Facial Recognition Attack Nomenclature
Is there a generally acknowledged term for spoofing facial recognition with a photo of the target face (Samsung smartphone facial recognition, not Apple FaceID (depth measurement)).
Category Archives: terminology
What do i call this vulnerability Technically?
There is a site which hosts coding competitions for coding and placements.
They issue certificates for winning the coding exam or at least get into the finale round.
I did not participated in that competition but my friend did.
He posted … Continue reading What do i call this vulnerability Technically?
Difference between IAG and IDM
What is the difference between Identity Management products (such as Forefront/MIM, PicketLink, OpenIDM) and Identity Access Governance tools (such as Sailpoint,Savyint, CyberArk)?
Apologies for another one of these terminol… Continue reading Difference between IAG and IDM
What is the difference between data owner, data custodian and system owner?
I just started studying up for the CISSP and am having trouble understanding few concepts:
Data owner
Data custodian
System owner
Somewhere I read:
The data owner (information owner) is usually a member of management … Continue reading What is the difference between data owner, data custodian and system owner?
The use of "over" in cryptography (as in "a hash over the key")
This is the ultimate noob question.
When reading discussions of cryptography, I often come across phrases like these:
…calculates a hash over the primary key…
…a key derivation function over a static string…… Continue reading The use of "over" in cryptography (as in "a hash over the key")
SNMP – need help with terminology
In many resources, I see that community strings are also called default passwords. But in the Server Manager, I see “Community name” and it makes more sense.
So why people often use the phrase “default password”? If we enume… Continue reading SNMP – need help with terminology
adaptive vs. non-adaptive adversaries; Is there a precise, unique and general definition?
In this Ethereum github page (Link to the page: https://github.com/ethereum/wiki/wiki/Sharding-FAQ#what-are-the-security-models-that-we-are-operating-under) there is a very brief definition of the adaptive vs. non-adaptive ad… Continue reading adaptive vs. non-adaptive adversaries; Is there a precise, unique and general definition?
What are client-side exploits
I am learning about cybersecurity and have read about client-side exploits. I know they are vulnerabilities/exploits and they target the client instead of a server. What are some examples of this and how do they work?
Terminology for reduced brute-force attack?
Many security algorithms today have such a large key length, that there’s just no use in trying to brute-force a key. For example to find one AES-256 key you would have to try 2^255 keys on average.
My question is, if there’s a special na… Continue reading Terminology for reduced brute-force attack?
What’s the difference between OVAL definitions, objects, and tests?
I’m trying to become more familiar with OVAL tst def and obj references in joval xml definition files.
For example, I’ll see stuff like:
<criterion comment=”Foo” test_ref=”oval:org.mitre.oval:tst:123″ />
And then… Continue reading What’s the difference between OVAL definitions, objects, and tests?