Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

stick with "anonymous" or "authenticated" when describing attacks

from [Jonathan G. Lampe] Network Security [Permanent Link]
Subject: stick with "anonymous" or "authenticated" when describing attacks
Date: Wed, 22 Dec 2004 13:39:52 -0600
At 11:27 AM 12/22/2004, Adam Shostack wrote: 
I've long advocated 'credentialed' to refer to attacks where a user of
the system can execute the attack, and 'anonymous' or
'non-credentialed' to refer to refer to attacks on servers, such as
httpd, ftpd, or named.

The word "authenticated" already has the meaning of what I think you were trying to express with "credentialed"; "authenticated" means that a user has already presented credentials of some kind (username, password, PIN, key, cert, token, etc.), that those credentials were accepted and that the user enjoyed a different level of privilege than mere "anonymous" users.

The term "credentialed" suggests that a user has been issued credentials of some kind, but that he/she may or may not have used them to authenticate to a restricted resource. (The term "credentialed" is similar to the word "ticketed".)

So...I'd stick with "anonymous" or "authenticated" when describing attacks on servers.

-jgl

******************* PLEASE NOTE *******************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.



[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DJB's students release 44 *nix software vulnerability advisories, Crispin Cowan
Next by Date:  possible local exploit via sendmail with procmail on solaris, Michael Barnes
Previous by Thread:  Re: Local versus remote security holes, Adam Shostack
Next by Thread:  RE: Local versus remote security holes, David Brodbeck
Indexes:  [Date] [Thread] [Top] [All Lists]