H

Hackers – hackers break into computer systems. Unlike crackers, they claim that they get permission first and will publish the results of their ‘research’. Hackers have four prime motivations: (1) challenge, to solve a security puzzle and outwit an identified security set-up; (2) mischief, wanting to inflict stress or damage on an individual or organisation; (3) working around, getting around bugs or other blocks in a software system; and (4) theft, stealing money or information. Hackers like to talk about ‘white hat’ and ‘black hat’ hackers; the argument is that the ‘black hat’ hackers are malicious and destructive (i.e. ‘crackers’) while the ‘white hat’ hackers simply enjoy the challenge and are really on the side of good, offering their skills to help organisations test and defend their networks. This differentiation is convenient for hackers, who seem able to change hats as easily as they evade most network defences. The only sensible approach for any security-conscious organisation is to assume that all hackers are potentially in the wrong colour hat, however they might initially present themselves. ‘Grey hats’ is a term that is evolving to recognise the uncertain danger of so-called ‘ethical’ hackers. Nowadays, common sense suggests that a hacker is not to be trusted. See also Penetration testing.

Hacking tools – see www.insecure.org/tools.html for the current 75 most favourite tools for breaching (or assessing) the security of an organisation, a website or a communication.

Hand scanner – a hand-sized device that can be used for scanning documents for later upload to a computer.

Hard drive – the permanent data storage device built into a workstation that stores its operating system, applications and other software and provides storage for files and folders. Its size is usually expressed in gigabytes.

Heuristic – a method of detecting viruses that have not yet been formally identified (discovered and signatures defined) on the basis of their behaviour patterns.

History (in browser) – your browser keeps a record of the websites you’ve visited, as an aid to your easy return. It can also be an aid for someone who wants to know where you’ve been, particularly in an Internet café.

Hoax – an e-mail message warning of a non-existent virus (or other problem) passed on by people who themselves received it and were duped into believing it was genuine. See Virus hoax.

Homeland security – the US has a Department of Homeland Security, which is responsible for securing both the analogue and the digital borders of the US.

Honey pot – an undefended computer on the Internet that is trying to attract hackers, viruses, worms and spam, so that their characteristics can be identified and defences designed and issued.

Hot fixes – are vendor-generated software packages composed of one or more files that address an identified problem or vulnerability.

HotSpot – is a wireless Access Point which, unless it is secure (i.e. it is open), is accessible to any member of the public with a wireless-enabled PC whether or not it is intended for public use. If the HotSpot is secure, then the user will need to know its WEP or WPA key to connect to it. See WEP and WPA.

HRA – see Human Rights Act.

HTML – Hyper Text Markup Language is a computer language widely used to format web pages and e-mail and which is often also used for spam.

HTTP – Hypertext Transfer Protocol is the protocol for moving hypertext files across the Internet. It is the standard language that computers use to communicate across the Web.

HTTPS – this is a secure version of HTTP, using SSL. See Secure Sockets Layer.

Human Rights Act 2000 (HRA) – incorporates into UK law the principles of the European Convention for the Protection of Human Rights and Fundamental Freedoms. An employee could use HRA to argue in a Court or Tribunal that the employer monitoring or tapping the employee’s work telephone or e-mail or Internet activity, was a breach of her/his rights under the Convention.

HVAC – Heating, Ventilation and Air-Conditioning – handling HVAC correctly is one of the important environmental controls for information technology hardware.