Computer Security

For some more up-to-date information and comments you can also check out my Brain’ on the topic.

This page is a collection of computer security information, articles, etc., starting with the very practical and going through to quite academic.

Dictionaries and Jargon

The Original Hacker’s Dictionary” and “The Jargon File” are older collections (e.g. 1988-1991), and “The New Hacker’s Dictionary” is from 2002

The Motherboard e-Glossary of Cyber Terms and Hacking Lingo

The Hacker Dictionary

Jargon File

Check out - just to get a better idea of the services that are out there

Digital Shadows had a blog and some White Papers

SentinelOne has a Resources page with White Papers, Case Studies, Videos & Demos, Reports, eGuides, etc. 

If you thought you knew it all - think again...

In Jan. 2016 there was an article on, a referrer spam. Many Website used Google Analytics. This scam mixes data into a Websites Google Analytics account. It then appears that someone have visited the Website from, however this is not the case. This is just one type of referrer spam URL’s. They offer a new way to monetise the Website, but in fact they want to collect personal data, and sign the Website up to, and referrer spam URL. This kind of data can ruin a Website’s analytical data, in mixing useless data on audience, acquisitions, user behaviour, etc. In addition they use referrer spam to promote their own Website, and to boost their own rank on Google search results (by creating backlinks). This is done by logging requests into the Website’s access log, which is then crawled by Google’s indexing bots.

Through 2016 there has been a major increase in phishing attacks on Gmail accounts. The user receives an email sent to their Gmail account. That email may come from someone they know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment they recognize from the sender. They click on the image, expecting Gmail to give them a preview of the attachment. Instead, a new tab opens up and they are prompted by Gmail to sign in again. They glance at the location bar and see in there somewhere. So they sign in on what looks like a functional sign-in page. 

Once they have completed sign-in, their account has been compromised. The attackers log in to the account and use one of the persons actual attachments, along with one of their actual subject lines, and then sends it to people in the contact list.


Everyone says “Check the location bar in your browser to make sure you are on the correct website before signing in. That will avoid phishing attacks that steal your username and password.” In the attack above, there is ‘‘ in the location bar, so so it looks good.

People need to change what they are checking in the location bar.

This phishing technique uses something called a ‘data URI’ to include a complete file in the browser location bar. A quick look at the browser location bar sees ‘data:text/html…..’ that is actually a very long string of text. If you widen out the location bar it looks like this:

There is a lot of whitespace, but on the far right there is the beginning of what is a very large chunk of text. This is actually a file that opens in a new tab and creates a completely functional fake Gmail login page which collected user credentials and send them to the attacker.

On the far left of the browser location bar, instead of ‘https’ there ‘data:text/html,’ followed by the usual ‘….’. People do not pay close attention and ignore the ‘data:text/html’ preamble, assuming the URL is safe.

When signing in to any service, check the browser location bar and verify the protocol, then verify the hostname. It should look something like this:

Make sure there is nothing before the hostname ‘’ other than ‘https://’ and the lock symbol. Take special note of the green colour and lock symbol that appears on the left. If you can’t verify the protocol and verify the hostname, stop and consider what you just clicked on to get to that sign-in page.

People should also enable two factor authentication if it is available on every service that they use. Here is the full article. Just run a Google search on “how to cash in on phishing 2017”, and you will get a long list of the latest type of attacks.

In a study on malware statistics for 2013-2015 indicated that 431 million new malware variants were added to the pre-existing pool of malware strains. Check out this article for more information.

This article looks at malware that targets ATM’s. This White Paper looks at attacks aimed at the travel and entertainment sector, i.e. spoofing client devices or identities. But don’t forget that even today people are still being scammed by fake anti-virus offers.

Messages telling you to install and update security software for your computer seem to be everywhere. So you might be tempted by an offer of a “free security scan,” especially when faced with a pop-up, an email, or an ad that claims  “malicious software” has already been found on your machine.


Avoid, this type of message is a come-on for a rip-off.

Threat Detection and Response

Microsoft has a Threat Research & Response Blog on their Malware Protection Center, and they also have a Safety & Security Center

Securelist is run by Kaspersky Lab., as is Threat Post

Targeted Cyberattacks Logbook

Cyber Threat Source Descriptions and Alerts from US-CERT

NIST has a Computer Security Resource Center

CCDCOE is the NATO Cooperative Cyber Defense Centre of Excellence in Tallinn, Estonia

virustotal is a free Google service that analyses suspicious files and URL’s

Hacking Threat is one commercial online source of security news, and FireEye is another comprehensive news source and vendor

Krebs on Security is a blog by an ex-Washington Post journalist  © Bernard Smith 2017-18