Copyright © What The Hell? Security
9 Laws of Phishing – noun – The 9 things you don’t know about phishing that flip it from an intractable to a tractable problem. See this post.
Bad Security – noun – Something purported to be good security, that undermines its very purpose by giving security a bad name. For example, a sizeable repository of corporate security policies that lacks a search feature.
Blacklist – noun – A list of URLs wherein a given entry means, “The content at this URL is malevolent. Right now.” Not to be confused with Blocklist (but always is).
Blocklist – noun – A list of URLs wherein a given entry means, “At some unrecorded and/or undisclosed point in the past, an examination of the content at this URL suggested that it was at least suspicious if not possibly malevolent. The prompting event might or might not have involved the use of fuzzy logic (possibly executing from within browser plug-ins and/or web crawlers), and/or a threshold number of would-be or actual human victims who were conscientious enough to look for, and persistent enough to locate, where such reports should be made. The content examination might or might not have entailed a threshold number of manual reviews with accompanying affirmative votes by a panel of human experts, none of whom are obligated to re-examine the content again in the future to assess whether or not this URL can be removed from this list. Regardless of whether or not the content at this URL actually was malevolent at some time in the past, it might or might not be right now. If the content is not malevolent right now, then this URL should not be on this list, and hopefully somebody will eventually figure that and out remove it from this list. If the content is malevolent right now, then it is a good thing that this URL is on this list. ” Not to be confused with Blacklist (and never is).
Certificate Authority – noun – A company that accepts SSL Bribes and EV-SSL Bribes from e-businesses desiring to suppress the Certificate Warnings from Hell for their customers.
Certificate Warnings from Hell – noun – 1. The series of browser dialog boxes forced upon a user when their browser discovers the website owner has not paid its SSL Bribe. 2. A series of browser dialog boxes that PhD candidates in Advanced Cryptography at MIT must adequately explain in order to test out of writing a dissertation.
Cosmetic Security – noun – A pretense of security, often inferred.
EV-SSL Bribe a.k.a. EV-SSL Certificate – noun – An SSL Bribe that bears the cost-tripling field sslBribe=”enhanced”. See also Green Bar.
Green Bar – noun – The money-colored background that is sometimes rendered behind the URL in a browser’s address bar, the presence of which indicates the site owner has paid its annual EV-SSL Bribe.
Post-Click Fraud – noun – Theft incurred by an online user as a direct result of clicking on a deceptive link or submitting a deceptive form. Two catalysts of post-click fraud are drive-by malware and impostor (phishing) websites. Not to be confused with click fraud which is a complete misnomer.
Red Herring Attack Vector – noun – An attack vector that is confused with a root cause. For example, email is an attack vector for phishing, but without question not its root cause.
Shorts URL – noun – A shortened URL that, when clicked upon, causes the user to “take one in the shorts.”
SSL Bribe a.k.a. SSL Certificate – noun – 1. An X.509 formatted receipt for the bribe a legitimate website owner is required to pay a Certificate Authority, without which the owner much choose between (a) closing its website, or (b) forcing its visitors to endure the Certificate Warnings from Hell and then closing its website. 2. An X.509 formatted receipt for the licensing fee a phisher pays to a Certificate Authority for phishing rights. Usually with somebody else’s credit card. See also EV-SSL Bribe.
What The Hell? – interrogative – Exactly.
