We try to be as jargon free as possible, but in the world of internet security, technical terms cannot be avoided. We’ve therefore created this glossary where we explain common terms that you are likely to come across in the world of cyber security.
Ad injection is a black hat technique where ads are secretively inserted into a webpage without the website owner’s knowledge or permission. According to Google, over 50,00 browser extensions and more than 34,000 software applications engage in the practice. With ad injection, ads can be inserted on top of those that already appear, obscuring the original ads, replace ads entirely or get shown on pages that weren’t meant to show ads.
An anonymizer is a collective term to describe a tool such as a VPN that you can use to make your activity on the Internet untraceable. An anonymizer accesses the Internet on your behalf, protecting your personal information by hiding your identifying information. It does this by masquerading your real Internet Protocol (IP) address and substituting it with another IP address, making it difficult to for hackers and other cybercriminals to target you online.
Furthermore, an anonymizer can be used to bypass censorship in countries where internet access is restricted, allowing access to online information. Note that when you use any type of anonymizer, your internet speed is going to be reduced because you are now going through at least one extra layer of security.
There are two types of anonymizers. The single point anonymizer passes your browsing through a single point such as a proxy server to protect your identity. The networked anonymizer such as a VPN transfers your communication through a network of computers.
Biometric authentication involves the use of biometric data such as the face, fingerprint or voice as part of the two-factor authentication in order to get access to restricted accounts.
A bot is a type of application that has been programmed to perform a series of automated and repetitive tasks on behalf of humans on the internet. More than half of the internet’s traffic consists of bots performing one type of task or another, depending on what they have been programmed to do.
Types of bots
There are several types of bots on the internet which can be good or bad, depending on how they have been programmed. Here are examples of different types of bots.
- Search engine bots
- Informational bots
- Transactional bots
- Malware bots
A botnet (also known as a zombie network) is a network of thousands of remote-controlled malware bots that the owner remotely manages using a server which functions as a control and command centre.
Cybercriminals use social engineering tactics to breach the security of users’ computers and turn these machines into malware bots that can be used as part of a botnet. Once infected, the devices can continue to act perfectly normal with no symptoms or warning signs.
A cookies is a small text file that collects certain pieces of information about you when you visit a website. Every time you navigate to a website for the first time, cookies are created by your browser and saved to your computer. When you return to the website, the cookies will help it to remember certain things such as login details, information about the pages you visited and create customized web pages and ads tailored to your online preferences. The main objective with cookies is to increase the speed with which you visit that same website again.
Cookie syncing is a user identification and data collection process that is used to enhance the effectiveness of online advertising campaigns. It allows the entities that are tracking you online to share the information they have about you, and link together the IDs they’ve created to identify your device. They can compare notes and build a better profile of you, all of which is done without your knowledge or approval.
Canvas fingerprinting is a type of browser fingerprinting technique designed to uniquely identify and track visitors to a particular website without having to use browser cookies. When one of these scripts is running on a website you visit, it will instruct your browser to draw an invisible image behind the scenes. This action is completely invisible to you. Because every device will draw this image in a unique way, this process can be used to effectively create a fingerprint for your device. Your browsing can then be tracked using this fingerprint whenever you are online.
Every web server has a daemon which is a program that is designed to wait specifically for HTTP requests and then handle them when they arrive. That’s it’s job. Now your web browser whether it’s Firefox or Google Chrome or Safari is an HTTP client, and they make requests to the web server on your behalf. So when you enter a particular site or click on the hyperlink of a web site, your browser builds an HTTP request and sends it to the IP address indicated by the URL that you’ve added to the browser. The daemon will receive your request and send back the requested file or files associated with your request.
Data harvesting is the process of extracting data from specific websites with the use of malicious bots. For example, data can be collected from users of a particular app or social media site like Facebook or Twitter. That data is then analyzed and processed. The end result is a user profile which includes user details such as age, gender and location. Now, that profile of that individual can be used to determine things like what that individual would be likely to buy in the future, if they’re likely to take out a financial loan or the kind of causes are likely to support, the kinds of politicians they are likely to vote for, etc.
A DDoS (Distributed Denial-of-Service) attack is a malicious attempt to render a website or online service inoperable by overwhelming the bandwidth of the targeted system. According to the Q2 2018 Threat Report, the number of distributed denial-of-service (DDoS) attacks increased in size by 500%.
DNS stands for Domain Name System, and it is responsible for translating domain names into IP addresses. So, if you wanted to go to www.dreamspath.com which has an IP address of 18.104.22.168, DNS would translate www.dreamspath.com into 22.214.171.124. Web servers and browsers don’t understand names; they only understand IP addresses. Without DNS, the alternative would be to memorize and type in an IP address whenever you want to navigate to a particular website. It is essentially the phonebook of the internet.
Now, the domain name system isn’t just one large central database that has a list of all of websites and corresponding IP addresses. It delegates the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. There are several DNS servers all over the world that can help you map IP addresses to domain names.
A DNS leak refers to a vulnerability in a VPN through which the real identity of a user is revealed. DNS requests are revealed to ISP DNS servers, despite the use of a VPN service to attempt to conceal them. This flaw allows an ISP and other eavesdroppers to track websites a user may be visiting. Normally, the VPN automatically changes the ISP DNS to the anonymous VPN DNS. In a DNS leak, however, the browser’s DNS requests are sent to the ISP DNS server directly bypassing the VPN. You can perform standard tests at www.dnsleak.com or www.dnsleaktest.com.
Domain spoofing is when cybercriminals try to deceive users by faking the name of a legitimate website. The main objective of domain spoofing is to fool users into interacting with the malicious website as if it were the legitimate site. It is used to steal personal information such as login credentials or credit card info, or trick the visitor into downloading malware onto their computer.
Here are examples of how spammers may spoof the domain name in order to trick you into clickingon it.
- https://fa-cebook.com -> “fa-cebook.com” is not the same as “facebook.com”
- https://facebook.com.realwebsite.com — “realwebsite.com” is the main website. Note that “facebook.com” here, is a subdomain of “realwebsite.com”
- https://facebook.co — “facebook.co” is not the same as “facebook.com”
- https://www-facebook.com — “www-facebook.com” is not a subdomain of “facebook.com”. Note the hyphen in “www-facebook.com”. A genuine subdomain would be separated from the main website domain (SLD) by a period like in “www.facebook.com”.
- https://faceboek.com — Note that the “o” in the domain name has been replaced with “e”.
Drive-by Download Attack
A drive-by download attack refers to the inadvertent download of malicious code to your PC or mobile device that exposes you to a cyberattack. This virus starts to infect your PC as soon as you navigate to a particular website. A drive-by download doesn’t rely on you to click on anything, press download, or open an email attachment to actively enable the attack. These downloads can be on any site, including safe, legitimate sites. This also includes downloads of bundled software onto a computing device that leaves you vulnerable to a cyber-attack.
Some password managers provide the ability to grant one-time access to your Vault to one or more designated users. You can also specify an access delay. This means that the user you have designated tries to gain access to your information, that person would have to wait a specified time period of your choosing. During this period of time (e.g. two hours), you have the power to decline the requested access. If you do not deny the request within the specified time period, the emergency access user will be able to access your Vault.
Encryption is the process of converting your data (such as a text message or email) into unreadable format so that its content cannot be understood even if it intercepted by hackers. When you need to send a confidential mail and you use a program that obscures the content of that email, that is an example of encryption.
Geo-blocking refers to the process of limiting access to certain online services based on geographic location. These include streaming video services like Netflix, Hulu and BBC iPlayer, dating sites, news sites, etc. For example, if you live in the UK, you won’t have access to Netflix’s full catalog of movies and TV shows that is avaiabe to US residents. Geo-blocking works by using your IP address to track your location. This means that if you are an American visiting the UK, you will only access content that is available in the UK.
This stands for the Hypertext Transfer Protocol. It defines how messages are formatted and transmitted over the web. It also determines what actions web servers and browsers shall take in response to various commands. So HTTP basically is the mother of all protocols involving the World Wide Web. It’s basically behind how every single requests are handled between a web browser and web server.
This is Hypertext Transfer Protocol secure. It is the secure version of HTTP. It’s secure because communication between your web browser and the web server is encrypted. HTTPS is a must for Web sites with sensitive information like passwords and credit card details are exchanged. You should never provide your password on a site that doesn’t have HTTPS. Encryption is implemented on HTTPS through the use of TLS and SSL. Never ever provide your password or your credit card details on a site that doesn’t have HTTPS.
IP address stands for internet protocol address. It is a uniquely identifying number that is allocated to a device (such as a computer or smartphone) that is connected to the internet. However, if you are connecting to the internet through a router, it is the IP address of your router that will be visible on the internet. Your router will dynamically assign a private IP address to the network card in your computer. This IP address will not be visible on the internet.
Your IP address is what identifies who you are and where you are browsing from on the internet, and allows you to send and receive information. Note that your IP address is publicly visible on the internet and you can find out yours by navigating to whatismyipaddress.com.
An IP leak occurs when your VPN leaks your real IP address to a website that you visit. When you’re using a VPN, no website should be able to see your real IP address. This can happen when your computer is unknowingly accessing default servers rather than the VPN provider’s servers.
Keyloggers are monitoring software used to record the keystrokes that are used on a smartphone or computer keyboard. They are one of the oldest types of online threats used by cybercriminals to steal confidential information such as passwords, credit card details and other personal data. Some sophisticated keyloggers – such as those that target mobile devices – are able to record information such as calls, information from messaging applications and GPS location.
Also known as VPN Kill Switch, Internet Kill Switch or Network Lock, a kill switch is a special VPN security feature that is triggered when the VPN connection suddenly drops. The VPN automatically disconnectsyour device from the Internet until the VPN connection is restored. This means it blocks traffic leaving your device if your connection is ever compromised. With a kill switch, there’s no possibility that your IP address accidentally gets exposed.
Latency refers to the amount of time between a user action and the result of that action. For example, the delay between a user clicking an image and the user’s browser showing that image. If you click a link and it takes several seconds before the image appears, you are experiencing significant latency.
A Mac address (media access control address) is a unique identifier that is assigned to a network interface controller (NIC) for use as a network address in communications within a local area network (LAN). Unlike an IP address that can be changed every time you connect to the internet, a MAC address is a hardware address that is embedded into the device and can never be changed.
This is a rogue network that fools users into thinking they are connecting to a legitimate network. Hotels are often the prime target for malicious hotspots. For example say you’re staying at The GoodNight Inn and you want to connect to the hotel’s WI-FI. When you browse the network, you may find GoodNight Inn which you might think is the hotel’s Wi-Fi, but isn’t. If you connect to that network, you’ve just connected to a rogue network that can now browse your sensitive information.
Short for malicious software, malware is a computer program that is designed to infiltrate and cause damage to computers or websites. Malware covers all types of threats to your computer including spyware, viruses, worms, Trojans and so on.
This type of phishing utilizes digital ad software to publish otherwise normal looking ads with malicious code implanted within.
Man-In-The-Middle Attacks (MitM)
This attack is a form of eavesdropping. When you connect to different websites on the internet, vulnerabilities can allow an attacker to get in between these transmissions and read the content of those transmissions. These attacks are often carried out by establishing fake public Wi-Fi networks at various public locations such as coffee shops and shopping malls.
The master password is the only password you are required to create when using a password manager. It is the key to unlock access to all of your stored credentials, including your passwords.
Multi-layer security is all about having multiple safeguards in place and using them in conjunction with one another so that if one fails, you’ve still got others to protect you. For example, instead of using just passwords as your only layer of security, you should have additional layers like two factor authentication, encryption and private networks. This ensures that even if your password is breached by a cybercriminal, they won’t be able to access your account because you have two factor authentication as an additional layer of security.
Multi-factor authentication is a method of access control where a service grants you access only after you present multiple pieces of evidence that you are who you claim to be. This evidence comes in three forms: something you know (such as your password), something you have (such as your phone) and something inherent, which include biometric methods such as fingerprint readers, retinal scanners and facial recognition systems.
No Logs Policy
A no logs policy is about protecting your private information from everyone. It means that no information is saved about your personal details, the websites you visit or what you search for. So in the event of any unforeseen circumstance such as data breach, server hack or government investigation, nothing can be held against you because no information was recorded about you in the first place. This policy is used to safeguard your privacy and anonymity so that you can feel safe in the knowledge that what you do online is protected from everybody.
Every VPN claims to deliver anonymity and privacy with a no logs policy. However, the reality is that some VPN vendors might be unable to deliver 100% privacy, and this doesn’t have anything to do with the service provider’s technology. If the VPN provider has its headquarters in a country that’s part of the 5/9/14 Eyes Alliance, a VPN service provider can be forced to log user data and to provide logs by request of the authorities. This means you could be at risk of being exposed to the government. If online privacy is a top priority, you’ll be better off choosing a VPN provider that is not located in a country that is a member of the 14-eyes alliance
Protocols (for VPNs)
A Virtual Private Network (VPN) protocol is a set of rules that govern how data is transmitted between your computing device and a VPN server. Consider a protocol as a kind of language that multiple devices have to understand in order to be able to communicate with each other. With VPN protocols, the VPN software that you install on your device has to use the same protocol on the VPN server in order for your computer to be able to use the VPN service.
One Time Passwords
One time password is a password that is valid for only one login session. This password makes it impossible for hackers to get into your account even if your login credentials are compromised. You can also use one time passwords as part of the two factor authentication process
A password generator is a tool that randomly generates unique and complex passwords. When using a password generator, you have the option of specifying how long it should be or whether it can include combinations of numbers, uppercase and lowercase letters, and special characters. Some password generators are capable of creating very long passwords that can be understood and memorized.
A payload when used in the context of a computer virus or worm refers to that component of the virus that implements malicious activities. A virus or worm that has a destructive payload will be relatively more dangerous than one with a much more benign payload.
Perfect Forward Secrecy
A component of an encryption system that keeps data safe by automatically and frequently changing the key used to encrypt and decrypt information on every login and at least each hour thereafter. This means that even if one session is compromised, only a small portion of the user’s sensitive data is exposed. Keys are switched every time a user loads or reloads an encrypted web page, or every time a text message is sent. Without perfect forward secrecy, when a user logs in to a VPN for example, the entire session is encrypted based on the client’s key. But if that session is hacked, the entire conversation is compromised.
A proxy server is a type of anonymizer that functions as an intermediary for requests made by clients seeking resources from web servers. The proxy sits between you and the web server that you’re trying to access. Internet traffic flows through the proxy server on its way to the address you requested. The request then comes back through that same proxy server and then the proxy server forwards the data received from the website to you.
The proxy masquerades your real Internet Protocol (IP) address and substitutes it with another IP address, making it difficult to for hackers and other cybercriminals to target you online. This allows you to defeat restrictions and censorship. In addition, proxy servers do not provide any type of encryption.
Secure notes is an all-encompassing term that is used to describe any credential that is not a password. This includes credit card info, national insurance numbers, online receipts, etc. All of the data that is contained in secure notes is encrypted in the same way that passwords are.
Sideloading is a term similar to uploading and downloading. It involves the installation of an 3rd party application on a mobile device without using the device’s official app distribution channel. These apps are downloaded from third-party app stores. Some of these apps are particularly vulnerable to malware infection due to the fact that they aren’t installed through official channels.
If you’ve decided to run your VPN off your router rather than through your devices or apps, split tunneling allows you to decide which of your traffic goes through the encrypted VPN tunnel, and which traffic accesses the internet directly with your regular IP. For example, you can choose to protect all of the computers on your network by routing their traffic through the VPN, but keep your printer open for normal traffic. This way, you can allow some people on the web to use the printer. This is a very useful feature to have because you can lose access to some services if you use a VPN.
These are files that are designed to bring a software program back to life after it has been successfully removed from a computing device.
The concept of social engineering refers to a situation when an attacker engineers a social situation that encourages a potential victim to feel comfortable with the attacker and let their guard down. The attacker plays some sort of mind game with the potential victim, which allows them to accomplish their malicious goal.
Snooping and Sniffing
Cybercriminals can buy special kits and devices that allow them to access everything you’re doing online, from viewing pages you have visited to being able to capture your login credentials and even hijack your accounts.
A software vulnerability is a security hole or weakness discovered in an operating system that renders it susceptible to exploitation by hackers.
Spoofing is the process of substituting a message from a shady source as coming from a recognized, trusted source. It can be applied to text messages, emails, phone calls, IP addresses, DNS servers and websites. Spoofing can also lead to the rerouting of internet traffic, which can lead visitors to malicious websites designed to steal information or distribute malware.
SSL stands for secure sockets layer. It establishes a secure link between your browser and the web server to ensure that eavesdroppers and hackers are unable to see what you transmit which is a must if you process sensitive information like credit card payments on your website. SSL and TSL can help you securely process that data so that cybercriminals can’t get their hands on it.
Your web server requires an SSL certificate to be installed on it. So, if you have a website and you want to establish a secure link between your web server and any browser that wants to have any access to your website, you need to install a current SSL certificate. This certificate will serve as proof that your web site is secure with SSL. So, any time a browser from around the world tries to access your website, it will check to see if the certification has expired before completing the connection.
Torrent IP leak
A torrent IP leak occurs while torrenting. Torrenting is typically anonymized and encrypted when you’re using a VPN. A torrent IP leak occurs when the torrent client unveils the user’s real IP address while torrenting.
TLS stands for Transport Layer security, and it is the successor to SSL. It is more advanced, and offers a higher degree of encryption and security. It is just a more recent version of SSL, and it fixes some security vulnerabilities in the earlier SSL protocols. As an end-user, you don’t need to worry too much about TLS vs SSL or whether you’re using an “SSL certificate” or a “TLS certificate”.
Two-factor authentication –also known as 2FA – is a type of authentication method that requires presentation of two different authentication factors in order to access certain data on a password-protected site. Two-factor authentication is probably the most effective way of securing your online accounts because attackers have to crack your password and be in possession of your smartphone to gain access to your account.
An unlocked phone is a phone that is not associated with a specific provider. This means that the phone can be activated on any phone service provider through the use of the provider’s SIM card.
A computer virus is malicious code named after the biological organism. A computer virus resides in your device’s hardware and software. Like the biological specimen, a computer virus steals resources from your use of the device and renders the device seem “sick,” i.e. slow or unresponsive. In some cases, a virus can be designed to destroy information or even render a device completely unusable.
A VPN protocol is the technology used by the VPN provider to ensure that you get a fast and secure connection between your device and their VPN servers.
A web server is a computer that runs websites. The main objective of the web server is to store, process and deliver web pages to users using the HTTP protocol.
Website spoofing is the process of creating a fake website that is almost indistinguishable from the real thing. The aim of this scam is to steal your login credentials by getting you to login to the fake site. The best way to determine if a website is bogus is to look at the domain name area. A fake website will always contain a variation of the actual name. For example, instead of www.nike.com, the domain name will read www.nikesales.com.