Basic Security Terminologies - PART I
In this article, I will be covering some of the basic security terminologies. It will be comprised of two parts.
Since it's gonna be complete theory , I will try to make it as more short and interesting.
It is a possibility of suffering a loss in event of an attack.
It is a piece of a software which will make use of the vulnerability in the system.
For Example 0-day Exploit is one in which the vulnerability will be exploited by the hacker even before it is disclosed. As it can be inferred from the name which is there will be
0 days to mitigate the vulnerability.
It is a weakness present within the software or hardware or application which can be easily exploited as per the needs of the hacker.
Zero-day vulnerability refers to a security hole in software—such as browser software or operating system software—that is yet unknown to the software maker or to antivirus vendors.
This means the vulnerability is also not yet publicly known, though it may already be known by attackers who are quietly exploiting it.
Though sometimes antivirus scanners can still detect a zero day using heuristics (behavior-tracking algorithms that spot suspicious or malicious behavior).
It is basically a self replicating executable piece of code. Once it gets executed , it will affect all the parts of system.
They are basically a virus except it won't modify any of the file system instead it will reside over the computer network and searches for the other computers to which are in the same network.
They can also cause harm to their host networks by consuming bandwidth and overloading web servers.
Famous Worms are ILOVEYOU, Michelangelo, and MSBlast
Link to article : ILOVEYOU -- worm
They are another piece of malware which can allow remote access to the victim's computer. Interesting fact is , it will mask its existence once it enters the system which is gonna make them very hard to find.
A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems.
For Example , You might be downloading application or game or file from torrent that might have trojan embedded in it , but you wouldn't be aware of the trojan until you install the game in your system.
It is basically another malware which will annoy you with series of unwanted advertisements.
Huh! Advertisements how bad it can be ?
Interesting part is with help of the adware they can use it to track the browsing behaviour and information which they can sell it or target the victims with more ads based on the information.
It is another piece of malware which will lock the victims out of their system unless and until the ransom is paid.
Example : WannaCry Ransomware.
This type of malware basically steals the user information without the permissions or sometimes covertly.
Keylogger or keystroke logger is basically a spyware that can record and steal consecutive keystrokes (and much more) that the user enters on a device.
The legality of the keylogger depends on its usage.
Reference Article link : Keylogger
It is a way of bypassing the normal authentication procedures in order to access a system
End of Part I
Hope everyone had interesting read. Please let me know what you think of the article in the comment section. Critics are always welcome.
I will be covering the terminologies related to Network and client side attacks in the next part of the article.
Stay safe and Happy coding y'all 🎉🎉🎉© Karthikeyan.