Glossary

This portion of the site is dedicated to archiving definitions ofinteresting, misunderstood, or otherwise noteworthy terms found mostlyin infosec, science, philosophy, and IT.

Many of these are in my own words, but those that aren’t are common,dictionary denotations that can be found anywhere. Despite theircommonality, I seem to forget many of these often — hence the need forthis page.

At the moment, many of the entries here belong in their own section under danielmiessler.com/study. I’ll try and remedy this as soon as possible.

Uuencode

A file is “uuencoded” when it is converted into 7-bith ASCII so that itcan be shared with other systems (usually via email). Uuencodeoriginally stood for “Unix to Unix encoding”.

Diffie-Hellman

A key agreement/exchange protocol developed by Diffie and Hellman in1976. The protocol is designed to allow users to exchange secretinformation over a public medium. This is done by generating a largeprime number, a base number, and a private number and then using them togenerate a public number. Public numbers are exchanged between hosts andthen used to create a shared number which is unique to both hosts.Diffie-Hellman, however, is vulnerable to man in the middle attacks.This is done by intercepting the initial exchange of public keys. Theman in the middle can perform key exchanges with each endpoint and thensimply forward communications between them after reading and/orrecording their contents. This can be defeated by using anauthentication system such as digital certificates.

ASCII

ASCII is a 7-bit character code standardized in the US, the 1967 versionbeing the final one. HTML uses ASCII to transfer data over the web.ASCII is not designed to represent non-english alphabets, and this is amajor shortcoming.

There are 8-bit character codes in common use that are identical withASCII in the first 128 positions, but these are not ASCII. Some common codesare listed below under ISO 8859.

Unicode

The Unicode Standard is the universal character encoding standard usedfor representation of text for computer processing. It was originallyintended to be a 16 bit character set, but it is now seen that 65536characters are insufficient. As a result, different implementations usedifferent character sizes for ‘native’ Unicode representation. Forexample, Windows uses 16-bit characters, Linux typically uses 32-bitcharacters. Nevertheless, there are well-defined standards which permitthe orderly interchange of Unicode data.

It should be noted that most modern software systems (e.g., Windows,Java) use Unicode as their exclusive internal text representation.

MIME

Multipurpose Internet Mail Extensions MIME is an Internet standard that specifies how messages must beformatted so that they can be exchanged between different mail systems.MIME allows you to include just about any kind of file in an emailmessage. Some examples include text, images, audio, video, and charactersets other than ASCII. SMIME is a more secure version of MIME thatallows for the use of encryption when sending files in an email message.

ISO 8859

ISO 8859 is a full series of standardized multilingual single-byte coded(8bit) graphic character sets for writing in alphabetic languages. ISO8859-1 is commonly used in the United States, and corresponds to theWestern European alphabet as per the table below:

Latin1 (West European) Latin2 (East European) Latin3 (South European) Latin4 (North European) Cyrillic Arabic Greek Hebrew Latin5 (Turkish) Latin6 (Nordic)

Hanlon’s Razor

Hanlon – as used in the name – is thought to be a modification of“Heinlein, due to the fact that he use a similar phrase in his book“Logic of Empire” in 1941.

Finagle’s Law

This proverb is also referred to as “Finagle’s Law of DynamicNegatives”, and is simply a “folk” version of Murphy’s Law.

Murphy’s Law

Murphy’s law is a priciple of defensive design coined by Edward A.Murphy, Jr., an engineer working on rocket-sleds for the Air Force in1949. The saying quickly spread and mutated. Currently, the most popularform of the saying is Finagle’s Law – the “folk” version of the originalproverb.

Sturgeon’s Law

This saying is derived from a quote by Theodore Sturgeon, who said:

Ninety-Ninety Rule

• a quote by Tom Cargill of Bell Labs.

Occam’s Razor

A simple concept attributed to the mediaeval philosopher William ofOccam which states that one should not make any more assumptions thanthe minimum needed.

Also called the “Principle of Parsimony” and the “Principle ofSimplicity”.

Cross Site Scripting (XSS)

Cross Site Scripting is a type of vulnerability that works when a userclicks a link containing malicious code, and is most often used toattempt to hijack sessions. This is possible through the use of websites that use dynamically generated pages. XSS occurs when a web serverembeds browser input into the output sent back to a browser – allowingfor malicious script to be executed.

Basically, using this technique, an attacker gives script as input to asite, which is then used to generate a page for the victim, and thatcode then runs on the victim’s machine. This is able to be done throughthe passing of special characters to the server which are then used inthe creation of the dynamic content for its output. The nature of theattack (and the reason for the name) is that the code being executed onthe victims machine is trusted to some degree due to it appearing to becoming from a trusted site they are visiting – not the attacker’s site.

backronym: n.

[portmanteau of back + acronym] A word interpreted as an acronym thatwas not originally so intended. This is a special case of what linguistscall back formation. Examples are given under recursive acronym(Cygnus), Acme, and mung. Discovering backronyms is a common form ofwordplay among hackers. Compare retcon

recursive acronym: n.

A hackish (and especially MIT) tradition is to chooseacronyms/abbreviations that refer humorously to themselves or to otheracronyms/abbreviations. The original of the breed may have been TINT(ìTINT Is Not TECOî). The classic examples were two MIT editors calledEINE (ìEINE Is Not EMACSî) and ZWEI (ìZWEI Was EINE Initiallyî). Morerecently, there is a Scheme compiler called LIAR (Liar Imitates ApplyRecursively), and GNU (q.v., sense 1) stands for ìGNU’s Not Unix!î ó anda company with the name Cygnus, which expands to ìCygnus, Your GNUSupportî (though Cygnus people say this is a backronym). The GNUrecursive acronym may have been patterned on XINU, ìXINU Is Not Unixî óa particularly nice example because it is a mirror image, a backronym,and a recursive acronym. See also mung, EMACS.

GNU

GNU (pronounced “Guh-Noo”) is a recursive acronymn (see above) thatstands for “GNU Not Unix!”. It was designed by Richard Stallman to be afree (as in freedom) replacement for the various Unix operating systems.GNU is indpendent from the kernel that it uses, and the current kernelbeing used with nearly all implementations is Linux.

Recursion

Recursion is a programming term (here), and it means to call oneself.Below is an example of a recursive function: int Fact(int x) { if x==1 return 1; else return x*Fact(x-1); } ;

HIRD

“Hurd” stands for “Hird of Unix-Replacing Daemons”. And, then, Hird’stands forHurd of Interfaces Representing Depth’. We have here, to myknowledge, the first software to be named by a pair of mutuallyrecursive acronyms.

Big-Endian / Little-Endian

The adjectives big-endian and little-endian refer to which bytes aremost significant in multi-byte data types and describe the order inwhich a sequence of bytes is stored in a computerís memory.

In a big-endian system, the most significant value in the sequence isstored at the lowest storage address (i.e., first). In a little-endiansystem, the least significant value in the sequence is stored first.

Big-Endian 1025 00 00000000 01 00000000 02 00000100 03 00000001

Little-Endian 1025 00 00000001 01 00000100 02 00000000 03 00000000

The terms big-endian and little-endian are derived from the Lilliputiansof Gulliver’s Travels, whose major political issue was whethersoft-boiled eggs should be opened on the big side or the little side.Likewise, the big-/little-endian computer debate has much more to dowith political issues than technological merits.

NAT

NAT stands for Network Address Translation, and was initially designedto allow for the use of private IP addresses due to a shortage of publicIPs available to be assigned. NAT is most commonly used to maintain anetwork of private addresses behind a single “real” IP address that islive on the Internet.

Network Protocol Numbers

ICMP – 1 IP – 4 TCP – 6 UDP -17 IPv6 – 41 GRE- 47 ESP – 50 AH – 51

TCP Ping

The term “tcp ping” is actually a misnomer. Ping is a nickname for anICMP echo request, and ICMP is a layer 3 protocol. A “TCP ping” impliesthat TCP is used, which it is, but TCP is a layer 4 protocol. Inactuality, a “tcp ping” is not a ping at all. It is simply a TCP packetdestined for a certain port (usually with the ACK flag set).

Upon receiving this type of packet, a host will respond with a TCPpacket of its own which will have the RST flag set. When the probingmachine sees that packet, it knows that the target is alive, hence theuse of the word “ping”. This teqnique works even if the target isblocking ICMP (something that is becoming more and more common), so theonly way to block this type of probe is to drop such packets completely.

Free Software

From the GNU Website:

When people say, “Free as in beer”, what they are meaning is that itdoesn’t cost any money. “Free as in speech” pertains to liberty.

File Descriptor

An integer that describes an open file within a process. The number iscreated at the time of the file being opened. Anything that reads,writes, or closes a file uses the file descriptor as an input paramater.In Unix, file descriptors 0, 1, and 2 refer to the standard input,standard output, and standard error files respectively.

Perl

Practical Extraction and Report Language. Created by Larry Wall in 1987

CGI

Common Gateway Interface. This is where servers process user input onthe server side and return output to the client. CGI scripts arecommonly written in Perl.

Unsupervised Learning — Security, Tech, and AI in 10 minutes…

Get a weekly breakdown of what's happening in security and tech—and why it matters.

PHP

Created by Rasmus Lerdorf originally as a Perl CGI script called“Personal Home Page”, or simply “PHP”. The original purpose for thescript was to log visitors to his resume page on his website. Like Perl, PHP must be used within HTML in order to work over the web.

SMTP

RFC 821

SMTP is the main protocol used for sending mail on the Internet.Understanding it to at least a moderate degree is a must.

Commands- HELO – Identifies the sending machine. This is spoofable, but manysystems are able to look and see if the IP matches the DNS name givenhere.

MAIL FROM – The sender address given to the mail server, or, in otherwords, this is the email address that the sender is claiming the messageis coming from.

RCPT TO – The address that the message will be going to. Using multipleRCPT TO commands allows you to send to multiple recipients.

DATA – This is the actual meat of the message. There are no controls onwhat can be sent in this portion. Words at the beginning of a line thatare followed by a colon are interpreted as headers by most mailprograms. The end of the DATA section is denoted by a period (.) on aline by itself.

QUIT – This is the command that is used to sever the connection to themail server.

Email Headers

When email moves from one server to another each box appends a newheader to the top of the previous one, making a stack of headers. Totrack who all handled a given message, start at the bottom of the headerand move from left to right as you go up.

The “Received” headers are the headers should be reviewed to find outwhat has actually happened during the course of an email message’stravels. Many of the other header options are subject to forgery and areless reliable as a source of good information about a particular emailmessage.

It is interesting to note that the true recipient(s) of a message arenot viewable in an email header. The actual recipient is declared withthe RCPT TO: command given to the mail server, but this information isnot available in a header. The To: header option is often present in aheader, but this can be forged fairly easily.

Header Options-

Content-Transfer-Encoding: – This is the MIME content type for themessage in question, and it is what determines what is used on theclient to read/interpret the message. This is a header option that can(and has been) used maliciously by claiming the content type is onething when it is really something else.

Content-Type: – Similar to above

From (no colon) – This is a relatively trustable field that indicateswho sent the message.

From: – This is the sender modifyable from field; don’t trust it.

Message-Id:, Message-id:, Message-ID: – This is a fairly uniqueidentifier assigned to each message – usually by the first mail serverthat touches it.

In-Reply-To: – A USENET header used for tracking what post a given postis in response to. This header option is seldom used outside of USENET.

Priority: – A freeform header option that spammers often use to assigntheir trash a high level of importance.

Reply-To: – This is the email address that will be the recipient ifsomeone replies to the message in question. Often used by spammers todeflect people’s complaints.

Return-Path: – Same as Reply-To:.

X-Headers – X-Headers are headers that start with “X-” and are forinformational use only. Any header that is not standard, and is used forsome specific purpose is supposed to use this designation, but thisisn’t always the case.

X-Mailer: – This is the X-Header used for identifying the mail clientused to send the message.

The Sticky Bit

The sticky bit is a Unix file/directory permissions setting used usuallyon publicly accessable directories. Normally, when a directory isaccessible to the public and additional permissions do not interfere, auser can rename and/or delete files belonging to other users within thatdirectory. The sticky bit prevents this from happening. The permissionis set by specifying chmod 1777 octally, or by chmod +tsymbolically.

The Setuid Bit

Executable files with this bit set will run with effective uid set tothe uid of the file owner. This means that if root creates a script andmakes it setuid, whenever it’s run it’ll be run as root rather than asthe user that ran the script. This is highly dangerous and should beavoided whenever possible.

Arthur C. Clark’s

1. When a distinguished but elderly scientist states that something ispossible, he is almost certainly right. When he states thatsomething is impossible, he is very probably wrong.

2. The only way of discovering the limits of the possible is to venturea little way past them into the impossible.

3. Any sufficiently advanced technology is indistinguishable frommagic.

Logarithms

A logarithm is a math term strongly tied to the concept of exponents. Inthe equation xy = z, we can now pretend that two of the variables aregiven, and solve for the third.

If the base and the exponent are given we compute a power, if the theexponent and the power are given we compute a root, and if the power andthe base are given, we compute a logarithm.

Examples:

• 10^2^ = 100 log~10~100 = 2

• 10^-2^ = 0.01 log~10~0.01 = -2

• 10^0^ = 1 log~10~1 = 0

• 2^3^ = 8 log~2~8 = 3

• 3^2^ = 9 log~3~9 = 2

• 25^1/2^ = 5 log~25~5 = 1/2

In short, finding a logarithm is finding the exponent when you know thebase and the power.

Related posts:

1. Summary: Algorithms to Live By

2. An Ngrok Tutorial and Primer

3. Masscan Examples: From Installation to Everyday Use