and corporate IT Security, more Skein news, wanted: Skein hardware help
• 15 Aug 2010 A revised taxonomy of social networking data, WikiLeaks insurance file, NSA and the National Cryptologic Museum, book review: How Risky Is It, Really?
• 15 Jul 2010 The threat of cyberwar has been grossly exaggerated, Internet kill switch, Third SHB Workshop, data at rest vs. data in motion, reading me
• 15 Jun 2010 Hiring hackers, scenes from an airport, fifth annual Movie-Plot Threat Contest winner, outsourcing to an Indian jail, terrorists placing fake bombs in public places, reading me
• 15 May 2010 Worst-case thinking, why aren't there more terrorist attacks?, 9/11 made us safer?, young people and privacy, "if you see something, say something", preventing terrorist attacks in crowded areas, punishing security breaches
• 15 Apr 2010 Privacy and control, New York and the Moscow subway bombing, fifth annual Movie-Plot Threat Contest, new book: Cryptography Engineering, should the government stop outsourcing code development?
• 15 Mar 2010 Al-Mabhouh assassination, small planes and lone terrorist nutcases, Demiurge Consulting, TSA logo contest winner
• 15 Feb 2010 Fixing intelligence failures, anonymity and the Internet, security and function creep, Chinese attack against Google, new attack on Threefish
• 15 Jan 2010 Underwear Bomber, TSA logo contest, fixing airport security contest, fixing intelligence, intercepting predator video, breaching the secure area in airports
• 15 Dec 2009 Terrorists targeting high-profile events, Eric Schmidt on privacy, a taxonomy of social networking data, the psychology of being scammed, reacting to security vulnerabilities
• 15 Nov 2009 Beyond security theater, fear and overreaction, zero-tolerance policies, security in a reputation economy, the commercial speech arms race, "evil maid" attacks on encrypted hard drives, is antivirus dead?
• 15 Sep 2009 Eighth Anniversary of 9/11, Skein news, real-world access control, file deletion, London's surveillance cameras, Robert Sawyer's alibis, stealing 130 million credit card numbers, "the cult of Schneier"
• 15 Aug 2009 Risk intuition, privacy salience and social networking sites, building in surveillance, laptop security while crossing borders, self-enforcing protocols, another new AES attack, lockpicking and the Internet
• 15 Jul 2009 Imagining threats, security and group size, fraud on eBay, authenticating paperwork, password masking, the "hidden cost" of privacy, fixing airport security, homomorphic encryption, new attack on AES, MD6, SHA-1
• 15 Jun 2009 Obama's cybersecurity speech, "Lost" puzzle, terrorism arrests, full-body scanners in airports, Net1, cloud computing, The Second Interdisciplinary Workshop on Security and Human Behaviour
• 15 May 2009 Fourth Annual Movie-Plot Threat Contest winner, book review: The Science of Fear, an expectation of online privacy, malicious contamination of the food supply, data trade practices, mathematical illiteracy, Conficker
• 15 Apr 2009 Fourth Annual Movie-Plot Threat Contest, who should be in charge of u.s. cybersecurity?, privacy and the fourth amendment, the definition of "weapon of mass destruction," stealing commodities
• 15 Mar 2009 Perverse security incentives, privacy in the age of persistence, insiders, singularics, insect security, the kindness of strangers, new ebay fraud, blaming the victim, security and usability in authentication
• 15 Feb 2009 Helping the terrorists, Monster.com data breach, the exclusionary rule, BitArmor's no-breach guarantee, breach notification laws
• 15 Jan 2009 Impersonation, forging SSL certificates, biometrics
• 15 Oct 2008 Seven habits of highly ineffective terrorists, news, warrantless eavesdropping, risk management, "new attack" against encrypted images, nonviolent activists are now terrorists
• 15 Sep 2008 New book, identity farming, Phorm, security ROI, Diebold, full disclosure, Cory Doctorow's cipher wheel rings, photo ID checks at airport, mental illness and murder, movie-plot threats
• 15 Aug 2008 Memo to the next president, homeland security cost-benefit analysis, Mifare transport cards, software liabilities, Truecrypt's deniable file system, DNS vulnerability
• 15 Jul 2008 CCTV cameras, kill switches and remote control, LifeLock, The First Interdisciplinary Workshop on Security and Human Behavior, Chinese hackers, Man-in-the-Middle attacks
• 15 Jun 2008 The war on photography, crossing borders with laptops, e-mail after the Rapture, fax signatures, the war on t-shirts, airplane seat cameras, how to sell security
• 15 May 2008 Ten-Year Anniversary of Crypto-Gram, dual-use technologies and equities, crossing borders with laptops, risk preferences in chimpanzees and bonobos, ethics of vulnerability research
• 15 Apr 2008 Third Annual Movie-Plot Threat Contest, the security mindset, security as feeling and reality, web entrapment, speeding tickets and agenda, seat belts, Internet censorship
• 15 Mar 2008 Privacy and power, Israel implementing IFF for commercial aircraft, third parties controlling information, Amtrak passenger screening, security suites vs. best-of-breed
• 15 Feb 2008 Security vs. privacy, MySpace and U.S. Attorneys General, lock-in, hacking power networks, Mujahideen Secrets 2, giving driver's licenses to illegal immigrants
• 15 Jan 2008 Anonymity and the Netflix dataset, "Where Should Airport Security Begin?", airport security study, running an open wireless network
• 15 Dec 2007 How to secure your computer, defeating the shoe scanning machine at Heathrow Airport, Gitmo manual leaked, security in ten years
• 15 Nov 2007 The war on the unexpected, online political contributing, chemical plants, switzerland and quantum cryptography, security by letterhead, cyberwar, black market in internet crime, Dual_EC_DRBG
• 15 Oct 2007 Storm Worm, fraudulent Amber Alerts, UK police can now demand encryption keys, anonymity and Tor, remote-controlled toys and the TSA, staged attack on generator
• 15 Sep 2007 First responders, basketball referees, home users, stupidest terrorist overreaction, automobile surveillance, computer forensics case study, fast-food drive-ins
(E6)(L1) http://www.schneier.com/crypto-gram-back.html

• 15 Jul 2007 Correspondent inference theory and terrorism, ubiquity of communication, 4th amendment rights extended to e-mail, credit card gas limits, voting machines and coercion, risks of data reuse
• 15 Jun 2007 Rare risk and overreactions, portrait of the modern terrorist as an idiot, teaching viruses, second movie-plot threat contest winner, non-security considerations in security decisions
• 15 Apr 2007 Second Movie-Plot Threat Contest, U.S. terorrist database, JavaScript hijacking, government contractor injects malicious software into critical military computers
• 15 Mar 2007 CYA security, copycats, US terrorism arrests overstated, movie plot threat in Vancouver, private police forces, cloning RFID chips made by HID
• 28 Feb 2007 Special issue: the psychology of security
• 15 Feb 2007 In praise of security theater, REAL-ID, debating full disclosure, sending photos to 911 operators, DRM in Windows Vista, psychology of security
• 15 Dec 2006 Revoting, real-world passwords, tracking sneakers, notary fraud, separating data and device ownership, fighting fraudulent tranactions
• 15 Nov 2006 Election security, perceived vs. actual risk, Total Information Awareness is back, forge your own boarding pass, the death of ephemeral conversation
• 15 Oct 2006 Screening people with clearances, renew your passport now!, faulty data and the Arar case, on-card displays, screaming cell phones
• 15 Sep 2006 What the terrorists want, ways to avoid the next 9/11, educating users, what is a hacker?, USBDumper, Microsoft and FairUse4WM
• 15 Aug 2006 Remote-control airplane software, doping in professional sports, iPod thefts, security certifications, HSBC insecurity hype, bot networks
• 15 Jul 2006 Google and click fraud, Mumbai terrorist bombings, League of Women Voters supports voter-verifiable paper trails, Brennan Center and electronic voting
• 15 Jun 2006 The value of privacy, movie-plot threat contest winner, hacking computers Over USB, aligning interest with capability
• 15 May 2006 Who owns your computer?, identity-theft disclosure laws, man-in-the-middle attacks on RFID cards, Microsoft's BitLocker, the security risk of special cases
• 15 Apr 2006 Movie-plot threat contest, airport passenger screening, VOIP encryption, security through begging, KittenAuth, new kind of door lock, iJacking
• 15 Mar 2006 The future of privacy, face recognition in bars, data mining for terrorists, police department privilege escalation, database error causes unbalanced budget, port security
• 15 Feb 2006 Risk of losing portable devices, multi-use ID cards, Ben Franklin
• 15 Jan 2006 Anonymity and accountability, Dutch botnet, Internet Explorer sucks, electronic shackles, Project Shamrock
• 15 Dec 2005 Airplane security, sky marshal shooting, Sony's DRM rootkit, truckers watching the highways, secure classical communications
• 15 Nov 2005 RFID passports, the living and the dead, Sony secretly installs rootkit, Taser cam, DMCA review, Zotob worm
• 15 Sep 2005 Movie-plot threats, Katrina, the keys to the Sydney subway, Lance Armstrong, Trusted Computing best practices
• 15 Aug 2005 Profiling, Cisco and ISS, stealing imaginary things, turning cell phones off in tunnels, searching bags in subways
• 15 Jul 2005 London transport bombings, terrorism defense, CardSystems, speeding ticket avoidance, talking to strangers
• 15 May 2005 REAL ID, should terrorism be reported?, automatic speedtraps, the potential for an SSH worm, Wi-Fi minefields, combating spam
• 15 Apr 2005 More on two-factor authentication, identity theft, Secure Flight, papal elections
• 15 Mar 2005 SHA-1 broken, two-factor authentication, ChoicePoint, Unicode URL Hack, Ghostbuster
• 15 Feb 2005 Secure Flight, T-Mobile hack, Microsoft RC4 flaw, secret questions, authentication and expiration
• 15 Dec 2004 Behavioral assessment profiling, Google Desktop Search, safe personal computing
• 15 Nov 2004 Voting machines, mail-in ballot attack, world series security, technology and counterterrorism
• 15 Oct 2004 New blog, keeping network outages secret, RFID passports, license plate "guns"
• 15 Sep 2004 Security at the Olympics, Trusted Traveler program, museum security, mobile phone spoofing, no-fly list
• 15 August 2004 BOB on board, alibi and excuse clubs, Houston airport rangers, website passwords
• 15 July 2004 Due process, x-ray machines, portable storage devices, Coca-Cola and the NSA, CLEAR Act
• 15 June 2004 Breaking Iranian Codes, Windows XP SP2, cell phone jamming, cameras in subways, Witty worm
• 15 May 2004 Warrants, counterterrorism in airports, bypassing the USPS, national security consumers
• 15 Apr 2004 National ID cards, TSA-approved locks, stealing an election, beepcard, virus wars
• 15 Mar 2004 Microsoft source code leak, port knocking, USPTO, Password Safe 2.0, V-ID card, risks of centralization
• 15 Feb 2004 Surveillance, the politicization of security, identification, economics of spam
• 15 Jan 2004 Color-coded terrorist threat levels, fingerprinting foreigners, almanacs, diverting aircraft
• 15 Nov 2003 Airplane hackers, the 9/11 terrorists' real weapon, the trojan defense
• 15 Oct 2003 The future of surveillance, the Patriot Act and mission creep, risks of monoculture, identity cards
• 15 Sep 2003 Accidents and security incidents, Beyond Fear reactions, benevolent worms, hats in banks
• 15 Aug 2003 Beyond Fear, flying on someone else's plane ticket, hidden text in computer documents
• 15 Jul 2003 How to fight, more e-mail filtering idiocy, Password Safe, crying wolf
• 15 Jun 2003 Cyber-terrorism, self-destructing DVDs, attacking virtual machines, auditable tasers
• 15 May 2003 Encryption and wiretapping, receipts, unique e-mail addresses and spam
• 15 Apr 2003 Postal denial-of-service, baseball, NCIC database accuracy
• 15 Mar 2003 Practical Cryptography, SSL flaw, SSL patent case, woodland ants
• 15 Feb 2003 Locks and full disclosure, SQL Slammer, importance of authentication
• 15 Jan 2003 Militaries and cyber-war, cichlid fish, RMAC authentication mode
• 15 Dec 2002 Counterattack, Department of Homeland Security, Dan Cooper, crime
• 15 Nov 2002 New book, Japanese honeybees, choose your own Doghouse candidate
• 15 Oct 2002 National Strategy to Secure Cyberspace, more on AES cryptanalysis, one-time pads
• 15 Aug 2002 Palladium and the TCPA, license to hack, arming airline pilots
• 15 Jul 2002 Embedded control systems and security, Perrun virus
• 15 Jun 2002 Fixing intelligence failures, more on secrecy and security
• 15 May 2002 Secrecy, security, and obscurity; fun with fingerprint readers
• 15 Apr 2002 How to think about security, liability and security, key length
• 15 Mar 2002 SNMP, IETF "Responsible Disclosure" document
• 15 Feb 2002 Judging Microsoft, Oracle's "unbreakable" database
• 15 Jan 2002 Windows UPnP vulnerability, Password Safe 2.0, AGS Encryptions
• 15 Dec 2001 National ID cards, judges punish bad security, fun with vulnerability scanners
• 15 Nov 2001 Full disclosure, GOVNET, Password Safe vulnerability, Windows XP
• 15 Oct 2001 Cyberterrorism and cyberhooliganism, war on terrorism, SSSCA, Nimda, port 80
• 30 Sep 2001 Special issue on the Sep. 11 terrorist attacks and their aftermath Italian translation by Paolo Attivissimo
• 15 Sep 2001 11 September 2001, NSA's dual counter mode, Microsoft root certificate program
• 15 Aug 2001 DMCA, Code Red, copyright protection, cybercrime treaty
• 15 Jul 2001 Phone hacking: the next generation, monitoring first
• 15 May 2001 Military history, digital copy prevention, security standards, safe personal computing
• 15 Apr 2001 Advantages of defense, CSI computer crime survey, fake Microsoft certificates
• 15 Mar 2001 The security patch treadmill, insurance, death of IDS, 802.11 security
• 15 Feb 2001 CPRM, an intentional backdoor, e-mail filter idiocy, air gaps, internet voting
• 15 Jan 2001 A cyber UL?, SafeMessage, social engineering, code signing in Windows
• 15 Dec 2000 Voting and technology, digital safe-deposit boxes, new bank privacy regs
• 15 Nov 2000 Digital signatures, SDMI hacking challenge, Microsoft hack
• 15 Oct 2000 Semantic attacks, cybercrime treaty, NSA on security, AES announced
• 15 Jul 2000 Full disclosure and the CIA, presidential password, lockmaking, Unicode
• 15 Jun 2000 SOAP, Java and viruses, DES, Infraworks
• 15 Apr 2000 AES conference, French banking card hack, Microsoft Active Setup, UCITA
• 15 Mar 2000 Kerberos and Win2K, software burglary tools, UCITA, software complexity
• 15 Feb 2000 Distributed denial-of-service, Chinese crypto regs, publicizing vulnerabilities
• 15 Jan 2000 Publicity attacks, new encryption regs, Netscape, block and stream ciphers
• 15 Dec 1999 Security as process, ECHELON, export regulations draft, GSM encryption
• 15 Nov 1999 Why computers are insecure, DVD encryption, Win CE, Elliptic Curves
• 15 Oct 1999 Becoming a cryptographer, export rules, AMD, PKI slogans, key length
• 15 Aug 1999 Back Orifice 2000, AES news, HPUX, web-based encrypted mail
• 15 Jul 1999 Future of crypto-hacking, bungled SSL, reader comments
• 15 Jun 1999 E-mail viruses, hacking archives, international encryption policy
• 15 May 1999 Internationalization of cryptography, export rules, TWINKLE
• 15 Apr 1999 The importance of not being different, smart card threats, attacking certificates with viruses
• 15 Feb 1999 Snake oil, NSA and crypto export, WinXFiles, back doors, Intel's processor ID
• 15 Jan 1999 1998 year-in-review, clueless agents, Cayley-Purser
• 15 Dec 1998 Cracking contests, recognizing plaintext, zip disks, Commerce Dept. committee
• 15 Nov 1998 micro locks, copy protection, more on steganography
• 15 Oct 1998 Steganography, TriStrata, Rapid Remote, memo to amateur cipher designers
• 15 Sep 1998 Cramer-Shoup, impossible cryptanalysis, street performer, Private Doorbell
• 15 Aug 1998 Hardware DES cracker, KEA, chosen protocol attack, biometrics
• 15 May 1998 AES, secret story of non-secret encryption, conditional purchase orders

Security (W3)

U.S. ID - How Social Security Numbers Work
If you have a Social Security number, you know that it's a pretty ubiquitous form of identification in the United States. But what do the numbers on a Social Security card mean? How easy is it for someone to steal your identity using your SSN? Find out all about Social Security numbers.

Biometric Security - How Fingerprint Scanners Work
Your fingerprints are not only unique; they're also very hard to fake and even harder to misplace. What better ID to use in a security system? Fingerprint scanners are gaining popularity in both corporate and home systems. Find out how fingerprint scanners know it's you.

U.S. ID - How Social Security Numbers Work
If you have a Social Security number, you know that it's a pretty ubiquitous form of identification in the United States. But what do the numbers on a Social Security card mean? How easy is it for someone to steal your identity using your SSN? Find out all about Social Security numbers.

Image of Inactivity - How Screensavers Work
Screensavers used to be necessary due to CRT monitor quirks. Now, they've gone from essential to optional: They're mostly used for entertainment and security.
Find out exactly what a screensaver is, how it knows when to kick in and where you can find some free downloads.

Biometric Security - How Fingerprint Scanners Work
Your fingerprints are not only unique; they're also very hard to fake and even harder hard to misplace. What better ID to use in a security system? Fingerprint scanners are gaining popularity in both corporate and home systems. Find out how fingerprint scanners know it's you.

S-HTTP (W3)

"Secure HTTP" is an extension to the "HTTP" protocol to support sending data securely over the World Wide Web. Not all Web browsers and servers support S-HTTP.

"S-HTTP" was developed by Enterprise Integration Technologies (EIT), which was acquired by Verifone, Inc. in 1995.

snake oil (W2)

Sock puppet (W3)

sophos.com
Spam-Glossary

sophos.com
Viruses and spam - what you need to know

sophos.com
Viruses and Spyware

sophos.com
Virus-Glossary

Sophos - Artikel

SPAM
Spiced Porc And Ham (W2)

• "spiced ham"
• "spiced pork and ham"
• "specially processed army meet"
• "specially processed assorted meat"

spam: vt.,vi.,n.

[from Monty Python's Flying Circus]

• 1. To crash a program by overrunning a fixed-size buffer with excessively large input data. See also buffer overflow, overrun screw, smash the stack.
• 2. To cause a newsgroup to be flooded with irrelevant or inappropriate messages. You can spam a newsgroup with as little as one well- (or ill-) planned message (e.g. asking “What do you think of abortion?” on soc.women). This is often done with cross-posting (e.g. any message which is cross-posted to alt.rush-limbaugh and alt.politics.homosexuality will almost inevitably spam both groups). This overlaps with troll behavior; the latter more specific term has become more common.
• 3. To send many identical or nearly-identical messages separately to a large number of Usenet newsgroups. This is more specifically called ECP, Excessive Cross-Posting. This is one sure way to infuriate nearly everyone on the Net. See also velveeta and jello.
• 4. To bombard a newsgroup with multiple copies of a message. This is more specifically called EMP, Excessive Multi-Posting.
• 5. To mass-mail unrequested identical or nearly-identical email messages, particularly those containing advertising. Especially used when the mail addresses have been culled from network traffic or databases without the consent of the recipients. Synonyms include UCE, UBE. As a noun, "spam" refers to the messages so sent.
• 6. Any large, annoying, quantity of output. For instance, someone on IRC who walks away from their screen and comes back to find 200 lines of text might say “Oh no, spam”.

The later definitions have become much more prevalent as the Internet has opened up to non-techies, and to most people senses 3, 4 and 5 are now primary. All three behaviors are considered abuse of the net, and are almost universally grounds for termination of the originator's email account or network connection. In these senses the term "spam" has gone mainstream, though without its original sense or folkloric freight — there is apparently a widespread myth among lusers that "spamming" is what happens when you dump cans of Spam into a revolving fan. Hormel, the makers of Spam, have published a surprisingly enlightened position statement on the Internet usage.

Spammer in den Knast: US-Kongress segnet Gesetzentwurf ab

Kampf gegen Versender unerwünschter und betrügerischer Werbemails

Der von den US-Senatoren Ron Wyden und Conrad Burns entworfene Gesetzentwurf gegen unerwünschte und betrügerische E-Mail-Werbung, der so genannte "CAN SPAM Act of 2003 S. 877", wurde am gestrigen 22. Oktober 2003 vom US-Kongress akzeptiert und kann - sofern er die letzten Hürden nimmt - evtl. ab 2004 in Kraft treten. Der Gesetzentwurf legt harte zivil- und strafrechtliche Folgen gegen Versender von unrechtmäßig zugestellten E-Mails fest und sieht "No-Spam"-E-Mail-Listen ("Opt-Out"-Listen) sowie die Kennzeichnung von E-Mails mit pornografischem Inhalt vor.

Issue 71

...
Real spam is generally e-mail advertising for some product sent to a mailing list or newsgroup.
...
There is some debate about the source of the term, but the generally accepted version is that it comes from the Monty Python song, "Spam spam spam spam, spam spam spam spam, lovely spam, wonderful spam ..." Like the song, spam is an endless repetition of worthless text.

Another school of thought maintains that it comes from the computer group lab at the University of Southern California who gave it the name because it has many of the same characteristics as the lunchmeat "Spam".
...

Spam Definition | The Interactive Glossary

Spam is any unsolicited and unwanted electronic message distributed over the Internet.

When most people hear of spam, they either think of the luncheon meat or of unsolicited emails filling their inbox. While spam email messages are common, email is far from the only medium used by spammers.
...

Nearly 6 out of 10 e-mails are unwanted, as Brightmail's Probe Network measured December 2003's spam volume at 58 percent - 2 percentage points higher than the previous month. The volume has risen dramatically since the beginning of the year, when spam only comprised 42 percent of the e-mail in inboxes.

Once again, product-related spam dominated the volume, however there was a slight month-over-month decrease. Scam e-mail registered the biggest drop, encompassing 9 percent of the volume in December, compared to 13 percent in November, with the decline attributed to a new "fraud" category that Brightmail added. Brightmail found that identity fraud and brand spoofing [define] spam exploded during 2003.
...

SPIM (W3)
Instant Message SPAM

spim

...
Following is an excerpt from an article in the Los Angeles Times dated, Saturday, Feb 19th 2005:
...
Federal prosecutors said it was the first criminal case involving this new form of spam - known as "spim" because it targets so-called IM services.
...

...
"Spim dates back at least to an article by Eric Zorn in the Chicago Tribune on 8/5/1999: "The peddlers, pornographers, predators, publicists and other pests will also try to get in on the act. We now call their e-mail "spam". We'll call their instant messages "spIM"." This sounds as if he invented the term, but I'll bet there's earlier out there.
...
John Baker

spim

spim (instant messaging spam) definition

spim

All About Spam, Spim and Spit

spim

The term "spam" is derived from the Monty Python SPAM sketch, set in a cafe where everything on the menu includes SPAM luncheon meat. While a customer plaintively asks for some kind of food without SPAM in it, the server reiterates the SPAM-filled menu. Soon, a chorus of Vikings join in with a song: "SPAM, SPAM, SPAM, SPAM, SPAM, lovely SPAM, wonderful SPAM", over and over again, drowning out all conversation.

"SPIM" — a simulator for a virtual machine closely resembling the instruction set of "MIPS" (computer manufacturer) processors, is simply "MIPS spelled backwards". "MIPS" stands for "Millions of Instructions Per Second", from way back when that was something to boast of.

In recent time, "SPIM" has also come to mean "SPam sent over Instant Messaging".

spim

spim

spim or SPIM

spimmer

spoofing (W3)

SSL (W3)

SSL is a protocol developed by Netscape for transmitting private documents via the Internet. "SSL" uses a cryptographic system that uses two keys to encrypt data - a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with "https:" instead of "http:".

Steganography (W3)

STIGS (W3)

Subject Matter Links: STIGS:

• - STIG Development Process and Bi-Monthly Release Update Process
• - FSO Release Schedule - Update!
• - Security Checklists
• - FSO Scan Team Info (DKO account and CAC login is required)
• - Security Readiness Review Evaluation Scripts
• - Security Technical Implementation Guides (STIGS)
• - DRAFT STIGS and Security Checklists
• - DoD General Purpose STIG, Checklist and Tool Compilation CD
• - FSO Whitepapers
• Guides in PKI-enabled area (DoD PKI cert req'd)
• Common Control Indentifier (CCI) New!
• Web Guidance

1.6 Security-Checklisten

Mit dem "Cyber Security Research and Development Act" des Jahres 2002 wurde das amerikanische NIST verpflichtet, Checklisten zu entwickeln, die es erlauben, das für Hard- und Software bestehende und mit deren Nutzung einher gehende Risiko in US-Bundesbehörden zu minimieren. Das NIST startete daraufhin das "Security Configuration Checklists Program for IT Products" und veröffentlichte am 26.05.2005 die gleichnamige NIST Special Publication SP 800-70 und das NIST Beta Checklists Repository.

Die Checklisten im Repository sind derzeit nach elf Kategorien sortiert, die mit sicherheitsrelevanten Checklisten anderer Regierungsorganisationen (u.a. NSA, DISA, CIS) und von Herstellern befüllt werden. Inzwischen finden sich darin insgesamt schon mehr als 50.

Ziel ist, auf der Basis standardisierter Checklisten und des Austauschs von Erfahrungen die Voraussetzungen für ein vereinheitlichtes "Basis-Sicherheitsniveau" zu entwickeln. Die eingereichten Checklisten werden daher vom NIST mit 32 formalen Rahmenparametern charakterisiert. Das NIST plant, für Checklisten, die von Herstellern eingereicht werden, ein SP 800-70-Konformitätssiegel zu vergeben. Im Fall eines Siegelerhalts verpflichten sich die teilnehmenden Hersteller, die Garantie der Herstellerserviceverträge auf die Anwendung dieser Checklisten auszudehnen. Noch gibt es weder eine einheitliche Struktur noch das geplante Siegel, daher wurde das Repository auch als "Beta" eingestuft.

Einen Vorgeschmack auf mögliche zukünftige standardisierte Checklisten gibt die Spezifikation des "Extensible Configuration Checklist Description Format (XCCDF)".

Allerdings warten auch die NIST-eigenen Dokumente noch auf die Umsetzung in XCCDF.

On the DISA web page, you will be able to sign up for the list to be notified when updated STIGs are available.

symantec
Hoax-Liste

Hoaxes

Symantec Security Response uncovers hoaxes on a regular basis. These hoaxes usually arrive in the form of an email. Please disregard the hoax emails - they contain bogus warnings usually intent only on frightening or misleading users. The best course of action is to merely delete these hoax emails. Please refer to this page whenever you receive what appears to be a bogus message regarding a new virus, or promotion that sounds too good to be true.

Name Discovered

• "Hello Dear" Hoax 09/04/2000
• $800 from Microsoft Hoax
• AIDS Virus Hoax
• Antichrist Hoax 07/17/2001
• AOL and Intel Hoax
• AOL RIOT 2 Virus Hoax
• AOL.EXE Hoax
• AOL4Free Virus Hoax
• Awareness Virus Hoax
• Baby New Year Virus Hoax
• Badtimes Hoax
• Be Spooked Hoax
• BestBuy Order Fraud Alert Hoax 06/19/2003
• Bicho7 Hoax 10/23/2001
• Blue Mountain Virus Hoax 12/19/2000
• Blueballs Are Underrated Virus Hoax 07/30/1999
• BUGGLST Hoax
• California IBM Hoax
• CellSaver Virus Hoax 08/26/1999
• Coke.exe hoax
• Dana virus hoax 12/03/2001
• Dear Friends Hoax
• Desi1love Hoax
• Despite Virus Hoax 10/15/1999
• Discount Virus Hoax 08/25/2000
• DR.SIMON.WAJNTRAUBWS Hoax 10/26/2001
• Economic Slow Down Hoax
• Ericsson Free Phone Hoax 08/10/2001
• EVIL THE CAT Virus Hoax
• FatCat Virus Hoax
• February 1 Hoax 01/25/2002
• Flower for You Hoax 08/01/2000
• Forward Hoax
• FREE M & M's Hoax 11/02/1999
• Free Pizza Virus Hoax 10/15/1999
• Gamma2.exe Hoax 06/06/2001
• GAP Email Tracking Hoax 06/21/1999
• Gift from Microsoft Hoax 12/28/1999
• Goldbear Virus Hoax 11/08/2002
• Google Trojan Hoax 07/31/2003
• Got You Hoax 05/27/2003
• Guts to Say Jesus Hoax 05/15/1999
• Hacky Birthday Virus Hoax
• Hairy Palms Virus Hoax
• Halloween Virus Hoax
• Happy New Year Virus Hoax
• Help Poor Dog Virus Hoax
• Hitler Virus Hoax
• How to Give a Cat a Colonic Hoax
• INFILTER Virus Hoax
• Iraq War Hoax 04/04/2003
• Irish Virus hoax 09/08/2000
• Jan1st20.exe Virus Hoax
• Jdbgmgr.exe file hoax 04/12/2002
• John Kennedy Jr Trojan Hoax 12/20/1999
• Kleneu66 Hoax 09/19/2003
• Launch Nuclear Strike Now Hoax 01/10/2002
• Life is Beautiful Hoax 01/15/2002
• Londhouse Virus Hoax
• Lotus Notes Worm Hoax 09/01/2000
• Lump of Coal Virus Hoax 09/07/1999
• Matrix Virus Hoax
• Mobile Phone Virus Hoax 05/18/1999
• MSN Messenger add a contact Hoax 01/19/2003
• NASTYFRIEND99 Virus Hoax 05/10/1999
• NEWYORK BIG DIRT Hoax
• Norman Virus Hoax
• Olympic Torch Hoax 02/21/2006
• Osama vs Bush Hoax
• Pandemic Computer Virus Hoax
• Perrin.exe Virus Hoax
• Phantom Menace Hoax
• Pluperfect Virus Hoax
• Postal Service Email Charge Hoax 01/09/2002
• Sandman hoax
• SARC Virus Test Hoax
• Scoutshacker Hoax
• South Park News Letter Hoax
• Symantec ASDL Virus Hoax 06/19/2001
• T-Virus Hoax 08/19/2004
• The New Ice Age Hoax 02/13/2001
• Tuxissa Virus Hoax 04/22/2000
• Very Cool Virus Hoax
• Virtual Card Virus Hoax
• W2sync virus hoax
• W32-PrPlCrcl-G Virus Hoax 04/01/2002
• W32.MFG.Tassos@mm Hoax 06/04/2003
• W32.XPExp.Worm Hoax 01/31/2003
• Wait 48 hours hoax 11/01/2001
• Watching hoax 09/12/2000
• WAZ UP Hoax 01/11/2001
• Windows will Fail on Jan 1 Hoax
• Wobbler Hoax
• Wooden Horse Hoax
• WordScribe Virus Hoax 01/16/2001
• Work Virus Hoax
• World Domination Hoax
• WTC Survivor Hoax 10/29/2001
• YIM Hard drive killer Hoax 10/27/2005
• Your Screen Name Hoax
• ZZ331 Virus Hoax 08/31/1999

tasklist
Windows-Task-List
Windows-Prozess-Liste

A comprehensive list of processes running in your computer.
TaskList.org is the ultimate resource to help you determine if your computer is infected with spyware, adware or viruses.

UAC (W3)

...

• Windows needs your permission to continue
• A program needs your permission to continue
• An unidentified program wants access to your computer
• This program has been blocked

...

urlvoid.com
Internetseiten vorab auf lauernde Gefahren untersuchen

Urlvoid.com is a FREE service developed by NoVirusThanks Company that allows users to scan a website address with multiple web reputation engines to facilitate the detection of possible dangerous websites.

Network Tools

• My IP Address
• IP Address Lookup
• Domain To IP Address
• URL Content Dump
• Inspect HTTP Headers
• DNS Records
• DiG DNS Lookup
• SSL Certificate Check
• Unshorten URL
• Whois Lookup
• Redirections Fetcher
• Y! Messenger Status Check
• Skype Status Check
• Proxy Test
• HREF Links Extractor
• Ping Host
• Traceroute
• Htpasswd Password

String Tools

• Remove Duplicate Lines
• Append String
• String to Lowercase
• String to Uppercase
• IP2Long Online
• Long2IP Online
• Replace Strings
• Calculate String Length
• Sort Lines
• HTML Encode
• HTML Decode
• Reverse String
• Gzinflate Base64 Decode
• ROT13 Transform
• Base64 Decode
• Base64 Encode
• URL Decode
• URL Encode
• Timestamp to Datetime
• New Line to BR HTML
• Strip HTML Tags

String Tools

• Regex ToolsExtract Emails
• Extract IP Addresses
• Extract Domains

Hash Tools

• Multi Hash Generator

Our Network

• NoVirusThanks.org
• URLVoid.com
• IPVoid.com
• Malwarehash.com
• Netirk.com
• Threatlog.com
• URLVir.com
• Toolsvoid.com

VIL (W3)

Threat Resources:

Anti-Malware Tips | Hoaxes | Malware Alerts | Malware Check and Removal Tool "Stinger" | McAfee Avert Labs Threat News | Newly Discovered Malware | Newly Discovered PUPs | Recent Vulnerabilities | Recently Updated Malware | Recently Updated PUPs | Search Threat Library | Submit a Virus Sample | Tools and Utilities | Virus Calendar

Millions of threats exist today. The McAfee Avert Labs Threat Library has detailed information on viruses, Trojans, hoaxes, vulnerabilities and Potentially Unwanted Programs, where they come from, how they infect your system, and how to mitigate or remediate them.

Virus
Computer Virus
malware
Brain (W3)

...
The First Virus

On November 3, 1983, the first virus was conceived of as an experiment to be presented at a weekly seminar on computer security. The concept was first introduced in this seminar by the author, and the name 'virus' was thought of by Len Adleman. After 8 hours of expert work on a heavily loaded VAX 11/750 system running Unix, the first virus was completed and ready for demonstration. Within a week, permission was obtained to perform experiments, and 5 experiments were performed. On November 10, the virus was demonstrated to the security seminar.
...

...
Computer viruses now 20 years old

Now most viruses arrive via e-mail

This week computer viruses celebrate 20 years of causing trouble and strife to all types of computer users. US student Fred Cohen was behind the first documented virus that was created as an experiment in computer security.

Now there are almost 60,000 viruses in existence and they have gone from being a nuisance to a permanent menace.

Virus writers have adapted to new technology as it has emerged and the most virulent programs use the net to find new victims and cause havoc.
...

Chronologie der Computerviren

Von Csilla Burján

1949: Der ungarische Informatiker John von Neumann (1903-1957) entwickelt die Theorie von selbst-reproduzierenden Automaten.
...
1981/82:

Professor Len Adleman verwendet den Begriff "Virus", als er sich mit seinem Informatikstudenten Studenten Fred Cohen über selbstkopierende Programme unterhält.

Joe Dellinger studiert zur gleichen Zeit an der Texas A&M University und schreibt einige sich selbst vervielfältigende Programme für Disketten von Apple II und nennt sie Virus 1, Virus 2, Virus 3.
...
1983 Fred Cohen stellt seinen ersten funktionsfähigen Virus vor: Er ist unter dem Betriebssystem Unix programmiert und nistet sich im Befehl VD ein. Dieser Virus erbt bei jeder Ausführung die Systemprivilegien eines jeden infizierten Programms und kann so innerhalb eines kurzen Zeitraumes jedem Benutzer die geerbten Privilegien übergeben.

1984 Fred Cohen veröffentlicht seine Doktorarbeit "Computer Viruses - Theory and Experiments", die für internationales Aufsehen sorgt. Neben der Definition des Computervirus enthält sie auch zahlreiche Experimentalviren.
...

Term: Virus

Contents

• 1 CNSSI 4009
• 2 DSS Glossary
• 3 GAO-09-232G
• 4 NIST IR 7298
• 5 NIST SP 800-28v2
• 6 NIST SP 800-40
• 7 NIST SP 800-46
• 8 NIST SP 800-47
• 9 NIST SP 800-61r1
• 10 NIST SP 800-61
• 11 NIST SP 800-82 Final Draft
• 12 NIST SP 800-83

Virus

Contents

• 1 CNSSI 4009
• 2 NIST SP 800-28v2
• 3 NIST SP 800-40
• 4 NIST SP 800-46
• 5 NIST SP 800-47
• 6 NIST SP 800-61
• 7 NIST SP 800-61r1
• 8 NIST SP 800-83

Computer Virus Timeline

The term "virus" was first used in an academic publication by Fred Cohen in his 1984 paper Experiments with Computer Viruses, where he credits Len Adleman with coining it.

However, a mid-1970s science fiction novel by David Gerrold, When H.A.R.L.I.E. was One, includes a description of a fictional computer program called "VIRUS" that worked just like a virus (and was countered by a program called "ANTIBODY"); and John Brunner's 1975 novel "The Shockwave Rider" describes programs known as "tapeworms" which spread through a network for the purpose of deleting data.

The term "computer virus" with current usage also appears in the comic book "Uncanny X-Men" No. 158, published in 1982. And even earlier, in 1973, the phrase "computer virus" was used in the movie Westworld to describe a malicious program that emerged in the computer system of the theme park. Therefore, we may conclude that although Cohen's use of "virus" may, perhaps, have been the first "academic" use, the term has been used earlier.

The term "virus" is often used in common parlance to describe all kinds of "malware" ("malicious software"), including those that are more properly classified as "worms" or "trojans". Most popular anti-viral software packages defend against all of these types of attack.

The plural of "virus" is "viruses", not "virii", which is sometimes used incorrectly, both knowingly and otherwise. See plural of virus.

Vishing (W3)

...
Derived from the terms "voice" and "phishing," vishing is the online scam of stealing personal information or money from individuals using the telephone network, specifically telephony services.
...

vishing,11 août 2006

Warnung vor neuer Betrugsmasche „Vishing“

von Jason Curtis am 10. Juli 2006, 14:37 Uhr

websensesecuritylabs
Threat Map
Threat Map

Attack Information Center
Websense Global Threat Intelligence

Read about security research as it happens. Obtain in-depth security information including, research & statistics, white papers, presentations and the latest threat maps that display the most recent data collected by Websense Security Labs.

white hat (W3)

"White hat" describes a "hacker" (or, if you prefer, "cracker") who identifies a security weakness in a computer system or network but, instead of taking malicious advantage of it, exposes the weakness in a way that will allow the system's owners to fix the breach before it is can be taken advantage by others (such as "black hat" "hackers".)
...
The term comes from old Western movies, where "heros" often wore "white hats" and the "bad guys" wore "black hats".

Wikileaks (W3)

wolframalpha
Passwort-Generator

Schell, Bernadette (Autor)
Martin, Clemens (Autor)
Webster's New World Hacker Dictionary

Kurzbeschreibung

The comprehensive hacker dictionary for security professionals, businesses, governments, legal professionals, and others dealing with cyberspace

Hackers. Crackers. Phreakers. Black hats. White hats. Cybercrime. Logfiles. Anonymous Digital Cash. ARP Redirect.

Cyberspace has a language all its own. Understanding it is vital if you're concerned about Internet security, national security, or even personal security. As recent events have proven, you don't have to own a computer to be the victim of cybercrime-crackers have accessed information in the records of large, respected organizations, institutions, and even the military.

This is your guide to understanding hacker terminology. It's up to date and comprehensive, with:

• * Clear, concise, and accurate definitions of more than 875 hacker terms
• * Entries spanning key information-technology security concepts, organizations, case studies, laws, theories, and tools
• * Entries covering general terms, legal terms, legal cases, and people
• * Suggested further reading for definitions

This unique book provides a chronology of hacker-related developments beginning with the advent of the computer and continuing through current events in what is identified as today's Fear of a Cyber-Apocalypse Era. An appendix entitled "How Do Hackers Break into Computers?" details some of the ways crackers access and steal information.

Knowledge is power. With this dictionary, you're better equipped to be a white hat and guard against cybercrime.