- There is NO SUCH THING. The best you can do is to be as "secure as possible" by being careful and paying attention. Life always has risks - the internet is no different. So, "be careful out there"...
- short for "robot". A bot is a machine that has been successfully infected with malware that allows another computer to control it. The controlling computer is usually in control of many bots, and is referred to as a C&C
machine. The C&C machine can use its army of bots to perform profitable tasks - relaying email spam, scanning networks for vulnerable machines, performing denial of service attacks, etc.
- A (usually large) number of computers (see: bot
) on the internet that have been taken over by an attacker. These computers operate on commands sent from the attacker's computer, called a C&C
computer. These commands will cause the bots to spread viruses to other computers, or transmit spam emails, etc. (anything that can make money for the attacker).
- A release (intentional or unintentional) of secure or private information to any entity not authorized to access that information. This can range from social security numbers to classified or other confidential information (trade secrets, business plans, etc.)
- Command and Control - a computer that controls multiple bot
computers, and coordinates their usage.
- A technique that mathematically encodes your data before it is sent between your browser and the web site that you are currently visiting. Strong encryption makes it nearly impossible for anyone except the intended party to decode your data. So if someone "taps" your connection, they will not be able to decode the data that they intercept via the "tap". Note that there are some encryption methods that are "weak", which means that the are easy to crack. So you want to use "strong" only encryption.
- A browser protocol that uses SSL
encryption to protect data from being used by any other than the intended party. If an attacker accesses the data stream of an SSL session, the data will appear to be "gibberish", because it is encrypted.
- A criminal can use information about you (perhaps gleaned from social web sites, banks, retail organizations, etc., that have been hacked) to apply for credit cards, driver's license, bank loans, etc., in your name. The criminal can then use these assets to impersonate you - withdraw money from your bank accounts, charge credit cards to their limit (then throw them away, leaving you to pay the bill if you can't prove that you didn't purchase the items), use the bank loan to vacation in the Maldives, or whatever.
- A program that intercepts every keyboard character that you type, and sends it to an attacker. Key loggers can be installed on your computer without you knowing it if you visit an "evil" web site. Key loggers may be installed on other computers as well - like any public computer (library, school, elsewhere). This is one (really good) reason to NEVER transact any important business or financial transaction from a public computer.
- Malicious software. This includes any programs that disrupt your computer. Some are merely nuisance programs (consume large amounts of processing power), and others attempt to "cash in" somehow - perhaps search for PII
on our computer and send any discovered data to a C&C
computer, or use your computer as a "bot
" to perform other profitable activities, etc.
Personally Identifiable Information
- Any piece of information that can be used directly or indirectly to identify, locate, or contact a particular person.. Examples include name, social security number, medical information, IP address, etc.
- An attack that alters the destination for chosen URL
s. This can be accomplished by altering the IP address for the URL(s) in DNS servers (similar to changing the telephone number for someone in the phone book), or by altering the DNS cache in user's routers (which is another reason that you need to secure your router!). This causes a user attempting to connect to a specific Url - like "mybank.com" to be sent instead to an attacker chosen site.
- an email technique that tricks, scares, or confuses a victim into providing confidential information to an attacker. For example, an attacker may send an email warning you that your bank account has had suspicious activity, and that you should "click on the link provided below" to access your account and change your password. If you click on the link, you will go to a page that looks just like
your bank login screen - but in reality, the page is a fake under the control of the attacker. When you "login" to this fake page, you have provided everything needed for the attacker to access your account on the real web site - in this case giving the attacker access to your real bank account. The attacker can now drain your account, using your supplied credentials.
- see: Personally Identifiable Information
that encrypts the data on your hard drive, then requires you to purchase the decryption key. In effect, your data is "held hostage" (because you can't read it while it's encrypted), and you pay a ransom in order to "get your data back" (you can decrypt and use your data once you purchase the decryption key).
- A form of phishing that uses SMS "texting" instead of email to hook victims into clicking a link to an attacker site, or calling an attacker telephone number (may be a 900-type number that allows the attacker to collect a fee, or provide you with instructions tohat lead you to other attack vectors)
- like phishing, but targeted at specific types of individuals that should represent a higher payoff if "hooked". The spearphishing victims are usually members of a group that can provide the attacker something that the attacker is interested in obtaining. For example, the email may be aimed at web site administrators (goal: admin access to systems), or potential loan applicants (goal: identity theft), etc.
- An acronym for S
ayer. SSL allows your web browser to use encryption to transfer all data to/from an SSL enabled web site. Most web sites that handle sensitive information (bank, insurance, medical, etc.) use - or should
use - SSL to protect sensitive information (if you visit a site that wants or has your personal information, but does NOT use SSL or other security measures to protect your data, consider removing your data from that site and changing to a site that DOES protect you). Encrypted data will appear to be gibberish to anyone who does not know the "decode key", making any intercepted data useless to criminals.
- An acronym for T
ecurity. TLS is the successor to SSL. Like SSL, it encrypts data during transfer, but adds improved (stronger) encryption algorithms to accomplish better encryption than SSL, and corrects known SSL vulnerabilities, so is safer.
- Acronym for "U
ocator". On the internet, this is usually the "name" of a web asset that can be a web site (like: www.google.com), a particular web page on a web site (like: http://www.webopedia.com/TERM/U/URL.html) , a particular picture (like: https://farm8.staticflickr.com/7380/10007523486_abda3d86d7_z.jpg), etc.
- A form of spearphishing
that targets corporate executives (goal: access to high-level corporate information for espionage or insider trading, etc.)