° Brute force – Automated method of cracking a password by trying every possible combination until the correct one is discovered.
° Buffer overflow – Classic attack requiring intimate knowledge of the targeted application, exploiting a common programming error. By sending more data to a field than the programmer has allowed for, and including malicious code in that data, it ‘overflows' into related program areas, and the malicious code executes.
° Data driven attack – Bypasses standard security measures by inserting data in web forms that can form the basis of a malicious attack on the back-end system or database.
° Deperimeterisation – Security philosophy advocating removal of firewalls, replacing them with data-level security to enable closer, secure collaboration of separate organisations.
° Distributed denial of service – A simple attack that floods a router, network or web server with more traffic than it can handle, often leveraging a ‘zombie army' of broadband-connected PCs infected with Trojan horses.
° DMZ – Demilitarised zone: a buffer zone between a company network and the Internet.
° DRM – Digital rights management: software controlling where, when and by whom files can be opened or used.
° Email hygiene – Service protecting against messaging threats such as spam and viruses.
° Exploit – A tool that automates a hack, typically taking advantage of a vulnerability in the targeted system.
° False positive – Alert from an intrusion detection or email hygiene system when it mistakenly identifies a legitimate event as malicious.
° Keystroke logger – An application that, on entering a host, unobtrusively logs all the user's keyboard presses. See spyware and trojan.
° Logic bomb – Malicious code left behind in an application that ‘goes off' at a set time, for example, by deleting valuable files.
° Malware – Generic term for malicious software, such as viruses, worms and Trojan horses.
° Open relay – Misconfigured mail server that enables anyone, but normally spammers, to anonymously route email.
° Phishing – Fraudulent emails purporting to be from a commerce or banking website seeking to trick users into giving away passwords.
° Port scan – An automated scan to find open ports on a network-connected PC or server.
° PKI – Public key infrastructure: encryption key and digital certificate system to check the validity of online exchanges and transactions.
° Script-kiddie – An unsophisticated hacker who uses others' ready-made attack tools.
° Sniffer – An application running in the background that analyses network traffic.
° Social engineering – Persuading naive users to part with crucial information, such as passwords, by non-technical means. See phishing.
° Spyware – Software installed from a website without the user's knowledge and designed to capture personal details. Also known as adware.
° SPIM/SPIT – Spam (unwanted mail) sent via instant messaging (IM) and IP telephony.
° SQL injection attack – Attack that involves inputting SQL code into website log in and password fields, tricking it into granting access.
° SSL – Secure sockets layer: a cryptographic protocol for providing clientless security for Internet communications.
° Trojan horse – An application nefariously loaded on a target system with the intent of executing malicious code or to gain access.
° Virus – A malicious program that attaches itself to legitimate applications, normally with harmful side effects.
° WEP/WPA – Wireless security standards. ‘Wired equivalent privacy' provides only basic security, so ‘WiFi protected access', which uses 128-bit encryption, has mostly replaced it.
° Worm – A self-replicating virus that automatically duplicates and sends copies of itself either to email addresses or IP addresses.
° Zero-day attack – Exploits a newly discovered flaw before vendors are able to patch it.