Glossary of Terms T-Z



Tailgating – This is where an attacker typically gains access to a building/restricted area by coming in behind an authenticated person. Often the person will look like they are trying to find their pass, or claim they left it at their desk, but they are actually trying to gain access on the back of your authentication. This is more an issue for enterprises, but can also affect consumers in more social contexts e.g. when at the gym and someone tries to gain access without paying or for nefarious purposes.

Teleworking – This is a work arrangement in which employees do not commute or travel to a central place of work, such as an office building, warehouse, or store, but instead make use of the internet (and associated technologies) to communicate with the office and do their work.

Telecommuting – Similar to teleworking, refers more specifically to work undertaken at a location that reduces commuting time. Telecommuters often maintain a traditional office and usually work from an alternative work site from 1 to 3 days a week.

Threat email / Personal Content Scam – This is where the sender claims to own some personal content involving you. The scammer will generally threaten you to disclose the-said material if you do not use the provided link to send them money them money. See also Sextortion.

TOR Browser – See also ‘TOR Network’ below. This is a Web Browser based on the FireFox browser that has been configured specifically fr privacy and routing all requests through the TOR Network.

TOR Network – This is a network provided by the TOR Project that is focused on total privacy. The US Naval Lab in the 1990’s asked themselves if there was a way to create internet connections that don’t reveal who is talking to whom, even to someone monitoring the network. Their answer was to create and deploy the first research designs and prototypes of onion routing. The goal of onion routing was to have a way to use the internet with as much privacy as possible, and the idea was to route traffic through multiple servers and encrypt it each step of the way. The Tor Project, Inc, became a US 501(c)3 nonprofit in 2006, but the idea of “onion routing” began in the mid 1990s.

Tracking – This is the collection of data regarding an individual’s identity or activity across one or more websites using a variety of techniques including tracking cookies, specially crafted URL’s, Browser Fingerprinting, redirects and hyperlink auditing. Even if such data is not believed to be personally identifiable, it’s still tracking. There are several forms of tracking, for example:

  • Cross-site tracking (tracking across multiple first party websites)
  • Stateful tracking (tracking using storage on the user’s device)
  • Covert stateful tracking (is stateful tracking which uses mechanisms that are not intended for general-purpose storage, such as HSTS or TLS)
  • Navigational tracking (tracking through information controlled by the source of a top-level navigation or a sub-resource load, transferred to the destination)
  • Fingerprinting, or stateless tracking (tracking based on the properties of the user’s behavior and computing environment, without the need for explicit client-side storage)
  • Covert tracking (includes covert stateful tracking, fingerprinting, and any other methods that are similarly hidden from user visibility and control).

Trojan Horse – Sometimes just called a Trojan. In the context of malware, this is a piece of software that looks benign, but actually is disguised malware. This malware is typically used in combination with a social engineering attack. The actual purpose of the malware has many forms, but a lot of them install a back door to critical systems that allows attackers to perform additional cyber attacks.

Two Factor Authentication (2FA) – Typically a user access a computer system by entering a username and password. Where two factor authentication is in place, the user must also provide an additional code/password/passphrase to gain access. This is typically a 6 digit code provided by SMS or by an authenticator app on your phone. This is a stringer form of security/authentication since it is provided by something you know (a username password) and something only you possess (an authenticator app on your phone). A second factor could also be a bio-metric factor, e.g. a fingerprint or iris scan. Also called Multi-Factor Authentication.


Unified Communications as a Service (UCaaS) – This is a service that offers the opportunity to integrate multiple communication methods through a single cloud provider, including enterprise messaging, telephone communication, and video conferencing. This can be integrated into call center services, such as call routing, and call centers, with additional functionality when combined with contact management software. 

User Data-gram Protocol (UDP) – Sometimes referred to as UDP/IP, this protocol was introduced in 1980 and is one of the oldest network protocols in existence. It’s a simple OSI transport layer protocol for client/server network applications, is based on Internet Protocol (IP), and is the main alternative to TCP. Traffic over this protocol cannot be encrypted.

Username – This is a piece of data used to authenticate a user to a website or software service. It is normally accompanied by a password and sometimes other factors to authenticate a user. See also Password and Two Factor Authentication.


Virus – This is a malicious program/malware that exhibits a lot of the characteristics of biological viruses, in that they can self replicate and use the host system to propagate themselves into otherwise unaffected parts of the compute systems by attaching to existing files in the system. They typically exploit vulnerabilities in existing software. They can infect host systems via many methods, including social engineering and targeted attack on unsecured systems.

Vishing – This is a social engineering attack method similar to Phishing, but this is where the attacker will contact you by phone and request you divulge confidential information.

Virtual Private Network (VPN) – This is an encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations. It is also used to enable greater privacy on public networks as well as bypass geo-locked resources (e.g. country locked broadcasted or streamed content).

VPN Provider – This is a company that provides services to provide Virtual Private Network to both consumers and business. There are often free options which are supported by advertisements and often limited in bandwidth as well as paid options that provide better bandwidth and privacy options.

Vulnerability – In this context, this relates to a bug, or error, in the coding of a computer system that allows a cyber attacker to gain access to a computer system. This will typically result in the attacker injecting some form of malware and/or attempting to gain elevated privileges so that they can act as someone who has some form of administrative access to the system. In this way they can roam the system without any restrictions, install malware and extract information (data breach) unhindered.


Water Holing – This is where a fake website is posted that you implicitly trust (e.g. Amazon), but actually is a clone of the website designed to extract personal information. The victim will feel safe in the fact that they trust this site, and often now are posted using an HTTPS secure site. See also ‘Website Cloning‘.

Web Cache – As part of the web delivery system, web pages are cached at various points along the way to speed up local delivery. Services like CDN’s (Content Delivery Networks) provide these cached web pages in locations that are closer to the delivery point, but are constantly refreshed to keep the content up to date. By accessing a website, it is likely you are not the first to access that same page and therefore accessing a cached version of the page. If you add new content to a website, you will often find that it takes a few minutes to see it in your browser due to the caching mechanism.

Web Cache Deception Attack – This is where the adversary forces initiation of a website request with the goal of having a web caching service interpret the request differently than the origin web server would. The attacker attempts to trigger the caching of content that the origin would typically not allow to be cached. Many web servers will, if given a request for a non-existent object /a/b/c/d, will use /a/b/c or /a/b (if they exist), to process the request. This is used in many dynamic applications like ticketing system. In this attack, the attacker adds to the URL of a dynamic, uncacheable page a structure that ends in a commonly cacheable filetype (.jpg, .css., et al), with a target of having it cached.

Website Cloning – There are legitimate reasons why you would want a copy of your live website, e.g. to diagnose a bug. There is software available that allows you to download the publicly available contents of a website and store it locally – a clone/copy of the website. Cyber Criminals can also clone websites with the intention of imitating the legitimate website for nefarious reasons. They will typically infect the clone with malware, post it at a similar URL/address to the target and get victims to access the site normally via some form of Phishing attack. Once the clone is accessed, and the hackers have what they want, you are typically redirected to the genuine site. See also ‘Water Holing‘.

Web Skimming is a form of internet or carding fraud whereby a payment page on a website is compromised when malware is injected onto the page via compromising a third-party script service in order to steal payment information.

Website Spoofing – This is where a fake website is built with the goal of misleading users, gaining their trust, and assuming the identity of a legitimate group or organization. The spoof website will frequently adopt the design of the target website and sometimes mimic the URL with alternate characters. A more sophisticated attack can involve the perpetrator building a ‘shadow’ version of the World Wide Web by routing all of the user’s web traffic through the attackers console. This type of attack captures all of the victims sensitive information. Another method used by domain spoofing attackers is to use a cloaked URL. By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the address of the actual website. See also Website Cloning and Domain Typo Squatting.

Whaling – This is a highly focused form of Phishing attack that is largely targeted at executives. This is similar to Spear Phishing.

White Hat Hacker – See also the definition of Hacker above. Often called a Penetration Tester, this is a hacker that is typically authorised to test the security or integrity of computer systems and responsibly disclose such vulnerabilities. They will typically use the same skills and tools as a Black Hat Hacker.

Wireless Analyzer/WiFi Analyzer – A Packet Analyzer used for intercepting traffic on wireless networks

Wiper – A wiper is a malware program designed to delete data on a computer. Unlike ransomware, which is designed to ransom your encrypted files for a payment, wipers are designed to destroy your data with no way of recovering the files. Also known as Wiperware.

Wire Tapping – This is a form of electronic eavesdropping where an attacker will install some device, or software, that allows them to listen in to conversations and/or data transmissions across electronic mediums (e.g. telephone lines, fibre optic cable, wireless/radio communications). It is a form electronic surveillance, often used by law enforcement under a court order, but is also used illegally by cyber criminals to gather information about an organisation as part of a wider cyber attack. This can provide the material needed for a Spear Phishing attack. Wire tapping is not a preferred method of gathering information, as there are other methods that are easier to exploit (e.g. the results of a data breach, or the many social media sites and search engines not withstanding dedicated hacking tools). A wire tap can also be easily detected through discovery of the actual equipment attached to the line, or through monitoring delays in transmission.

Worm – This is very similar to a virus, in that it is self replicating, but typically does not attach to existing files in the system to do so. They often use the computer network to spread their payload. They are often delivered using a social engineering attack via email or instant messaging.


XML – eXtensible Markup Language. XML (similar to HTML) uses tags to markup a document, allowing the browser to interpret the tags and display them on a page. Unlike HTML, XML language is unlimited (extensible) which allows self-defining tags and can describe the content instead of only displaying a page’s content. Using XML other languages such as RSS and MathML have been created, even tools like XSLT were created using XML.

XMPP – eXtensible Messaging and Presence Protocol, is a communications protocol for messaging systems. It is based on XML, storing and transmitting data in that format. It is used for sending and receiving instant messages, maintaining buddy lists, and broadcasting the status of one’s online presence. XMPP is an open protocol standard. Anyone can operate their own XMPP service, and use it to interact with any other XMPP service.


Tottabyte – often abbreviated as YB, this is equal to 1,208,925,819,614,629,174,706,176 (280) bits, or 1,000,000,000,000,000,000,000,000 (1024) bytes and is the largest recognized value used with storage.


Zero-Day Vulnerability – Also known as 0-day. This is a vulnerability that is not previously known to the developer of the software. As a result, hackers may exploit this vulnerability with some impunity and may be actively exploiting it in the wild before it is known to the developer, or people interesting in mitigating the flaw. Once it is known to the developer of the software, they effectively have zero-days to provide a fix.

Zero Knowledge Encryption – This is an encryption concept where the holder of the encrypted data does not have access to the decryption keys. They are owned and held by the owner of the data normally saved within a hardware device built into a PC or cell phone or a standalone device that can be plugged into a PC/cell phone via a USB key.

Zero Knowledge Proof – In cryptography, this is a method by which one party (the prover) can prove to another party (the verifier) that they know a value x, without conveying any information apart from the fact that they know the value x or any additional information. Also called Zero-Knowledge Protocol.

Zero Trust Architecture – This refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access. This is also referred to as Zero Trust or Zero Trust Network

Headline image provided by Edho Pratama on UnSplash

Create a website or blog at

Up ↑