hacker – a person who engages in attempts to gain unauthorized access to one or more digital devices. Can be black hat (unethical) or white hat (ethical hacker) depending on the person’s intent.
hacktivism – an amalgamation of hacker and activism. Describes the act of seeking unauthorized access into any digital device or digital landscape to promote a social or political agenda. Usually the unauthorized access is used to cause destruction, disruption and/or publicity. Individuals participating in these acts are called hacktivists.
hacktivist – an amalgamation of the words hacker and activist. Describes any individual who participates in hacktivism.
Hard Copy Key – physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories.
hashing – using a mathematical function to convert any block or group of data into a fixed length value (usually shorter than the original data) that represents the original data. This fixed length value can be used for fast indexing of large files by computer programs without the need to manage the larger data block. It is also used extensively in the field of security, for example, digital forensics can use this technique to verify that the data content of a copy of any examined data is identical to the original source.
Heartbleed – was the name given to the most significant security vulnerability (software flaw that could be taken advantage of) of its time, affecting a large number (estimated at 17%) of internet servers that used openSSL cryptography. It allowed vulnerable internet servers to have private encryption keys, user cookies and passwords to be stolen. A patch to fix the flaw was released on the day the vulnerability was publicly disclosed. It was given the CVE identifier CVE2014-0160.
honey network – the collective name for a cluster of honeypots that operate together to help form part of a network intrusion detection strategy.
honeypot – an electronic device or collection of data that is designed to trap would be attackers by detecting, deflecting or otherwise counteracting their efforts. Designed to look like a real part of an enterprises attack surface, the honeypot will contain nothing of real value to the attacker but will contain tools to identify, isolate and trace any intrusion.
Host-based Intrusion Prevention Systems (HIPS) – a version of an intrusion prevention system installed directly on to the digital device it is protecting against exploitation. See also intrusion prevention system for a description of its purpose.
host-forensics – the ability to capture both static and in-memory evidence to preserve, rebuild and uncover evidence from a known or suspected attack on any digital device.
hyper text transfer protocol (HTTP) – is the standard method used to send information (files, pictures and other data) over the world wide web. HTTPS or SHTTP is the secure version of this protocol that can be used when the information requires a secure connection. It is rumored that the security for https / shttp is already or may soon be able to be broken by some organizations.
HUMINT – human intelligence – intelligence gathered by means of interpersonal contact; a category of intelligence derived from information collected and provided by human sources.