MAC address – abbreviation for media access control address. This is a unique identifier assigned to every single digital device with a network interface controller. If a device has multiple controllers, it may have multiple (unique) addresses, one for each controller. If the identifier (mac address) is assigned by the manufacturer, part of it will include the manufacturer’s identification number. There are several format conventions in existence. The identifier is used in network (including internet) communications.
MAC spoofing – impersonating the unique identifier (MAC address) of another network interface controller. macro virus – a form of malicious software designed to operate from within files used by other (usually legitimately installed) programs. For example, a word processing or spreadsheet file can contain sets of malicious instructions, if opened these instructions will be run by the word processing or spreadsheet software. This bypasses the opportunity for anti-malware to detect any new software installation, as the macro virus is leveraging and subverting an application that is already in place.
malware – shortened version of malicious software. A term used to describe the insertion of disruptive, subversive or hostile programs onto a digital device. These types of programs can be intentional or unintentional. Intentional versions are usually disguised or embedded in a file that looks harmless. There are many types of malware; adware, botnets, computer viruses, ransomware, scareware, spyware, trojans and worms, are all examples of intentional malware. Hackers often use malware to mount cybersecurity attacks.
man-in-the-browser – a form of malware attack that modifies transactions within the web browser of the machine it is hosted on, so that covert additional transactions or transaction content can be modified without the users knowledge or consent.
man-in-the-middle – the interception and relay by a third party of selected content between two legitimate parties, for the purpose of hijacking or adjusting an electronic transaction. For example, party 1 believes they have connected to their banking home page but is actually on an emulated screen offered by the intercepting attacker. As the log-in information is provided, the attacker can set-up a separate connection to the bank (party 2) and is able to respond to any challenge made by the bank by passing the same challenge back to the user (party 1). Once authorized in the transaction system, the attacker can now make transactions that have not been sanctioned by the user, without their immediate knowledge.
man-in-the-mobile – a form of malware for mobile phones that steals information and credentials.
MASINT – measurement and signature intelligence – a technical branch of intelligence gathering, which serves to detect, track and identify or describe the signatures (distinctive characteristics) of fixed or dynamic target sources. This often includes radar, acoustic, nuclear, chemical and biological intelligence.
Masquerade attack – any attack that uses a forged identity (such as a network identity) to gain unofficial access to a personal or organisational computer. Masquerade attacks are generally performed by using either stolen passwords and logons, locating gaps in programs, or finding a way around the authentication process. Such attacks are triggered either by someone within the organisation or by an outsider if the organisation is connected to a public network.
master boot record –the first sector on any electronic device that defines what operating system should be loaded when it is initialized or re-started.
md5 hash – is a very clever algorithm that can be run against any block of data (electronic information) to produce a unique 32 character hexadecimal (numbers and letters) identifier. If even a single character or item of data in the block is changed – the hexadecimal identifier changes significantly. Only fully identical data blocks can ever create the same 32 character hexadecimal code. This allows for a wide range of security usages, for example, very large volumes of information (such as a forensically examined copy of a hard disk) can be compared to the original capture of the disk image and be shown to be completely as it was, without the need to do anything more than verify that the 32 digit hexadecimal value is the same as it was.
memory – see in-memory.
metamorphic malware – a more sophisticated form of malware that changes all key parts of its code on each installation. Polymorphic malware uses less transformation techniques than this type of (metamorphic) malware as polymorphic malware usually only changes some key parts of its profile but retains the same core virus.
Mobile Device Management (MDM) – a technology used for the security administration of mobile devices such as tablets and smart phones. Able (for example) to remotely wipe information from a mobile device and control what applications and functions are permitted to be installed or run.
moving target defense – the use of frequent changes to multiple dimensions of a digital landscapes parameters and settings, to help decrease the potential for successful attack.
Moore’s Law – created in 1965 by Gordon E. Moore. It states that over the history of computing, the processing power doubles approximately every two years.
multi-factor authentication – using more than one form of proof to confirm the identity of a person or device attempting to request access. There are usually three different categories of authentication types, (i) something you know [often a password] (ii) something you have [perhaps a security token or access card] and (iii) something you are [use of biometrics, for example fingerprint or facial recognition]. As an example, effective two-factor authentication would require that when access is being requested, proof would be required from at least two different categories.