Glossary 313 Mirai botnet: a botnet composed mostly of IoT devices that was responsible for some largescale and high-profile DDoS attacks in 2016 (4) mitigating risk: reducing the risk (5) Mitnick, Kevin: a hacking folk hero famous for his social engineering exploits (3) mobile operating systems: an OS that runs on smartphones (2) monoalphabetic substitution ciphers: a cipher that uses one plaintext-to-ciphertext alphabet mapping (7) Morris Worm: the first worm on the Internet and took many computers offline (3) Morris, Robert Tappan ( AKA RTM): an ethical hacker who crossed legal boundaries and was convicted of the Computer Fraud and Abuse Act for unleashing the Morris worm on the Internet (3) MS08-067: a notorious security bulletin from Microsoft that disclosed a major RCE vulnerability in Windows (4) Mudge: the hacker nick used by Peiter Zatko, a member of L0pht that testified before Congress (3) multi-factor authentication (MFA): authentication based on tokens from two or more different categories (8) multi-level security (MLS): an access control scheme that assigns permissions based on information sensitivity levels (8) n-day: an exploit that targets an n-day vulnerability (4) n-day vulnerability: a known vulnerability (4) name collision: a situation where two objects have the same name (8) namespace: a domain in which no name collisions are permitted (8) Nash equilibrium: a stable point in a game where neither player can unilaterally change his choice and end up with a more preferred outcome (6) Nash, John: a game theoretician who proved all finite games have an equilibrium point (6) National Institute of Standards and Technology (NIST): a United States government agency that provides cybersecurity risk management guidance to the federal government and organizations (5) National Security Agency (NSA): an organization within the United States Department of Defense authorized to conduct signal intelligence on foreign adversaries (3) National Vulnerabilities Database (NVD): a catalog that provides additional guidance for CVEs including criticality scores and remediation (9) need-to-know: a rule that manages access to information based on its relevance to job duties (8) negative permission: an explicit denial of an action (8)
RkJQdWJsaXNoZXIy MTM4ODY=