June 2007 | Archive by Month | SearchSecurity.com | Page 7

June 2007

  • federated identity management (FIM)

    Federated Identity Management (FIM) is an arrangement that can be made among multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all ente...

  • IP spoofing (IP address forgery or a host file hijack)

    IP spoofing, also known as IP address forgery, is a hijacking technique in which the attacker masquerades as a trusted host to conceal his identity, hijack browsers, or gain access to a network. T...

  • certificate authority (CA)

    (CA also stands for conditional access, a term used in DTV.) A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encry...

  • cipher block chaining (CBC)

    Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block).

  • cache cramming

    Cache cramming is a method of tricking a computer into running Java code it would not ordinarily run.

  • cut-and-paste attack

    A cut-and-paste attack is an assault on the integrity of a security system in which the attacker substitutes a section of ciphertext (encrypted text) with a different section that looks like (but i...

  • challenge-response system

    A challenge-response system is a program that replies to an e-mail message from an unknown sender by subjecting the sender to a test (called a CAPTCHA) designed to differentiate humans from automat...

  • Cyber Storm

    Cyber Storm is the name of a simulated attack exercise conducted by the U.S. Department of Homeland Security (DHS) February 6-10, 2006 to evaluate whether or not the country could withstand a real ...

  • email spoofing

    E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.

  • cracker

    A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.

  • Certificate Revocation List (CRL)

    Certificate Revocation List (CRL) is one of two common methods when using a public key infrastructurefor maintaining access to servers in a network.

  • Certified Information Systems Security Professional (CISSP)

    The Certified Information Systems Security Professional (CISSP) is an information security certification that was developed by the International Information Systems Security Certification Consortiu...

  • BioAPI Consortium

    The BioAPI Consortium is a group of over 90 organizations whose goal is to encourage and promote the growth of biometric technology by developing an industry-wide application programming interface ...

  • Automated Fingerprint Identification System (AFIS)

    The Automated Fingerprint Identification System (AFIS) is a biometric identification (ID) methodology that uses digital imaging technology to obtain, store, and analyze fingerprint data.

  • bifurcation

    In the biometric process of fingerscanning, a bifurcation is a point in a finger image at which two ridges meet.

  • AAA server (authentication, authorization, and accounting)

    An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services.

  • Interview: FDIC director explains FFIEC standard

    Michael L. Jackson, associate director of the FDIC, helped develop FFIEC, which aims to make online banking safer by forcing financial institutions to assess the risks in their environments and imp...

  • Product review: nCircle Configuration Compliance Manager

    nCircle Configuration Compliance Manager brings policy compliance and secuirty management into one centralized software suite. It provides vulnerability scanning via third-party scanners such as Ne...

  • PCI becoming overly complex and expensive

    The Payment Card Industry Data Security Standard (PCI DSS) had admirable objectives but has lost its way. Today, compliance with the PCI standard is overly complex and costly.

  • Viewpoint: Blame software insecurity on project managers