Editing Glossary of information security

Glossary of information Security - Information Security Terms

{{Template: Draft}}

== A ==
* Adware: 使用者端的安全威脅。Symantec::Security Response - ([http://securityresponse.symantec.com/avcenter/refa.html#adware Types of threat]:Adware, Dialers, Hack Tools, Hoax, Joke Programs, Remote Access, Spyware, Trojan Horse, Virus, Worm)

* '''ARP(Address Resolution Protocol, 位址解析通訊協定)病毒''' [http://www.microsoft.com/technet/prodtechnol/windowsserver2003/zh-cht/library/ServerHelp/7b77bb1b-5c57-408f-907f-8b474203a533.mspx?mfr=true Address Resolution Protocol (ARP)]

== C ==
* [https://owasp.org/www-community/attacks/Code_Injection Code Injection]: "a type of attack in which an attacker injects malicious code into an application and causes it to be executed, typically due to the application's lack of proper validation and filtering of external input data."

* [https://owasp.org/www-community/attacks/Command_Injection Command Injection] "an attack technique in which an attacker exploits vulnerabilities in an application to inject and execute malicious operating system commands, typically through unvalidated user input such as forms, cookies, or HTTP headers."

== D ==
* '''DoS (Denial of Service, 阻絕服務攻擊)''' / DDoS (Distributed Denial of Service, 分散式阻斷服務攻擊) 說明：產生大量封包或資料流，癱瘓網站服務。 (詳: [http://en.wikipedia.org/wiki/Denial-of-service_attack Wikipedia])

== K ==
* '''Keylogger(鍵盤記錄, Keystroke logging)''' 記錄使用者電腦的鍵盤操作 資料來源:[http://en.wikipedia.org/wiki/Keystroke_logging Keystroke logging - Wikipedia, the free encyclopedia]

== M ==
* '''MalWare (惡意軟體, 流氓軟體)''' [http://zh.wikipedia.org/wiki/%E6%B5%81%E6%B0%93%E8%BD%AF%E4%BB%B6 流氓軟體 - Wikipedia]
** [http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=zh-tw 下載詳細資料： Windows 惡意軟體移除工具]([http://www.microsoft.com/security/malwareremove/default.mspx EN])

== P ==
* ;Phishing(網站偽造, Web Forgery) [[AntiPhishing]] -  檢舉網站偽造/防制工具

== R ==
* Rootkit [http://en.wikipedia.org/wiki/Rootkit Rootkit - Wikipedia]
** 防制工具: [http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0 AVG Anti-Rootkit Free], [http://www.free-av.com/ Avira AntiVir® PersonalEdition Classic], [http://www.download.com/Panda-Anti-Rootkit/3000-8022_4-10717196.html?tag=lst-1&cdlPid=10717197 Panda Anti-Rootkit], [http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html Sophos Anti-Rootkit](需提供個人資料)

== S ==
* '''SpyWare(間諜軟體)''' 組合國際（Computer Associate）的安全顧問小組（[http://www3.ca.com/securityadvisor/ Security Advisor Team]）([http://www.my-etrust.com/alertservice/pg.aspx?f=mix RSS][http://www3.ca.com/securityadvisor/subscription/syndication.aspx])

* '''Spoofing (假冒)''' (E-mail spoofing)郵件假冒/偽造寄信者的電子郵件: 
** [https://mail.google.com/support/bin/answer.py?hl=b5&answer=7998 Gmail: 說明中心 - Gmail 會要求我提供使用者名稱和密碼嗎？]
** [https://mail.google.com/support/bin/answer.py?ctx=%67mail&hl=en&answer=8253 Gmail: Help Center - What should I do about a message that asks for personal information?]
: more on [http://en.wikipedia.org/wiki/E-mail_spoofing E-mail spoofing - Wikipedia, the free encyclopedia]

* '''惡意網站'''
** 防範工具: [http://www.siteadvisor.com/ McAfee SiteAdvisor], [http://www.trendsecure.com/portal/en-US/tools/security_tools/trendprotect TrendProtect™]

* 軟體[https://zh.wikipedia.org/zh-tw/%E4%BE%9B%E5%BA%94%E9%93%BE%E6%94%BB%E5%87%BB 供應鏈攻擊] (Supply chain attack) 針對供應鏈中防護較弱的部分進行攻擊
** 例子：[https://zh.wikipedia.org/zh-tw/XcodeGhost%E9%A3%8E%E6%B3%A2 XcodeGhost 風波]、[https://medium.com/@thegiive/ant-design-%E7%9A%84%E8%81%96%E8%AA%95%E7%AF%80%E5%BD%A9%E8%9B%8B-ef208b6fbe Ant Design 的聖誕節彩蛋. 發生了啥事?]

== 使用者端 ==
Symantec::Security Response - ([http://securityresponse.symantec.com/avcenter/refa.html#adware Types of threat]:Adware, Dialers, Hack Tools, Hoax, Joke Programs, Remote Access, Spyware, Trojan Horse, Virus, Worm)

[[Category: Glossary]]
[[Category: Security]]
[[Category: Revised with LLMs]]