Information Assurance

What are Zero Day Attacks?

0
1 year ago
by Scott Coughlin in , , , ,

Yesterday, I heard four different people use the term “Zero Day Attack”.  Strangely, only two were in the information technology business.  I figured that it was time to explicitly discuss its meaning.image

The Information Technology (IT) Vocabulary Builder series aims to deliver a very concise summary of a currently relevant topic to Information Professionals.  It is done mostly by collecting a small number of highly relevant web links to save you the time of combing through search results yourself.  

So, what exactly is a “Zero Day Attack”?

This is how Wikipedia defines it:

“A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software developer, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.

The term derives from the age of the exploit. When a developer becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero day" attack occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software.”

Please understand that I am not condoning, approving, or commenting on the morality of this issue, just pointing out a popular word that should be understood by all Information Technology Professionals.

Here are some other great sites that discuss this issue:

I hope that helps you.  Enjoy the new word!

That is my Information Technology Thought of the Day (ITTOD) for March 16, 2010 ©Scott Coughlin.

Image Credit: The Toilette Paper Entrepreneur

What is a Hacktivist?

0
1 year ago
by Scott Coughlin in , , , , ,

The Information Technology (IT) Vocabulary Builder series aims toimage deliver a very concise summary of a currently relevant topic to Information Professionals.  It is done mostly by collecting a small number of highly relevant web links to save you the time of combing through search results yourself.  

I came upon the word, Hacktivism, today, and I honestly had never heard it used before outside of the news.  I surmised that it must be starting to be mainstreamed. 

This is how Wikipedia defines it:

Hacktivism (a portmanteau of hack and activism) is "the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development."[1] It is often understood as the writing of code to promote political ideology – promoting expressive politics, free speech, human rights, or information ethics. Acts of hacktivism are carried out in the belief that proper use of code will be able to produce similar results to those produced by regular activism or civil disobedience.”

Please understand that I am not condoning, approving, or commenting on the morality of this issue, just pointing out a new word that should be understood by all Information Technology Professionals.

Here are some other great sites that discuss this issue:

I hope that helps you.  Enjoy the new word!

That is my Information Technology Thought of the Day (ITTOD) for March 12, 2010 ©Scott Coughlin.

Image Credit: Cafe Press

News Commentary: Cyber Crooks

2
1 year ago
by Scott Coughlin in , , , ,

This morning, CNN.com featured a very thought provoking front page story on Cyber Crime.  What I especially liked was the discussion of return on investment and whether having the police try to catch them was even worth the effort.  I highlight it as a good thought piece for a Monday morning commute.

image

Here is the link to the story –

CNN.com – Is chasing cybercrooks worth it? by John D. Sutter

This week’s arrests of three men in connection with one of the world’s largest computer-virus networks may seem like great news — perhaps even a sign authorities are starting to win the war against cyberthieves.

But the real situation is more complicated.”

I have to admit that I think that the story is a little disingenuous to the whole problem of cyber crime.  I am not so sure that the argument that it is hard, expensive, and confusing is really a good one for not doing it.  It is a very similar argument that those opposed to the “War on Drugs” use to justify legalizing drug use.  Nevertheless, it is a popular, and now public, discussion that information technology professionals should be involved in.

I, for one, think that we need to increase the size of our counter-cyber crime units at all levels of law enforcement.  I believe that there is nothing, but a growth industry when it comes to crime online.  I doubt that we have even seen 1% of what is possible for criminal activity that involves cyberspace.  I say more, not less, engagement is needed by the police.

What do you think about this topic?  Do you agree or disagree with me? Do you have a recommended news story for next week? Please share your ideas below.

That is my Information Technology Thought of the Day (ITTOD) for March 8, 2010  by Scott Coughlin.

Image Credit: Money Magazine

Go to Top