In/Ex formation technology words
Everything you always wanted to know about Information and Exformation Technology words, phrases, and slang but were afraid to ask
- Agent Name
- The name of the crawler/spider/bot that is currently visiting a page/site. A spider is a robot, hence the alias "bot", sent out by search engines to index websites on the internet. When a spider indexes a particular website, this is known as 'being spidered'. So this is the spy you aren't noticing, and it can itch. It seems to think it is smaller than it is and that we can't see it. And we can see it (some are indeed too small), and we can tell it not to come back. We can also invite them "looking-us-overs". Preferably the non-poisonous ones. Search engine agents welcome, "vampirous" spam bots not, unless we are in for a game and show of our own claws and teeth (hacking skills).
- AJAX
- Means Asynchronous JavaScript And XML. AJAX allows JavaScript scripts to send data requests and receive responses without having to reload an entire page. No long waiting times in between "being served" by a website.
- CSS
- Can mean either Cascading Style Sheet or Cross Site Scripting. Some security people refer to Cross Site Scripting as XSS so as to prevent such confusion.
Cascading Style Sheets allow for control of style and layout of multiple Web pages all at once. Cascading Style Sheets work just like a template. When you want to make a change, you simply change the style, and that element is updated automatically wherever it appears within the site. The World Wide Web Consortium (W3C) has recommended Cascading Style Sheets as an industry standard.
For Cross Site Scripting see XSS entry of this Glossary which contains links for more information also.
- Data modification or destruction
The general risks posed to a network by an unauthorized user includes: unauthorized use of network resources to transport data, modification or deletion of data, disclosure of data, and use of network resources to deny legitimate use of services.
These threats can happen when changing or deleting sensitive fields in a message, like labels, attributes, recipient address, and originating address/identity. These threats can also occur as random modifications of valid messages, data or programs.
- Deduction of information
When the distribution of publicly available summaries (statistical data) can be derived from individual items in a database by users or programs, an illegal user can reconstruct individual values of original information by processing enough summaries, in statistical (deduction by inference) or analytical (trackers) ways.
- Glossary
- Normally a glossary would mean something along the lines of "brief explanation of words used in the text". Our wyrd glossary means, "a wyrd brief explanation of words used in texts". Links to other, more serious, glossaries: Google search glossary IT and SEO (Thank you Rick Brenner, for the link)
- Illegal association
This threat may occur if and when an intruder -- an illegal entity -- conforms to the rules of authentication and access control, yet violates the authentication or authorization policies -> altering identification information or providing an illegal identity. This may cause establishment of illegal logical relations (associations) between network entities and resources.
- Illegal modification of programs
Illegal modification of programs allows a computer to be used with different proprietary software and also for example, could allow increasing the number of licensed users that can access a particular system or program at any given time. These illegal modifications are accomplished without the knowledge or consent of its owner. It is aimed at programs stored in libraries, and may destroy modules of the host operating systems, communications software, or user application software.
This threat is currently known in several forms like viruses, Trojan horses and worms, and can be posed by users or programs.
- Invalid message sequencing
Illegal modification, deletion, re-ordering or playback (replay) of a valid sequence of messages in a communication system by users or programs.
- Leakage of information
This problem may take on a variety of forms including loss of confidentiality, loss of anonymity (when it is a security requirement) and also misappropriation of messages or data records when some network user other than the intended recipient, receives a message or accesses a database by unauthorized means.
The latter can lead to cases of masquerade, misuse of legal user credentials, or an incorrectly functioning network component.
All are dependent on existing vulnerabilities to authorization threats of social networking sites over which we, as users or as developers of another site, have no control.
Threats can come from users or programs targeting messages in a communication system or data in databases.
- Masquerading
This occurs when some legal entity, be that a user or a program successfully pretends to be a different entity. This threat may take on the following forms: impersonation and misuse of credentials of someone else, incorrectly executed log-in procedures, false claims of the origin of an entity or its parameters, impersonation of supervisory entities to users, and simply impersonation of one user to another network user.
- Repudiation
This occurs when some network user falsely denies submitting or receiving a message, or denies participation in an action or association. These threats take on the form of denial of origin, denial of delivery, denial of submission, and denial of a specific action.
This can come from a user or a program.
- SEO
- Search engine optimization: strategies and tactics undertaken to influence the rankings of web pages in search engines. So really, this is about dressing up and using formal language (or language you believe search engines would like to hear) to impress the Search Engines to get them to prefer your website. Sadly for a lot of youngsters and immature men, search engines evolved, matured, and still wish a lot of partners, but just the authentically individuated mature yet playful men are really taken unseriously serious.
- Traffic analysis
An intruder, which may be a user or a program, observes protocol control information or the lengths, frequency, sources and destinations of transmitting messages in a communication system.
- XSS
From XSSed:
"Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website.Many popular guestbook and forum programs allow users to submit posts with html and javascript embedded in them. If for example I was logged in as "john" and read a message by "joe" that contained malicious javascript in it, then it may be possible for "joe" to hijack my session just by reading his bulletin board post."
Often attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool a user in order to gather data from them. Everything from account hijacking, changing of user settings, cookie theft/poisoning, or false advertising is possible. New malicious uses are being found every day for XSS attacks. The post below by Brett Moore brings up a good point with regard to "Denial Of Service", and potential "auto-attacking" of hosts if a user simply reads a post on a message board: http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0311.html
