Z is for …

Zero Day

The time taken between a vulnerability existing and a patch being released to fix it can be several weeks, months or even years. An exploit written to take advantage of this gap is known as a Zero Day.

The bad guys are particularly interested in carrying out attacks against systems with vulnerabilities but no patches, for obvious reasons: it’s very difficult to defend agaisnt them.

Depending on the level of access the zero day can provide, or the damage a bad actor can cause with it, will have an effect on the value of each zero day attack on the Dark Web. Some may sell for “only” a few thousands of pounds, but some can fetch well into five figures, if not more.

A very famous attack carried out using zero days is explained in the film of the same name. It tells the story of an attempt to disrupt the Iranian nuclear programme some years ago, and is well worth watching.

E is for…

Encryption

The process of scrambling a message or data as part of cryptography is called encryption. This is what makes the message impossible to read unless you know how to unscramble it using decryption. As the years have gone by this process has become more and more complicated, and there is heavy reliance on computing power and very advanced maths to make it work without risk of the message being compromised.

Endpoints

You may often hear the phrase endpoint when talking about computer equipment. The term refers to devices such as laptop and desktop computers, smartphones and tablet devices ie things which the end user uses to access data.

Exploit

Code written to take advantage of vulnerabilities in software is known as an exploit. It may be used to inject code, to run a different program, or to cause other damage to the system.

Extranet

An extranet is a controlled network environment which is used to give non company staff members access to company resources (for example, data files) typically through some sort of remote access solution.