Remember when thumb sucking was considered an innocent activity, except that if you did it as a young child you might need braces as a teen? Today you'd need a lot more than a mouthful of metal to protect from thumb sucking.
This phrase is one of the latest in a new genre of IT terminology: Wacky Security Threat Terms. While the incidents described by such terms are indeed serious, security vendors and others have broken the rules of spelling and relied upon double entendres to develop this new collection of buzz words that succinctly refer to the latest threats, with the hope that giving the threat a memorable tag will raise awareness.
"Putting a label on something that already exists is constructive, it helps people understand it better," says Tim Cranny, senior security analyst with security vendor Senforce, which claims to have come up with the term thumb sucking, meaning stealing corporate data by transferring it to a thumb drive. "It also helps to get the message out; if [the term] is boring it doesn't do much good."
Cranny doesn't take credit for coming up with the term thumb sucking; he says a salesman with the company had the idea. "It's one of those terms where you go `Of course!'" Cranny says.
Most of these terms refer to practices that involve misuse; such as taking an innocent thumb drive and turning it into an instrument of crime by using it to steal data. Just like your thumb wasn't meant to be sucked on endlessly during your developmental years.
Security vendors aren't the only ones doing it; hackers have also come up with a number of terms to describe how they pass their time, an exhaustive list of which can be found here.
While thumb sucking is one of the most recent terms to emerge, it may not be the wackiest of all -- below are some of the more popular phrases that we have compiled into the Dictionary of Wacky Security Threat Terms, First Edition. This edition does not claim to be complete, so we invite you to add wacky terms not listed here that describe some aspect of a cybersecurity threat, and please include a definition.
Phreaking (pronounced "freeking") -- According to the New Hacker's Dictionary, this is the "art and science of cracking the phone network" or breaking the security of any communications network. Among the oldest of these terms, it mainly refers to breaking into the telephone network to make free long-distance calls.
Pharming (pronounced "farming"), a related term that describes the act of redirecting visitors from the Web site they intended to visit to a bogus one.
Slurping or Pod Slurping -- using a detachable device (usually an iPod) to steal corporate data, much like thumb sucking. This term was coined in 2005 by Abe Usher, who at the time was at Sharp Ideas consultancy. His brother bought him an iPod, and Usher quickly realized the device's potential as a security risk, he says.
Shortly after receiving the iPod Usher developed a program called slurp.exe, a proof-of-concept application that demonstrates how data can be automatically downloaded from a networked PC to an iPod.
As for the term slurping, Usher says it's a holdover from his past. "As a kid I went to 7-Eleven quite a bit..." he admits.
Snarfing or Bluesnarfing -- using a Bluetooth connection to steal data from a wireless device. Not to be confused with Bluejacking, the relatively innocent pastime of embedding a greeting into Bluetooth phonebook contact that pops up on the contact's phone.
Spamdexing -- the practice of creating Web pages simply to increase page rankings in search engines by, for example, stuffing them full of keywords. A similar phenomena are splogs, blogs that exist only to point readers to Web sites. While neither of these practices pose security threats yet, they annoy and confuse Web site and blog visitors, not unlike when spam was simply a nuisance to e-mail users but over time developed into a serious, malware-laden threat.