The Security Guide Security Guide RSS Feed


Internet and Data Security Knowledgebase

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 


CSIA The Cyber Security Industry Alliance is an international public policy advocacy group dedicated to ensuring the privacy, reliability and integrity of information systems.
Captcha Relay Attacks One way people have managed to get around captchas is by using relay attacks.
The bad guy creates a web site asking users to create accounts to access it, usually something that will attract a lot of people quickly such as porn.
Then they link their account creation page to a legitimate site's login page, such as Yahoo! Mail.
As the user creates an account on the bad guy's site, he answers his captcha, which is in fact Yahoo!'s captcha, and in turn unknowingly creates yet another spam email account for the bad guy.
Captcha objects Some sites, especially banks and financial sites, use images of things instead of words. They ask you to memorize the look of a bird, and then confirm that you see the bird as you login.
This is fundamentally flawed, as a true captcha requires the images to be automatically generated. If the images have to be manually made by humans, that means there is a finite number of such images.
If the site has, let's say, 100 different bird pictures, then all the bot maker has to do is go through the 100 images and code them inside his program.
Captchas Captchas are those images you see on many sites with letters and numbers, where the site asks you to type them in. The purpose of this is to prove that you are a human.
The web has always been plagued by automated software, robots, that go around various sites and create fake usernames to send spam from.
The idea was that by requiring text from an image to be typed in, the robot would not be able to do it. The problem is that text recognition technology is pretty advanced.
Spammers have started including such technology into their software, and can keep up with the advancements in captchas. The majority of captchas used on the web can be beaten by some of those bots.
Catchall mailbox Catchall mailboxes are email mailboxes that receive all email messages which do not have a named mailbox.
Certificate An encrypted file containing user or server identification information, which is used to verify identity and to help establish a security-enhanced link.
Cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption and decryption รน a series of well-defined steps that can be followed as a procedure.
Cloud Computing Cloud computing is a general concept that incorporates software as a service, Web 2.0 and other recent, well-known technology trends, where the common theme is reliance on the Internet for computer applications.
For example, Google Apps provides common business applications online that are accessed from a web browser, while the software and data are stored on the servers.
Cookie A small data file that is stored on a user's local computer for record-keeping purposes and which contains information about the user that is pertinent to a Web site, such as user preferences.
Cost Cost is often a significant factor that affects the amount of security and usability that can be achieved.
Cracking Finding a password by trying many combinations and words.
Cross Side Scripting Cross Side Scripting (XSS) is the act of injecting JavaScript code in a web site, to make it do something that wasn't intended, such as redirecting information to other sites.
Such a vulnerability would allow an attacker to use a legitimate site, and trick it's users to send their browser cookies to his own web site, thus stealing their session ID and impersonating them on the legitimate site.
Cryptography The practice and study of hiding information. In modern times, cryptography is considered a branch of both mathematics and computer science, and is affiliated closely with information theory and computer security.

© RuleWorks - All Rights Reserved - Policy -