Information Age: News, analysis & insight for IT & business leaders

° Brute force - Automated method of cracking a password by trying every possible combination until the correct one is discovered.

° Buffer overflow - Classic attack requiring intimate knowledge of the targeted application, exploiting a common programming error. By sending more data to a field than the programmer has allowed for, and including malicious code in that data, it 'overflows' into related program areas, and the malicious code executes.

° Data driven attack - Bypasses standard security measures by inserting data in web forms that can form the basis of a malicious attack on the back-end system or database.

° Deperimeterisation - Security philosophy advocating removal of firewalls, replacing them with data-level security to enable closer, secure collaboration of separate organisations.

° Distributed denial of service - A simple attack that floods a router, network or web server with more traffic than it can handle, often leveraging a 'zombie army' of broadband-connected PCs infected with Trojan horses.

° DMZ - Demilitarised zone: a buffer zone between a company network and the Internet.

° DRM - Digital rights management: software controlling where, when and by whom files can be opened or used.

° Email hygiene - Service protecting against messaging threats such as spam and viruses.

° Exploit - A tool that automates a hack, typically taking advantage of a vulnerability in the targeted system.

° False positive - Alert from an intrusion detection or email hygiene system when it mistakenly identifies a legitimate event as malicious.

° Keystroke logger - An application that, on entering a host, unobtrusively logs all the user's keyboard presses. See spyware and trojan.

° Logic bomb - Malicious code left behind in an application that 'goes off' at a set time, for example, by deleting valuable files.

° Malware - Generic term for malicious software, such as viruses, worms and Trojan horses.

° Open relay - Misconfigured mail server that enables anyone, but normally spammers, to anonymously route email.

° Phishing - Fraudulent emails purporting to be from a commerce or banking website seeking to trick users into giving away passwords.

° Port scan - An automated scan to find open ports on a network-connected PC or server.

° PKI - Public key infrastructure: encryption key and digital certificate system to check the validity of online exchanges and transactions.

° Script-kiddie - An unsophisticated hacker who uses others' ready-made attack tools.

° Sniffer - An application running in the background that analyses network traffic.

° Social engineering - Persuading naive users to part with crucial information, such as passwords, by non-technical means. See phishing.

° Spyware - Software installed from a website without the user's knowledge and designed to capture personal details. Also known as adware.

° SPIM/SPIT - Spam (unwanted mail) sent via instant messaging (IM) and IP telephony.

° SQL injection attack - Attack that involves inputting SQL code into website log in and password fields, tricking it into granting access.

° SSL - Secure sockets layer: a cryptographic protocol for providing clientless security for Internet communications.

° Trojan horse - An application nefariously loaded on a target system with the intent of executing malicious code or to gain access.

° Virus - A malicious program that attaches itself to legitimate applications, normally with harmful side effects.

° WEP/WPA - Wireless security standards. 'Wired equivalent privacy' provides only basic security, so 'WiFi protected access', which uses 128-bit encryption, has mostly replaced it.

° Worm - A self-replicating virus that automatically duplicates and sends copies of itself either to email addresses or IP addresses.

° Zero-day attack - Exploits a newly discovered flaw before vendors are able to patch it.