Saturday, April 5


Adware: The difference between Adware and Spyware is very subtle. Both Adware and Spyware is installed without the user’s permission on a machine. An Adware’s main purpose is to display targetted ads based on the user behaviour it is tracking.

It is not uncommon for people to confuse “adware” with “spyware” and “malware”, especially since these concepts overlap. For example, if one user installs “adware” on a computer, and consents to a tracking feature, the “adware” becomes “spyware” when another user visits that computer, and interacts with and is tracked by the “adware” without their consent.

BackDoor: A backdoor is a program designed to give access to the attacked host at a later point of time. These backdoors use well known ports such as 80 or 445. However the most common port used by Backdoor programs is 6667 or the port used by Internet Relay Chat(IRC) which is a camping ground these days for Botnet farmers. These backdoors are used by attackers when lauching DDoS attacks

Black Box Penetration Testing: In this model, there is no interaction between the company and the tester. This means no interviews, no network layouts…nothing. This is the better form of testing as this does not warn the employees who might behave more vigilantly than they might otherwise have been. This form of testing allows a company to see how it might respond to an attack as well as get a better assessment of its security policies as the employees are not forewarned.

Buffer Overflow: A buffer overflow occurs when a program writes more data in memory than it was initally alloted(bufffer space). In the example shown below, a buffer overflow is caused if a user enters a string of more than 20 characters. 19 or less does not cause an overflow

Computer Virus: A Virus is a computer program which attaches itself to an executable file or an application. A computer virus is not standalone and needs a host file or program to work or replicate.

Cracker: Hackers who break into computer systems with the intent of doing harm or destroying data.

Denial-of-service attack: A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet.

Distributed Denial-of-service attack(DDoS): A distributed denial of service attack (DDoS) occurs when multiple compromised systems flood the bandwidth or resources of a targeted system, usually a web server(s). Script kiddies use them to deny the availability of well known websites to legitimate users. More sophisticated attackers use DDoS tools for the purposes of extortion — even against their business rivals.

Hacker: A Hacker is someone who tries to access a computer or a network without prior approval of the systems owner

Malware: Malware is any malicious software designed to disrupt the working of a network. Virus, worms and Trojans fall under the category of Malware.

Ping-of-Death attack: A ping of death (abbreviated “POD”) is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. A ping is normally 64 bytes in size; many computer systems cannot handle a ping larger than the maximum IP packet size, which is 65,535 bytes. Sending a ping of this size often crashes the target computer.

Traditionally, this bug has been relatively easy to exploit. Generally, sending a 65,536 byte ping packet is illegal according to networking protocol, but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often causes a system crash. For more information on this attack read RFC 791

Penetration Test: In a Penetration test, you the tester are trying to break into a network and gain access to their systems, trying to understand and find its weakest link.

Ports: A port is a logical component of the TCP connection. Learning more about ports will help you better defend your network by closing off ports and services which are not required. You can read more about ports particularly the well known ports at Internet Assigned Numbers Authority(IANA). Remember, if a port is open, even something like port 80 which you use to access the internet, if you can get out, then a Hacker can get in.

RootKit: A root kit is a collection of programs that intruders often install after they have compromised the root account of a system. RootKits are the deadliest of the Trojan horses as they are almost impossible to detect because of their ability to hide and integrate within the OS. Read this article on How to detect and clean a rootkit on your machine.

Spyware: Spyware is a program or software that resides on an infected computer and collects various information about the users without their informed consent. This personal information is secretly recorded with a variety of techniques, including logging keystrokes, recording Internet web browsing history, and scanning documents on the computer’s hard disk. Purposes range from overtly criminal (theft of passwords and financial details) to the merely annoying (recording Internet search history for targeted advertising, while consuming computer resources)