Search
Wednesday 16 October 2019
  • :
  • :

Tech Terms… You Should know!

Tech Terms… You Should know!

TechTarget a leading Technology Information Site shares Technology Terms on a daily basis with their WhatIs.com newsletter.  I find them interesting.  You may too.  Many of these you techies may already know.. some may surprise you .

Watering Hole Attack
A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user’s computer and gain access to the network at the target’s place of employment.The name watering hole attack is inspired by predators in the natural world who lurk near watering holes, looking for opportunities to attack desired prey. In a watering hole security exploit, the predator lurks near niche websites popular with the target prey, looking for opportunities to infect the websites with malware that will make the target vulnerable.Watering hole attacks, which tend to focus on legitimate, popular websites, are a derivative of pivot attacks, which target one thing to get at another. In a watering hole attack, the attacker first profiles its targets — who are typically employees of large enterprises, human rights groups or government offices — to determine the type of websites they frequent. The attacker then looks for vulnerabilities in the websites and injects malicious JavaScript or HTML code that redirects the target to a separate site where the malware is hosted. This compromised website is now ready to infect the target with the injected malware upon access.While watering hole attacks are uncommon, they pose a considerable threat since they are difficult to detect and typically target high-security organizations through their low-security employees, business partners, connected vendors or an unsecured wireless network.

With all the Hoopla about “The Internet of Things” here’s a Tech term you might want to know..

And a great Article about this IoT !
From the business problem to the technology, here’s what CIOs need to know to get started on an enterprise IoT initiative

IoT security
IoT security is the area of endeavor concerned with safeguarding connected devices and networks in the Internet of Things (IoT).The Internet of Things involves the increasing prevalence of objects and entities – known, in this context as things — provided with unique identifiers and the ability to automatically transfer data over a network. Much of the increase in IoT communication comes from computing devices and embedded sensor systems used in industrial machine-to-machine (M2M) communication, smart energy grids, home and building automation, vehicle to vehicle communication and wearable computing devices.The main problem is that because the idea of networking appliances and other objects is relatively new, security has not always been a priority during product design. IoT products are often sold with old and unpatched embedded operating systems and software. Furthermore, purchasers often fail to change the default passwords on devices — or if they do change them, fail to select sufficiently strong passwords.Many experts recommend that if an IoT device needs to be directly accessible over the Internet, it should be segmented into its own network and have network access restricted. The network segment should then be monitored to identify potential anomalous traffic, and action should be taken if there is a problem.

Security experts have warned of the potential risk of large numbers of unsecured devices connecting to the Internet since the IoT concept was first proposed in the late 1990s. In December of 2013, a researcher at Proofpoint, an enterprise security firm, discovered the first IoT botnet. According to Proofpoint, more than 25 percent of the botnet was made up of devices other than computers, including smart TVs, baby monitors and other household appliances.

User story
A user story is a tool used in Agile software development to capture a description of a software feature from an end-user perspective. The user story describes the type of user, what they want and why. A user story helps to create a simplified description of a requirement.A user story template often uses the following type of format:As a <role>, I want <feature> so that <reason>.Examples of user stories are:

As a user, I want to upload photos so that I can share photos with others.

As an administrator, I want to approve photos before they are posted so that I can make sure they are appropriate.

An Agile user story is meant to be short, usually fitting on a sticky note or note card. The user stories should be written by the business in the language of the customer so that it is clear to both the business and the development team what the customer wants and why he wants it. The development team’s job is to develop the code that will satisfy the requirements of the user story and create acceptance tests that are tied to the product backlog, another name for the list of features/capabilities that will be built. In best-case scenarios, developers collaborate closely with the business owners to clarify details as code gets developed and acceptance tests are run.

Madware
Madware is a type of aggressive advertising that affects smartphones and tablets. The name, which combines the words mobile and adware, was coined by the security vendor Symantec to describe a type of intrusive advertising that currently affects smartphones and tablets.Typically, madware gets installed on a device when an end user agrees to allow ads in exchange for a free mobile app. Some madware can function like spyware by monitoring end user behavior and making undesirable changes to the device such as flooding the device with text message ads, replacing the phone’s dial tone with an audio ad and deliberately hiding from ad detectors. Madware banners often takes up valuable screen real estate, causing the end user to accidently click on the ad while navigating the website that is displaying the advertisement.Madware can best be avoided by taking time to read each new app’s end user agreement before checking “I accept” and being extra cautious when installing apps that request access to the local system. End users should also close mobile apps when not in use, disable pop-up and extensions in mobile device browser settings and install mobile antimalware software.
Synthetic intelligence (SI)
Synthetic intelligence (SI), sometimes referred to as engineered intelligence, is a refinement of the concept of artificial intelligence (AI). SI recognizes that although the capacity for software to reason may be manufactured, it is nonetheless real intelligence and not just an imitation of how human beings acquire and apply knowledge and skill.John Haugeland, who coined the term synthetic intelligence, uses the analogy of synthetic versus artificial diamonds to explain the concept. Unlike a simulated diamond, which is an artificial stone whose appearance mimics a diamond, a synthetic diamond is a true diamond with all a natural diamond’s properties, even though it is manufactured. Both engineered diamonds and engineered intelligence are real, and should be acknowledged as such.Traditional applications of artificial intelligence have often relied upon software that simply mimics human intelligence by replicating simple human thought processes. Haugeland refers to this approach as GOFAI (good old-fashioned AI). SI software goes beyond simulation, taking advantage of the ways that machines acquire and apply knowledge and abilities at both digital and mechanistic levels.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.