Cyber Security Glossary
Adware (short for advertising software) is unwanted software who's sole purpose is to displays adverts to generate money for the author. Whilst adware doesn't often do any damage, it is normally installed either without the user's permission or through deceptive means. See our page on defending against viruses.
Antivirus software tries to find and neutralise any viruses or malicious software (malware) that may be on computers or smartphones. Example products include Kaspersky, McAfee, and AVG. See our article on Choosing An Antivirus Program.
Authentication is the process of confirming that you are who you say you are, for example by using a password (something that only you should know). Other methods include biometric checks such as a fingerprint scan, or proximity cards at doors.
Biometrics are a way of proving your identity (see Authentication above) based on a physical aspect of yourself. Examples include fingerprint recognition, facial recognition, iris scans, and gait (or walking) analysis. Other methods are being developed too, such as your typing pattern which, it has been suggested, could one day remove the need for passwords.
A botnet is a collection of (often thousands of) computers that a criminal has under their control. They're often used to send out spam emails, to attack websites as part of a DDoS attack, or sometimes (with it's combined computing power) to crack passwords. Computers join botnets without the owner even knowing, normally after being infected with a virus such as through a phishing email. See our page on defending against viruses.
An internet browser is the software that you use to access the internet. Common browsers include Microsoft Edge (or previously Microsoft Internet Explorer), Apple Safari, Mozilla Firefox, Opera, and Google Chrome.
Brute force is the process of trying every possible password combination until the correct one is found, from "a" all the way up to "zzzzzzzzzzzz" (and beyond!). See our article on How Hackers Guess Passwords.
The "Cloud" has become a very popular term in computing over recent years. Essentially it means a remote computer doing many of the tasks that you typically used to do on your home computer, for example using it to backup data or to run software such as Google Docs. Many companies are using the cloud too, using it to host data and services that they would typically keep on their own powerful in-house computers.
Cookies (not the edible type!) are small text files that are stored in your browser and which are key to the normal working of the internet. They help websites to remember who you are, what pages you looked at when you last visited, or to keep track of your shopping basket. See our article on How Your Web Activity Is Tracked.
Cryptography is a special branch of mathematics that scrambles data up into unreadable forms. This might not sound useful, but is in fact fundamental to many aspects of the internet today. It's used for keeping data private, to check that data has been transmitted correctly, to verify identity, and it can help ensure that people or computers can't deny carrying out certain actions. Both encryption and hashing are forms of cryptography.
Denial of Service attack ("DoS" or "DDoS")
A Denial of Service attack ("DoS" for short) is when an attacker bombards a website with so much traffic that it buckles under the strain & stops working. These attacks are often carried out by multiple computers as part of a botnet, leading to the term Distributed Denial of Service attack (or "DDoS"). Criminals will often use these attacks as part of a blackmail campaign to extort money from companies who rely on their website being up and running, or to mask other hacking activity at the same time. A DDoS attack, despite what is often reported in the media, is not a form of hacking since it doesn't involve breaking into websites; it simply involves overwhelming them with too much traffic.
A 'Dictionary Attack' is a method used by hackers to find passwords, by running down a list of dictionary words until a match is found. They'll often combine words in common pairs too (such as "ManchesterUnited"), make common letter substitutions (such as a 1 for an i), or add numbers to the end. Modern computers allow billions of passwords to be tried each second, making it posible to find the most common passwords in fractions of a second. See our page on How Hackers Guess Passwords.
Encryption is the process of converting a piece of data into an unreadable format that can only be recovered with knowledge of a secret key. It's a form of cryptography and uses some complex mathematics to ensure it's unbreakable. Encryption is used in many parts of our daily lives, from making sure that our online banking can't be intercepted through to protecting conversations over email or Skype. Common encryption algorithms include RSA and AES.
A firewall is a piece of software (or within large organisations, a physical device itself) that can analyse the internet traffic flowing into and out of your computer to try to detect (and stop!) anything that's unauthorised.
A hash is the output from a special mathematical process which jumbles data up in an unrecoverable manner. The hashing process has several key properties, such as being repeatable (the same input always gives the same output) and non-reversible. Hashes have many uses in computing, for example to store passwords, to compare files to see if they're identical, as well as other uses in security. A typical hashing algorithm is SHA-256.
You might see HTTPS appearing in the address of a website that is encrypting your data as you send it (the "s" in https stands for "Secure"). If you're logging into a website or sending any sensitive data, such as credit card information, you should always check first that the site uses https (and not just http without the s). See our page on checking for HTTPS when shopping online.
The internet is a global computer network connecting millions of computers to each other and allowing information to be shared. Born out of research done in the 1960's by the US military, it has since come to define modern life today. No single organisation owns or runs the internet, however many organisations play key roles such as ICANN, the Internet Architecture Board (IAB), as well as your internet service provider (ISP). Email, the web, and many of the apps that you use on your phone all sit on top of and make use of the internet.
A Keylogger is an (often malicous) program that silently records all the keys you type on your keyboard, including any passwords you might type. Keyloggers can exist either as a form of malware, or (for more sophisticated and targetted attacks) as a physical device that's plugged into your keyboard. See our page on defending against viruses.
Malware is an all-encompassing name for different types of malicious software. There's many different forms of malware, all with differing purposes and methods of spreading. They include viruses, worms, ransomware, rootkits, keyloggers, spyware, adware, and trojans, amongst others. Despite it's name, antivirus software will catch all types of malware - not just viruses. See our page on defending against viruses .
A password is a series of letters, numbers, and symbols, that should only be known to one person and which is used to verify their identity. They are the most common form of authentication in use today but have many weaknesses, such as being easy to steal (for example by viruses) and not always being easy to remember (especially when you have a lot to remember). See our page on creating strong passwords.
A password hash is, as the name suggests, a hash of a password. It's the output of a mathematical process that scrambles the password such that it can't be recovered, but which still allows for checking that a user has entered the correct password. Examples of dedicated password hashing algorithms include PBKDF2 and bcrypt. See our page on How Hackers Guess Passwords.
Password managers are applications that securely store your passwords for you, so you don't need to remember all your passwords. They can automatically create super-strong passwords for, log you into websites, and store other details such as credit cards too. See our page on password managers.
Phishing is a form of social engineering that tries to fool users into entering their login details into a spoofed website (such as one that imitates their bank), or that spread viruses through infected attachments. These attacks normally arrive by email but can also come via text message or phone call. See our page on how to spot phishing emails.
Ransomware is a particularly vicious form of malware that has become more popular in recent years. When activated on your computer it makes all files unreadable until a ransom fee is paid (and even then sometimes the files are destroyed for good). See our pages on defending against viruses, as well as what to do if you're infected.
A rootkit is a type of malicious software ("malware") that burys itself deep inside your computer to try to avoid detection whilst doing damage to your computer. Despite it's name, anti-virus software will look for and try to catch all types of malware including rootkits - not just viruses. See our page on defending against viruses.
Social Engineering is essentially a fancy name for conning or fooling someone. These type of attacks include phishing emails, attackers blagging their way into company offices to steal documents, as well as fraudsters on the phone. See our page on how to spot & avoid common scams.
Spear phishing are highly targetted phishing attacks. Whilst most phishing emails are sent to hundreds of thousands of people at a time, spear phishing emails are highly personalised by the criminals who have spent time researching their victim. These type of attacks are often sent to directors of companies to fool them into paying a fake invoice, or crafted to make it look as if the attachment is expected so that the user will open it. See our page on how to spot phishing emails.
Spyware (short for spy software) is a form of malware that spies on a computer user without them knowing, such as recording their passwords, credit card details, or the websites visited. Despite it's name, anti-virus software will catch all types of malware including spyware - not just viruses. See our page on defending against viruses.
You might occasionally see websites claiming to be secure because they use "SSL". This is a method by which websites encrypt data as it's sent between your browser and the website, keeping it safe from prying eyes. This is what websites which have "https" in their address use. Strictly speaking SSL is an old technology that has been replaced by something called TLS, however the use of SSL has become so common that the acronyms SSL and TLS are often used interchangeably.
A trojan is a type of malicious software that pretends to be a legitimate piece of software. Examples include fake antivirus programs or malicious games. Trojans can do all sorts of damage, from encrypting all your data and only releasing it for a ransom fee, to stealing data such as passwords, or perhaps being used to send spam emails from your computer. Despite it's name, anti-virus software will catch all types of malware including trojans - not just viruses. See our page on defending against viruses.
A virus is a type of malicious software ("malware") that can do damage to your computer or steal information, such as credit card details. They often get onto your computer through compromised websites or infected attachments in emails. See our page on defending against viruses.
Virus Definitions (sometimes called Virus Signatures) are one way in which antivirus programs manage to recognise & identify viruses on your computer - think of them as being a big list of fingerprints for viruses. Your antivirus program will update it's definitions several times a day to ensure it always knows about the latest viruses. See our page on choosing an antivirus program.
WiFi is a technology that allows you to connect your computers and other devices to the internet without wires. As well as being common in homes, many cafes, airports, hotels, and other public places offer wifi for guests. See our pages on securing your home wifi and how to use public wifi safely.
World Wide Web (or "web")
The web, as we know it today, is a series of websites allowing us to discover almost limitless information, purchase products, or do online banking. It is one of the most used aspects of the internet, and from the first website going live on August 6th 1991 (saved for posterity at info.cern.ch) it has since exploded to around 2 billion websites today.
A worm is a type of malicious software ("malware") that can automatically spread from computer to computer, dropping off viruses and trojans as it goes. Worms can spread incredibly quickly - in 2003 the SQLSlammer worm infected 75,000 computers in just 10 minutes! Despite it's name, anti-virus software will catch all types of malware including worms - not just viruses. See our page on defending against viruses.
"Zero Day" may sound like a doomsday term, but in fact simply refers to a vulnerability (a security weakness) in some software on your computer that has not yet been fixed by the manufacturer. These weaknesses can then be exploited by viruses & other malware until it gets fixed. See our page on defending against viruses.