ch 19 vocab Flashcards
data harvesters
cybercriminals who infiltrate systems and collect data for illegal resale
cash-out fraudsters
criminals who purchase assets from data harvesters to be used for illegal financial gain; actions include using stolen credit card numbers to purchase goods, creating fake accounts via identity fraud, and more
botnets
hordes of surreptitiously infiltrated computers, linked and controlled remotely, aka zombie networks
distributed denial of service (ddos)
an attack where a firm’s computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site’s use; attacks are often performed via botnets
hacktivists
a protester seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage
hacker
a term that, depending on the context, may be applied to either (1) someone who breaks into computer systems, or (2) a particularly clever programmer
hack
a term that may, depending on the context, refer to either (1) breaking inso a computer system, or (2) a particularly clever solution
white hat hackers
someone who uncovers computer weaknesses without exploiting them; goal is to improve system security
black hat hackers
computer criminals
phishing
a con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software
spoofed
term used in security to refer to forging or disguising the origin or identity; email transmissions and packets that have been altered to seem as if they came from another source are referred to as being this
zero-day exploits
attacks that are so new that they haven’t been clearly identified, and so they haven’t made it into security screening systems
biometrics
technologies that measure and analyze human body characteristics for identification or authentication; might include fingerprint readers, retina scanners, voice and face recognition, and more
multi-factor authentication
when identity is proven by presenting more than one item for proof of credentials; often include a password and some other identifier such as a unique code sent via email, or mobile phone text, a biometric reading (ex: fingerprint or iris scan), a swipe or tap card, or other form of identification
voice-print
technology that identifies users via unique characteristics in speech
captchas
an acronym standing for completely automated public turing test to tell computers and humans apart; the turing test is, rather redundantly, an idea (rather than an official test) that one can create a test to tell computers apart from humans
dumpster diving
combing through trash to identify valuable assets
shoulder surfing
gaining compromising information through observation (as in looking over someone’s shoulder)
encryption
scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key
key (encryption)
code that unlocks encryption
brute-force attacks
an attack that exhausts all possible password combinations in order to break into an account; the larger and more complicated a password or key, the longer a brute-force attack will take
public key encryption
a two-key system used for securing electronic transmissions; one key distributed publicly is used to encrypt (lock) data, but it cannot unlock data; unlocking can only be performed with the private key; the private key also cannot be reverse engineered from the public key; by distributing public keys, but keeping the private key, internet services can ensure transmissions to their site are secure
certificate authority
a trusted third party that provides authentication services in public key encryption schemes
firewalls
a system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use
