Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-06-08 06:42:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

glossary reformat

Browse source
This commit is contained in:
anarsec 2023-07-09 15:08:33 +00:00
parent 0031e85f7a
commit 04533c5d87
No known key found for this signature in database
1 changed files with 27 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

54
content/glossary/_index.md
View file

@ -9,7 +9,7 @@ paginate_by = 5
### Asynchronous Communication
Both parties do not need to be online simultaneously, in contrast to [synchronous communication](#synchronous-communication). This relies on a server of some kind that will store messages until message recipients come online. This is the type of messaging that most people are familiar with (email, Signal, etc.).
Both parties do not need to be online simultaneously, in contrast to [synchronous communication](/glossary/#synchronous-communication). This relies on a server of some kind that will store messages until message recipients come online. This is the type of messaging that most people are familiar with (email, Signal, etc.).
### Backdoor
@ -21,17 +21,17 @@ An attacker who “simply” tries every possible key to access a service or dec
### Checksums / Fingerprints
Checksums are digital fingerprints: small-sized blocks of data derived from another block of digital data for the purpose of detecting any changes that may have been introduced. For example, when you download an operating system .iso file, a checksum will be listed that looks like: `sha512: 9f923361887ac4b1455bc5ae51c06f2457c6d(continued...)`. You can use [hash functions](https://open.oregonstate.education/defenddissent/chapter/cryptographic-hash/) like sha512 to create fingerprints. Essentially, this mathematical operation converts the 0s and 1s of the file into a unique "fingerprint". If a single 1 or 0 is changed, a completely different fingerprint will result, and it is often important to know whether a file has changed, such as when downloading the image file for an operating system. Fingerprints are often used in cryptography (e.g., in certificates or to verify [public keys](#public-key-cryptography) in general). [GtkHash](https://tails.boum.org/doc/encryption_and_privacy/checksums/index.en.html) is a program that allows you to calculate checksums without needing to use a command line interface.
Checksums are digital fingerprints: small-sized blocks of data derived from another block of digital data for the purpose of detecting any changes that may have been introduced. For example, when you download an operating system .iso file, a checksum will be listed that looks like: `sha512: 9f923361887ac4b1455bc5ae51c06f2457c6d(continued...)`. You can use [hash functions](https://open.oregonstate.education/defenddissent/chapter/cryptographic-hash/) like sha512 to create fingerprints. Essentially, this mathematical operation converts the 0s and 1s of the file into a unique "fingerprint". If a single 1 or 0 is changed, a completely different fingerprint will result, and it is often important to know whether a file has changed, such as when downloading the image file for an operating system. Fingerprints are often used in cryptography (e.g., in certificates or to verify [public keys](/glossary/#public-key-cryptography) in general). [GtkHash](https://tails.boum.org/doc/encryption_and_privacy/checksums/index.en.html) is a program that allows you to calculate checksums without needing to use a command line interface.
### Command Line Interface (CLI)
The 'command line' is an all-text alternative to using the graphical 'point and click' tool that most of us are more familiar with; the Command Line Interface (CLI) allows us to do some things that a Graphical User Interface (GUI) does not. Oftentimes, either a GUI or CLI would work and which you use is a matter of preference. For example, in [Tails](#tails), you can verify the [checksum](/glossary/#checksums-fingerprints) of a file with a GUI (the GtkHash program) or a CLI command (`sha256sum`).
The 'command line' is an all-text alternative to using the graphical 'point and click' tool that most of us are more familiar with; the Command Line Interface (CLI) allows us to do some things that a Graphical User Interface (GUI) does not. Oftentimes, either a GUI or CLI would work and which you use is a matter of preference. For example, in [Tails](/glossary/#tails), you can verify the [checksum](/glossary/#checksums-fingerprints) of a file with a GUI (the GtkHash program) or a CLI command (`sha256sum`).
[Tech Learning Collective's "Foundations: Command Line Basics" course](https://techlearningcollective.com/foundations/#foundations-command-line-basics) is our recommended introduction to CLI/terminal use.
### CVE
CVE stands for “Common Vulnerabilities and Exposures”. It is a globally unique identifier for [security vulnerabilities](#vulnerability) in software. Identifiers look like “CVE-YEAR-NUMBER.” The year included in the identifier is the year when the CVE ID was assigned, not the year when the vulnerability became publicly known.
CVE stands for “Common Vulnerabilities and Exposures”. It is a globally unique identifier for [security vulnerabilities](/glossary/#vulnerability) in software. Identifiers look like “CVE-YEAR-NUMBER.” The year included in the identifier is the year when the CVE ID was assigned, not the year when the vulnerability became publicly known.
### DDoS Attack
@ -39,7 +39,7 @@ A DDoS attack (Distributed Denial of Service attack) tries to overload or crash
### Digital Signatures
Digital signatures are based on [public-key cryptography](#public-key-cryptography). A private key is used to digitally sign data, while the corresponding public key is used by third parties to validate the signature. Before a public key is used to verify a signature, its authenticity should be verified.
Digital signatures are based on [public-key cryptography](/glossary/#public-key-cryptography). A private key is used to digitally sign data, while the corresponding public key is used by third parties to validate the signature. Before a public key is used to verify a signature, its authenticity should be verified.
To learn more, [check out this video](https://invidious.sethforprivacy.com/watch?v=s22eJ1eVLTU&listen=false). For a more detailed look, see [Defend Dissent: Authenticity through Cryptographic Signing](https://open.oregonstate.education/defenddissent/chapter/cryptographic-signing/) or our [GPG explanation](/posts/linux/#gpg-explanation).
@ -55,25 +55,25 @@ For more info, see [symmetric cryptography](/glossary/#symmetric-cryptography),
### End-to-end encryption (e2ee)
The data is [encrypted](#encryption) while in transit from one device to another - endpoint to endpoint, and cannot be decrypted by any intermediaries. It can only be decrypted by the endpoints. This is distinct from encryption at rest, like in [Full Disk Encryption](#full-disk-encryption-fde), where the data stored on your device is encrypted once the device is turned off. Both are important!
The data is [encrypted](/glossary/#encryption) while in transit from one device to another - endpoint to endpoint, and cannot be decrypted by any intermediaries. It can only be decrypted by the endpoints. This is distinct from encryption at rest, like in [Full Disk Encryption](/glossary/#full-disk-encryption-fde), where the data stored on your device is encrypted once the device is turned off. Both are important!
For more info, check out [Encrypted Messaging for Anarchists](/posts/e2ee), and [Defend Dissent: Protecting Your Communications](https://open.oregonstate.education/defenddissent/chapter/protecting-your-communications/).
### Exploit
An exploit is designed to exploit a [vulnerability](#vulnerability). Even worse (or better, depending on if you are the attacker or attacked) are [zero-day exploits](#zero-day-exploit).
An exploit is designed to exploit a [vulnerability](/glossary/#vulnerability). Even worse (or better, depending on if you are the attacker or attacked) are [zero-day exploits](/glossary/#zero-day-exploit).
### Forward secrecy
Forward secrecy (FS, also known as “Perfect Forward Secrecy”) combines a system of long-term keys and session keys to protect encrypted communications against key compromise in the future. An attacker who can record every encrypted message ([man-in-the-middle](#man-in-the-middle-attack)) wont be able to decrypt these messages when keys are compromised in the future. Modern encryption protocols like [TLS](#https) 1.3 and the Signal Protocol offer FS. To learn more, see [Anonymous Planet](https://anonymousplanet.org/guide.html#forward-secrecy).
Forward secrecy (FS, also known as “Perfect Forward Secrecy”) combines a system of long-term keys and session keys to protect encrypted communications against key compromise in the future. An attacker who can record every encrypted message ([man-in-the-middle](/glossary/#man-in-the-middle-attack)) wont be able to decrypt these messages when keys are compromised in the future. Modern encryption protocols like [TLS](/glossary/#https) 1.3 and the Signal Protocol offer FS. To learn more, see [Anonymous Planet](https://anonymousplanet.org/guide.html#forward-secrecy).
### Full Disk Encryption (FDE)
FDE means that the entire storage medium is [encrypted](#encryption) until a password is provided when the device is turned on. Not all FDE is created equal. For example, the quality of how FDE is implemented on a phone isnt only tied to your operating system, but also to your hardware (the model of your phone). FDE uses [symmetric cryptography](/glossary/#symmetric-cryptography), and, on Linux, it typically uses the [LUKS specification](/glossary/#luks).
FDE means that the entire storage medium is [encrypted](/glossary/#encryption) until a password is provided when the device is turned on. Not all FDE is created equal. For example, the quality of how FDE is implemented on a phone isnt only tied to your operating system, but also to your hardware (the model of your phone). FDE uses [symmetric cryptography](/glossary/#symmetric-cryptography), and, on Linux, it typically uses the [LUKS specification](/glossary/#luks).
### GnuPG / OpenPGP
GnuPG (GPG) is a program that implements the OpenPGP (Pretty Good Privacy) standard. GPG provides cryptographic functions to encrypt, decrypt, and sign text and files. It is a classic example of [public-key cryptography](#public-key-cryptography). When used in tandem with email, [metadata](#metadata) (like email addresses) remains unencrypted. It does not provide [Forward Secrecy](#forward-secrecy).
GnuPG (GPG) is a program that implements the OpenPGP (Pretty Good Privacy) standard. GPG provides cryptographic functions to encrypt, decrypt, and sign text and files. It is a classic example of [public-key cryptography](/glossary/#public-key-cryptography). When used in tandem with email, [metadata](/glossary/#metadata) (like email addresses) remains unencrypted. It does not provide [Forward Secrecy](/glossary/#forward-secrecy).
For more info, check out [this primer](https://github.com/AnarchoTechNYC/meta/wiki/Pretty-Good-Privacy-%28PGP%29). We do not recommend it for encrypted communications, [here's why](/posts/e2ee/#pgp-email).
@ -83,17 +83,17 @@ Hardening is a generic term for the process of securing systems against attacks.
### HTTPS
The 'S' in HTTPS stands for 'secure'; this means your Internet connection is encrypted using the [Transport Layer Security (TLS)](https://invidious.sethforprivacy.com/watch?v=0TLDTodL7Lc&listen=false) protocol. This involves the website generating a certificate with [public-key cryptography](#public-key-cryptography) that can be used to verify its authenticity - that you are in fact connecting to the web server that you intend to, and that this connection is encrypted.
The 'S' in HTTPS stands for 'secure'; this means your Internet connection is encrypted using the [Transport Layer Security (TLS)](https://invidious.sethforprivacy.com/watch?v=0TLDTodL7Lc&listen=false) protocol. This involves the website generating a certificate with [public-key cryptography](/glossary/#public-key-cryptography) that can be used to verify its authenticity - that you are in fact connecting to the web server that you intend to, and that this connection is encrypted.
For more info, check out [our explanation](/posts/tails/#tor) or [Defend Dissent: Protecting Your Communications](https://open.oregonstate.education/defenddissent/chapter/protecting-your-communications/).
### Linux
Linux is an [open-source](#open-source) 'kernel' upon which operating systems are built. Unlike Windows or macOS, there are many flavours of Linux operating systems. For example, Ubuntu, Kali, and Tails are based on Debian. Manjaro is based on Arch. For more info, see [Linux Essentials](/posts/linux).
Linux is an [open-source](/glossary/#open-source) 'kernel' upon which operating systems are built. Unlike Windows or macOS, there are many flavours of Linux operating systems. For example, Ubuntu, Kali, and Tails are based on Debian. Manjaro is based on Arch. For more info, see [Linux Essentials](/posts/linux).
### LUKS
The [Linux Unified Key Setup (LUKS)](https://gitlab.com/cryptsetup/cryptsetup) is a platform-independent specification for hard disk encryption. It is the standard used in [Tails](#tails), [Qubes OS](#qubes-os), Ubuntu, etc.
The [Linux Unified Key Setup (LUKS)](https://gitlab.com/cryptsetup/cryptsetup) is a platform-independent specification for hard disk encryption. It is the standard used in [Tails](/glossary/#tails), [Qubes OS](/glossary/#qubes-os), Ubuntu, etc.
### Malware
@ -121,7 +121,7 @@ The system software that runs your device, before all other software. Some commo
### Passphrase
A passphrase is similar to a [password](#password); however, it consists of words instead of characters.
A passphrase is similar to a [password](/glossary/#password); however, it consists of words instead of characters.
### Password
@ -131,11 +131,11 @@ For more info, check out [Defend Dissent: Passwords](https://open.oregonstate.ed
### Phishing
Phishing is a [social engineering](/glossary/#social-engineering) technique. Attackers send SMS messages, emails, chat messages, etc., to their victims in order to get their personal data. After that, attackers can try to impersonate their victims. It can also be used to make the victim download [malware](#malware) onto a system, which can be used as a starting point for hacking it. [Spear phishing](/glossary/#spear-phishing) is a more sophisticated phishing technique. For more info, see the [Kicksecure documentation](https://www.kicksecure.com/wiki/Social_Engineering).
Phishing is a [social engineering](/glossary/#social-engineering) technique. Attackers send SMS messages, emails, chat messages, etc., to their victims in order to get their personal data. After that, attackers can try to impersonate their victims. It can also be used to make the victim download [malware](/glossary/#malware) onto a system, which can be used as a starting point for hacking it. [Spear phishing](/glossary/#spear-phishing) is a more sophisticated phishing technique. For more info, see the [Kicksecure documentation](https://www.kicksecure.com/wiki/Social_Engineering).
### Physical attacks
By a physical attack, we mean a situation in which an adversary first gains physical access to your device through loss, theft, or confiscation. For example, your phone may be confiscated while crossing a border or during an arrest. This is in contrast to a [remote attack](#remote-attacks).
By a physical attack, we mean a situation in which an adversary first gains physical access to your device through loss, theft, or confiscation. For example, your phone may be confiscated while crossing a border or during an arrest. This is in contrast to a [remote attack](/glossary/#remote-attacks).
For a more detailed look, check out [Defend Dissent: Protecting Your Devices](https://open.oregonstate.education/defenddissent/chapter/protecting-your-devices/)
@ -153,17 +153,17 @@ To learn more, check out [this video](https://invidious.sethforprivacy.com/watch
### Qubes OS
You can think of [Qubes OS](https://www.qubes-os.org/) as Linux + [virtual machines](#virtual-machine-vm). We [recommend](/recommendations) it as a daily use operating system for intermediate Linux users.
You can think of [Qubes OS](https://www.qubes-os.org/) as Linux + [virtual machines](/glossary/#virtual-machine-vm). We [recommend](/recommendations) it as a daily use operating system for intermediate Linux users.
### Remote attacks
By a remote attack, we mean that an adversary would access the data on your phone or laptop through an Internet or data connection. There are companies that design and sell the ability to infect your device (usually focusing on smartphones) with [malware](#malware) that would allow their customer (your adversary, be it a corporate or state agent) to gain remote access to some or all your information. This is in contrast to a [physical attack](#physical-attacks).
By a remote attack, we mean that an adversary would access the data on your phone or laptop through an Internet or data connection. There are companies that design and sell the ability to infect your device (usually focusing on smartphones) with [malware](/glossary/#malware) that would allow their customer (your adversary, be it a corporate or state agent) to gain remote access to some or all your information. This is in contrast to a [physical attack](/glossary/#physical-attacks).
For a more detailed look, check out [Defend Dissent: Protecting Your Devices](https://open.oregonstate.education/defenddissent/chapter/protecting-your-devices/)
### Sandboxing
Sandboxing is software-based isolation of applications to mitigate system failures or vulnerabilities. For example, if an attacker hacks an application that is 'sandboxed', they will need to escape the sandbox to hack the whole system. [Virtualization](#virtualization) is the most powerful implementation of sandboxing.
Sandboxing is software-based isolation of applications to mitigate system failures or vulnerabilities. For example, if an attacker hacks an application that is 'sandboxed', they will need to escape the sandbox to hack the whole system. [Virtualization](/glossary/#virtualization) is the most powerful implementation of sandboxing.
### Security goal
@ -187,7 +187,7 @@ Symmetric cryptography is the opposite of [public-key cryptography](/glossary/#p
### Synchronous communication
Both parties need to be online simultaneously, in contrast to [asynchronous communication](#asynchronous-communication). This does not require any servers specific to the communication and is often referred to as "peer to peer".
Both parties need to be online simultaneously, in contrast to [asynchronous communication](/glossary/#asynchronous-communication). This does not require any servers specific to the communication and is often referred to as "peer to peer".
### Tails
@ -199,7 +199,7 @@ For more info, check out [Tails for Anarchists](/posts/tails).
### Threat model
Threat modeling is a family of activities for improving security by identifying a range of adversaries, [security goals](#security-goal), and [vulnerabilities](#vulnerability), then defining countermeasures to prevent, or mitigate the effects of, threats to the system. A threat is a potential or actual undesirable event that may be malicious (such as [DDoS attack](#ddos-attack)) or incidental (such as a hard drive failure). Threat modeling is the conscious activity of identifying and assessing threats and vulnerabilities.
Threat modeling is a family of activities for improving security by identifying a range of adversaries, [security goals](/glossary/#security-goal), and [vulnerabilities](/glossary/#vulnerability), then defining countermeasures to prevent, or mitigate the effects of, threats to the system. A threat is a potential or actual undesirable event that may be malicious (such as [DDoS attack](/glossary/#ddos-attack)) or incidental (such as a hard drive failure). Threat modeling is the conscious activity of identifying and assessing threats and vulnerabilities.
For more info, see [the CSRC Threat Library](https://www.csrc.link/threat-library/), [Defend Dissent: Digital Threats to Social Movements](https://open.oregonstate.education/defenddissent/chapter/digital-threats/) and [Defending against Surveillance and Suppression](https://open.oregonstate.education/defenddissent/chapter/surveillance-and-suppression/).
@ -207,7 +207,7 @@ For more info, see [the CSRC Threat Library](https://www.csrc.link/threat-librar
[Tor](https://www.torproject.org/) (it stands for The Onion Router) is an open and distributed network that helps defend against traffic analysis. Tor protects you by bouncing your communications around a network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the operators of the sites you visit from learning your physical location.
Each website visited through the Tor network passes through 3 relays. Relays are servers operated by different people and organizations around the world. A single relay never knows both where the encrypted connection is coming from and where it is going to. An extract of a leaked Top Secret appraisal by the NSA characterized Tor as "the King of high secure, low latency Internet anonymity" with "no contenders for the throne in waiting". The Tor network can be accessed through the Tor Browser on any operating system. The operating system [Tails](#tails) forces every program to use the Tor network when accessing the Internet.
Each website visited through the Tor network passes through 3 relays. Relays are servers operated by different people and organizations around the world. A single relay never knows both where the encrypted connection is coming from and where it is going to. An extract of a leaked Top Secret appraisal by the NSA characterized Tor as "the King of high secure, low latency Internet anonymity" with "no contenders for the throne in waiting". The Tor network can be accessed through the Tor Browser on any operating system. The operating system [Tails](/glossary/#tails) forces every program to use the Tor network when accessing the Internet.
For more info, see [our description of Tor](/posts/tails/#tor) and [Privacy Guides](https://www.privacyguides.org/en/advanced/tor-overview/).
@ -217,11 +217,11 @@ Two-factor authentication (or “2FA”) is a way to let a user identify themsel
### Virtualization
Virtualization is technology that creates a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources. A [Virtual Machine](#virtual-machine-vm) leverages this technology.
Virtualization is technology that creates a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources. A [Virtual Machine](/glossary/#virtual-machine-vm) leverages this technology.
### Virtual Machine (VM)
A virtual machine is the [virtualization](#virtualization)/emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. This can provide the security benefit of [sandboxing](#sandboxing). [Qubes OS](#qubes-os) is composed of VMs that [run on the hardware directly](https://www.qubes-os.org/faq/#how-does-qubes-os-compare-to-running-vms-in-a-conventional-os) (which is referred to as "bare metal"). According to the Qubes project, "virtualization is currently the only practically viable approach to implementing strong isolation while simultaneously providing compatibility with existing applications and drivers."
A virtual machine is the [virtualization](/glossary/#virtualization)/emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. This can provide the security benefit of [sandboxing](/glossary/#sandboxing). [Qubes OS](/glossary/#qubes-os) is composed of VMs that [run on the hardware directly](https://www.qubes-os.org/faq/#how-does-qubes-os-compare-to-running-vms-in-a-conventional-os) (which is referred to as "bare metal"). According to the Qubes project, "virtualization is currently the only practically viable approach to implementing strong isolation while simultaneously providing compatibility with existing applications and drivers."
### VoIP (Voice over Internet Protocol)
@ -235,12 +235,12 @@ Put another way, it is a technology that essentially makes it appear like you em
It is important to stress this to cut through the widespread marketing hype; [a VPN is not enough to keep you anonymous](https://www.ivpn.net/privacy-guides/will-a-vpn-protect-me/). Using a VPN can be thought of as simply shifting your trust from a local Internet Service Provider guaranteed to be a snitch to a remote one that claims to put limits on their ability to effectively snitch on you.
For more info, see [Privacy Guides](https://www.privacyguides.org/en/basics/vpn-overview/), and for an excellent comparison of a VPN and [Tor](#tor-network), see [Defend Dissent: Anonymous Routing](https://open.oregonstate.education/defenddissent/chapter/anonymous-routing/).
For more info, see [Privacy Guides](https://www.privacyguides.org/en/basics/vpn-overview/), and for an excellent comparison of a VPN and [Tor](/glossary/#tor-network), see [Defend Dissent: Anonymous Routing](https://open.oregonstate.education/defenddissent/chapter/anonymous-routing/).
### Vulnerability
Commonly, vulnerabilities are [exploitable](#exploit) security flaws in software or hardware. Well-known vulnerabilities receive names like Heartbleed, Shellshock, Spectre, or Stagefright and at least one [CVE](#cve) identifier. There arent always exploits available for vulnerabilities. A well-known system to classify the severity of vulnerabilities is [CVSS](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
Commonly, vulnerabilities are [exploitable](/glossary/#exploit) security flaws in software or hardware. Well-known vulnerabilities receive names like Heartbleed, Shellshock, Spectre, or Stagefright and at least one [CVE](/glossary/#cve) identifier. There arent always exploits available for vulnerabilities. A well-known system to classify the severity of vulnerabilities is [CVSS](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
### Zero-day exploit
A zero-day [exploit](#exploit) is unknown to the public, publisher, or other parties who would typically mitigate it. As a result, it is extremely powerful and highly-valued. Governments can either develop their own zero-day exploits, or buy them from a [zero-day broker](https://www.wired.com/story/untold-history-americas-zero-day-market/).
A zero-day [exploit](/glossary/#exploit) is unknown to the public, publisher, or other parties who would typically mitigate it. As a result, it is extremely powerful and highly-valued. Governments can either develop their own zero-day exploits, or buy them from a [zero-day broker](https://www.wired.com/story/untold-history-americas-zero-day-market/).