|
Network Chico security
terms glossary
| @ | A
| B | C | D
| E | F | G | H | I
| J | K | L
| M | N | O
| P | Q | R
| S | T | U
| V | W | X
| Y | Z |
Welcome to the Network Chico
computer security terms glossary.
=E=
EEPROM: Electrically
Erasable and Programmable Read-Only Memory. A type of ROM
whose contents are non-volatile but modifiable through the application
of appropriate chip reprogramming voltages. EEPROM was an advance
on EPROM technology, replacing the requirement for a source of
ultra-violet light with a purely electronic mechanism to erase
a chip's contents. Some early 'updatable BIOSes' were shipped
on EEPROM chips, but flash memory has become the preferred non-volatile
memory technology for holding BIOSes in recent years.
EICAR: European Institute for Computer Antivirus Research.
A group of academics, researchers, law enforcement specialists
and other technologists united against 'writing and proliferation
of malicious code like computer viruses or Trojan Horses, and,
against computer crime, fraud and the misuse of computers or
networks' (to quote from the mission statement on the EICAR web
site).
E-mail Worm: A commonly
used misnomer for mass mailing viruses.
Embedded tags or cross site scripting:
This vulnerability occurs when a web server performs inadequate
checks on content provided by third parties. A remote attacker
may be able to embed a script in a piece of text which is then
reproduced onto a web site. Legitimate users of the system may
then inadvertently run the script when the innocently connect
to the attackers information.
Emulator: A commonly used
method for detecting polymorphic viruses is to simulate running
part of a program's code in an emulator. The purpose is to see
if the code decrypts known virus code. There are several essentially
irresolvable issues with emulator design. For example, ensuring
they don't run for 'too long' on each file thus slowing the scanner
down, and making them complex enough to include sufficient aspects
of the environment they simulate that anti-emulation and emulation
detection techniques employed in some viruses do not reduce their
usefulness.
Encrypted Virus: An early
attempt at evading scan string driven virus detectors was self-encryption
with a variable key. Cascade was the first example of an encrypting
virus, but this approach was not much of a challenge to scanners
as the decryption code of such viruses is constant across replicants
and thus can be used as a scan string. Of course, if another
virus or program uses the same decryption routine, precise identification
of each would require reliably detecting more than just the common
decryption code. Extending the idea of an encrypting virus so
as to beat the limitation of scanners detecting just the decryption
code resulted in the development of polymorphic viruses.
Encryption Tool: Any software
that can be used to scramble documents, software, or systems
so that only those possessing a valid key are able to unscramble
it. Encryption tools are used to secure information; sometimes
unauthorized use of encryption tools in an organization is a
cause for concern.
Entry Point Obscuring Virus:
One technique virus writers have tried to make it more difficult
for a scanner to detect a virus is entry point obscuration. Simple
parasitic viruses alter the code at the entry point of their
hosts in some way. Some alter the fields in the executable's
header so the pointer to the start of the program's code points
to where the virus' code has been inserted or added to the file.
Others leave the header alone, but alter the original program
code at the entry point itself, either inserting the virus there,
or inserting or overwriting code to jump to the virus' code elsewhere
in the executable. These approaches pose no problems for virus
scanners as most scanners adopted entry point tracing techniques
long ago to speed up their scanning. Entry point tracing meant
that instead of grunt scanning a whole executable file, only
the parts of an executable that were likely to contain a virus'
code were scanned. Entry point obscuring (EPO) viruses employ
various methods in attempts to complicate entry point tracing,
by inserting the virus' code elsewhere in the target executable
than at the entry point of the host program's code. Several approaches
have been used. The crudest is randomly inserting the virus'
code into the target and 'hoping' both that this does not corrupt
the program and that execution branches through the code at the
insertion point often enough to give the virus a chance to replicate.
More sophisticated methods involve disassembling the host looking
for a suitable code sequence (such as an interrupt call or a
long jump) to replace with a call to the virus. A minor variation
on this, but easier to implement, is to simply scan the host
for a suitable byte sequence. However, this involves the risk
that the target sequence may be found somewhere that it does
not represent the intended machine code sequence and thus infection
will corrupt the executable. The first viruses to use EPO techniques
were Omud and Lucretia.
EPO: Entry Point Obscuring.
EPROM: Erasable and
Programmable Read-Only Memory. A type of ROM whose contents
are non-volatile but modifiable through the application of appropriate
chip reprogramming voltages. Before reprogramming an EPROM, it
has to be exposed to source of ultra-violet light. Some early
'updatable BIOSes' were shipped on EPROM chips, but EEPROMs became
more popular. More recently, flash memory has become the preferred
non-volatile memory technology for holding BIOSes.
Error Hijacker: Any software
that resets your browser's settings to display a new error page
when a requested URL is not found. Hijacks may reroute your info
and address requests through an unseen site, capturing that info.
In such hijacks, your browser may behave normally, but be slower.
Exploit: A way of breaking
into a system. An exploit takes advantage of a weakness in a
system in order to hack it. Exploits are the root of the hacker
culture. Hackers gain fame by discovering an exploit. Others
gain fame by writing scripts for it. Legions of script-kiddies
apply the exploit to millions of systems, whether it makes sense
or not. Since people make the same mistakes over-and-over, exploits
for very different systems start to look very much like each
other. Most exploits can be classified under major categories:
buffer overflow, directory climbing, defaults, Denial
of Service.
| @ | A
| B | C | D
| E | F | G | H | I
| J | K | L
| M | N | O
| P | Q | R
| S | T | U
| V | W | X
| Y | Z |
|
