back to The Microsoft-English Dictionary
Bug
- See "Issue"
Buffer Overflow
- Security condition present in nearly all Microsoft products caused by the
improper or nonexistent limiting of input query buffers.
Bulls-Eye
- Often said by security staff conducting network penetration scans when observing
the presence of open TCP ports 135, 137, or 139, indicating a Windows system is
present.
Could Allow
- As Microsoft Security Bulletins read, a reported vulnerability or exploit to a
Microsoft product may be a security problem ONLY when exploited by a cracker. Implies
that a security problem is not a major concern until the exploit occurs. Example:
" Authentication Error in SMTP Service Could Allow Mail Relaying"
(01-037)
In reality, the problem exists, but in Microsoft's expert judgement, the problem is not
a 'problem' until exploited and makes the news. A real world example would be proclaiming
that "guns kill people" (a truth, but only if if the gun is handled by a person who either
loads it and pulls the trigger or uses it to club someone. By itself, the device is
harmless.)
Issue
- A feel-good euphemism used by Microsoft referring to a security problem. (e.g.,
"Microsoft has discovered an issue with......")
- Microsoft's implied denial that a problem exists, calling it an "issue" instead of a
"problem", "bug", "vulnerability" or "exploit." (In the real world, how many
relationships have been broken off due to "issues" versus "problems" with the significant
other?)
Known Issue
- feel-good euphemism used by Microsoft referring to a previously-reported problem.
(See "issue")
Malformed
- Term used by Microsoft to describe a security problem caused by submitting false or
modified information to an application, such as a typographic error may direct a user to a
different website than what was intended.
Microsoft Security Bulletin
- Release of documentation for a previously-undocumented feature in the named Microsoft Product.
Secure Microsoft Product
- Any unopened, uninstalled Microsoft product, preferably still inside its
shrink-wrap.
- A PC running Microsoft operating systems or software that is not connected to a
network or has removable media (e.g., disk drives) installed...that's how Windows NT
received its C2 endorsement from the NSA in the mid-1990s!
Security
- Something Microsoft products lack, evidenced by the frequency of reports of major
products with vulnerable services enabled by default, or by releasing easily-exploited
software products.
- A concept that is a mutually-exclusive to anything Microsoft.
Security Response Process
- Method Microsoft uses to react to reported security problems with its products.
Runs contrary to industry-accepted standards of proactively preventing problems through
secure software design and intense program quality assurance and abuse testing prior to
release.
Vulnerability
- A reported weakness that facilitates the compromise of a software product or
system.
- General security community term for any computer running Windows,
networked or not.
Reproduced with permission from
<http://www.infowarrior.org/articles/2001-04.html>. © 2001 Richard Forno.
Permission granted to freely reproduce - in whole or in part for noncommercial use -
with appropriate credit to author and INFOWARRIOR.ORG.