June 2007

  • IP spoofing (IP address forgery or a host file hijack)

    IP spoofing, also known as IP address forgery, is a hijacking technique in which the attacker masquerades as a trusted host to conceal his identity, hijack browsers, or gain access to a network. T...

  • identity chaos (password chaos)

    Identity chaos (sometimes called password chaos) is a situation in which users have multiple identities and passwords across a variety of networks, applications, computers and/or computing devices.

  • footprinting

    In the study of DNA, footprinting is the method used to identify the nucleic acid sequence that binds with proteins.

  • federated identity management (FIM)

    Federated Identity Management (FIM) is an arrangement that can be made among multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all ente...

  • cut-and-paste attack

    A cut-and-paste attack is an assault on the integrity of a security system in which the attacker substitutes a section of ciphertext (encrypted text) with a different section that looks like (but i...

  • cache cramming

    Cache cramming is a method of tricking a computer into running Java code it would not ordinarily run.

  • challenge-response system

    A challenge-response system is a program that replies to an e-mail message from an unknown sender by subjecting the sender to a test (called a CAPTCHA) designed to differentiate humans from automat...

  • certificate authority (CA)

    (CA also stands for conditional access, a term used in DTV.) A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encry...

  • cipher block chaining (CBC)

    Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block).

  • Cyber Storm

    Cyber Storm is the name of a simulated attack exercise conducted by the U.S. Department of Homeland Security (DHS) February 6-10, 2006 to evaluate whether or not the country could withstand a real ...

  • authentication

    Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be.

  • email spoofing

    E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.

  • cracker

    A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.

  • Certificate Revocation List (CRL)

    Certificate Revocation List (CRL) is one of two common methods when using a public key infrastructurefor maintaining access to servers in a network.

  • Certified Information Systems Security Professional (CISSP)

    The Certified Information Systems Security Professional (CISSP) exam is designed to ensure that someone handling computer security for a company or client has mastered a standardized body of knowle...

  • bifurcation

    In the biometric process of fingerscanning, a bifurcation is a point in a finger image at which two ridges meet.

  • BioAPI Consortium

    The BioAPI Consortium is a group of over 90 organizations whose goal is to encourage and promote the growth of biometric technology by developing an industry-wide application programming interface ...

  • Automated Fingerprint Identification System (AFIS)

    The Automated Fingerprint Identification System (AFIS) is a biometric identification (ID) methodology that uses digital imaging technology to obtain, store, and analyze fingerprint data.

  • AAA server (authentication, authorization, and accounting)

    An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services.

  • PCI becoming overly complex and expensive

    The Payment Card Industry Data Security Standard (PCI DSS) had admirable objectives but has lost its way. Today, compliance with the PCI standard is overly complex and costly.