You're a script kiddie, not an information warrior

| Comments (2) | SYSSEC
Mordaxus argues that we should stop using cutesy names for attacks on information systems:
This is the term that has set me off on the present rant. The person who just used it in a meeting I'm in said "pharming" and then screwed up his face when he perceived a blank look or three and said, "Well, pharming is a name for a number of attacks, which are all DNS spoofing attacks." I bit my tongue and did not say, "Then why didn't you say 'DNS attacks'?" and then sat down to this rant.

Pharming has both of the faults Orwell mentions. It's stale (being a back-formation from phishing) and imprecise. It's so imprecise that one can't imagine what it is just from the name. I could complain about phishing itself, but it is at least poetic and suggestive of the actual criminal activity, and that particular spelling appeared as early as 1996 in an AOL password-stealing scam. However, the word forgery was created for this very case.

I'm not fond of "phishing" or "pharming", but the ones that bug me are wardialing and friends. Wardialing is using an automatic dialer to scan for open modems. According to Wikipedia, the name comes from the use of the technique in the movie Wargames, so while it's a stupid name at least you can see where it came from. Then we got "wardriving", driving around looking for an open wireless access point, which is bad enough, but then (and I'm not making this up), warchalking, marking the area where there's an open AP. Is there any human who can the say the word "warchalking" unironically and not feel like a complete fool? And that's not all. There's also warbiking, warwalking, and warspying. I'd write more but it's late and time for me to do some warsleeping.

2 Comments

Perhaps someone should organize a wartriathlon: you might win!

Though I don't mind a catchy name if it is fairly clear, I agree it normally isn't the case. I really hate podslurping and spit.

Leave a comment