back to The Microsoft-English Dictionary

Bug

  1. See "Issue"

Buffer Overflow

  1. Security condition present in nearly all Microsoft products caused by the improper or nonexistent limiting of input query buffers.

Bulls-Eye

  1. Often said by security staff conducting network penetration scans when observing the presence of open TCP ports 135, 137, or 139, indicating a Windows system is present.

Could Allow

  1. As Microsoft Security Bulletins read, a reported vulnerability or exploit to a Microsoft product may be a security problem ONLY when exploited by a cracker. Implies that a security problem is not a major concern until the exploit occurs. Example:
    " Authentication Error in SMTP Service Could Allow Mail Relaying" (01-037)
    In reality, the problem exists, but in Microsoft's expert judgement, the problem is not a 'problem' until exploited and makes the news. A real world example would be proclaiming that "guns kill people" (a truth, but only if if the gun is handled by a person who either loads it and pulls the trigger or uses it to club someone. By itself, the device is harmless.)

Issue

  1. A feel-good euphemism used by Microsoft referring to a security problem. (e.g., "Microsoft has discovered an issue with......")
  2. Microsoft's implied denial that a problem exists, calling it an "issue" instead of a "problem", "bug", "vulnerability" or "exploit." (In the real world, how many relationships have been broken off due to "issues" versus "problems" with the significant other?)

Known Issue

  1. feel-good euphemism used by Microsoft referring to a previously-reported problem. (See "issue")

Malformed

  1. Term used by Microsoft to describe a security problem caused by submitting false or modified information to an application, such as a typographic error may direct a user to a different website than what was intended.

Microsoft Security Bulletin

  1. Release of documentation for a previously-undocumented feature in the named Microsoft Product.

Secure Microsoft Product

  1. Any unopened, uninstalled Microsoft product, preferably still inside its shrink-wrap.
  2. A PC running Microsoft operating systems or software that is not connected to a network or has removable media (e.g., disk drives) installed...that's how Windows NT received its C2 endorsement from the NSA in the mid-1990s!

Security

  1. Something Microsoft products lack, evidenced by the frequency of reports of major products with vulnerable services enabled by default, or by releasing easily-exploited software products.
  2. A concept that is a mutually-exclusive to anything Microsoft.

Security Response Process

  1. Method Microsoft uses to react to reported security problems with its products. Runs contrary to industry-accepted standards of proactively preventing problems through secure software design and intense program quality assurance and abuse testing prior to release.

Vulnerability

  1. A reported weakness that facilitates the compromise of a software product or system.
  2. General security community term for any computer running Windows, networked or not.


Reproduced with permission from <http://www.infowarrior.org/articles/2001-04.html>. © 2001 Richard Forno. Permission granted to freely reproduce - in whole or in part for noncommercial use - with appropriate credit to author and INFOWARRIOR.ORG.

Log in or register to write something here or to contact authors.