Style question: "war dial" vs. "wardial" vs. "war-dial"

[Rachael Lininger]

I need to write a report on war dialing and I'm not sure what to call it.

War dialing (however you spell it) is the ritual of calling all the phone numbers in an exchange to see which answer with a modem. It's good for either cracking into a network or for seeing if your network is properly defended -- random modems are usually much easier to get into than a company's firewall.

Google has about 1100 hits for "war dial"/"war-dial" and 800 hits for "wardial." Unfortunately, however, some pages use different spellings for the same form of the word. There doesn't appear to be a clear progression, either -- it's not like some people are using "to war dial" vs. "the wardial project." Though I've seen that, too. I kind of prefer this use (it follows "to log in" vs. "login screen"), but I suspect this may be weirdly nitpicky.

The @stake briefing uses "wardial" exclusively, but the references in its bibliography again use both. I don't have my Sun style guide yet -- still waiting for the corporate credit card to come through so I can order it -- and I doubt that would be in it, anyway.

Is there a standard usage, or should I just pick one?

Is there a style guide with information security terms?

Rachael

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

NEW MACROMEDIA ROBOHELP X5 - New features include
content management, multi-author support, distributed workforce support,
XML and PDF support, and more! View demo: http://www.ehelp.com/techwr-15

Purchase ComponentOne Doc-To-Help 7 Professional by March 15 and receive $300
off the regular price (Code: DTHList0304). This version includes 5 new features, plus a yearly subscription service. http://www.componentone.com/d2hlist

---
You are currently subscribed to techwr-l as:
tech...@gts.org
To unsubscribe send a blank email to leave-tech...@lists.raycomm.com
Send administrative questions to ej...@raycomm.com. Visit
http://www.raycomm.com/techwhirl/ for more resources and info.

[Lippincott, Rick]

Rachel asked:

|Is there a standard usage, or should I just pick one?
|Is there a style guide with information security terms?

This is the first I've heard of the term, and I've been wrong before
(just ask anyone on the list), but I'm not sure that you'll find it in a
style guide of security terms (if one exists). I'm guessing that the
term is derived from the 1983 John Badham movie "WarGames." I think
that's when a large segment of the public was introduced to the concept
for the first time. Matthew Broderick's character was shown doing it
early in the movie, that's how his system ended up connecting to the
government's war planning computer and nearly starting a world war.

The movie title was one word, no hyphen, if that helps...

--Rick Lippincott
Billerica, MA

[Simon North]

Rachael,

As you noticed, there isn't really a "standard" use, but a fairly
authoritative description can be
found on the IBM developers site, if you can get access to it.

War dialers are software packages, so there isn't really an active
agent involved. You could be called a "war dialing hacker", and you
could "use a war dialer" but I would suggest you avoid using it as a
verb altogether.

Simon

Simon North
Technical Writer
Quintiq Application Software BV
_________________________________
Goudsbloemvallei 12-28
5237 MJ 's HERTOGENBOSCH
P.O. BOX 264
5201 AG 's HERTOGENBOSCH
The Netherlands
Tel: +31(0)73 691 07 39
Fax: +31(0)73 691 07 54
www.quintiq.com
simon...@quintiq.com
_________________________________

[Jason Willebeek-LeMair]

RFC 2828 Internet Security Glossary

war dialer

Newton's Telecom Dictionary agrees.

I would go with two words.

[Bill Greve]

I think this is one of those words whose usage is morphing. You'll be
able to find authoritative sources for either. So as usually the case,
pick one and be consistent. "War dial" is probably more book correct;
however, if I had to guess, I'd suggest that "wardial" will become more
popular than "war dial." One, owing to its roots in "Wargame;" and two,
the popularity of warchalking and wardriving (which are less frequently
written as "war chalk" and "war drive.")

Slightly related, this link is a discussion about turning WAR into an
acronym (for chalk and drive) because of bad press related to
warchalking: http://www.warchalking.org/story/2002/10/23/234927/25

Is there a standard usage, or should I just pick one?

Is there a style guide with information security terms?

Rachael

[lyndse...@docsymmetry.com]

Rachael Lininger writes:

|
| I need to write a report on war dialing and I'm not sure what to call it.

The trouble with "wardial" is that it looks as though it ought to rhyme with
cordial. I would go with "war dial", and use the hyphenated version only
when it's acting as an adjective.
~~~~~~~~~~~~~~~~~~~~~
Lyndsey Amott
www.docsymmetry.com
Winnipeg, MB R3G 2J3

[Andrew Plato]

"Rachael Lininger" wrote ...

|
| I need to write a report on war dialing and I'm not sure what to call it.
|

| War dialing (however you spell it) is the ritual of calling all
| the phone numbers in an exchange to see which answer with a modem. It's good
| for either cracking into a network or for seeing if your network is properly
| defended -- random modems are usually much easier to get into than a
| company's firewall.

Actually, that's not true. Most company's firewalls are very easy to get
through. They're also easier to brute-force attack. Modems on the other hand
are harder to find and take much longer to brute-force attack. Firewalls are
therefore a considerably more important aspect of an organization's security as
they experience more security incidents then modem pools. Wardialing, while
interesting, rarely yields results.

10-15 years ago, wardialing was more useful because organizations didn't have
Internet connections or had very lightly used connections. Dialup was the only
way into a network. Today, dial-up modem banks are being rapidly decommissioned
in favor of VPN connectivity. And dial-up access is easier to secure. Just
unplug the modem and you're done.

That isn't to say wardialing isn't useful. As part of a comprhensive security
assessment, its a valuable test. But, wardialing in a vacuum rarely tells you
much about the security (or insecurity) of a network.

As for style, it doesn't matter which you use, just be consistent. But, you
might want to revise your report based on current trends.

Andrew Plato

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/

[Paul Goble]

As usage becomes more common, compound words often progress from two
separate words, to a hyphenated word, to a single word. If the term
"war dial" was becoming more common, I might lean toward "war-dial"
to future-proof my writing. But, in my opinion, war dialing will soon
be a thing of the past, not a future trend.* So the evolution from
"war dial" to "war-dial" to "wardial" is probably arrested at
the "war dial" stage.

War dialing's wireless sibling, war driving, on the other hand, has
already matured to "wardriving".

* Modems? Connected to the same PC as a network? Not too common
anymore (he writes as he braces for an onslaught of "but I'm
sitting in front of one right now" messages). Google finds a bunch of
phrases like "war dialing was" and "the old days of war dialing".
Just a few pages are countering with "war dialing is still".

Paul

[Isaac Rabinovitch]

Rachael Lininger wrote:

| I need to write a report on war dialing and I'm not sure what to call it.
|

| ...

| Is there a standard usage, or should I just pick one?
|

Authorities differ on "standard" usage for "formal" English, never mind slang words like
"war dialing". For what it's worth the word comes from a movie titled "WarGames". That's
right, no space, capital G -- obviously chosen to *not* look "correct"!

I suggest picking a usage that suits you (mine would be two words, capitalized, no
hyphen). If your readers are sticky about "correct" usage, add a footnote about the word's
origins and informal history. Better yet, use descriptive language instead of hacker
jargon: it's a brute-force exhaustive number search. Or you can say "dictionary attack"
which is a little confusing (the term originally referred to a specific kind of password
cracking, but now refers to any kind of exhaustive attack), but more descriptive than "war
dialing". You'll want to mention that this kind of attack is often called "war dialing",
but it doesn't have to be your "official" term.

If my fixation with anti-correctness seems a bit much, take a look at the last two
syllables in my last name. "-ovitch" is a *very* common name ending in Slavic languages
(roughly equivalent to English "-son"), so you'd think there'd be a standard way to spell
it. Well, there is in Russian, but there are different notions as to the "correct" way to
map Cyrillic into Latin characters. In this case the vowels are not a problem, but there
are two consonants that cause grief. The first one is pronounced like an English V, but
it's also like a German W, and a lot of authorities insist that you *have* to use German
orthography when Latinizing Cyrillic, The second consonant is even worse: it looks like an
upside-down "h", and has no exact equivalent in English *or* German.

My grandfather Latinized his name as "Rabinovich", but my father decided that
"Rabinovitch" made more sense. Often when I submit my name somewhere it gets "corrected"
to "Rabinowitz" or something similar. And just to make my life more interesting, we don't
use the most common pronunciation!

Does this all seem very trivial and offtopic? Guess again. There's a wonderful book called
"The Thread" (can't remember the author) which mentions how the author wrote a biography
of a famous Jewish-Lithuanian mathematician. Most of the people who wrote in about the
book commented, not on its contents, but to "correct" the authors Latinization of names!

Language is convention. "Correctness" just means adherence to some particular social
group's convention. There is no one correct way to use language.

[Rachael Lininger]

Andrew Plato <gillia...@yahoo.com> wrote:
|"Rachael Lininger" wrote ...

|> I need to write a report on war dialing and I'm not sure what to call it.
|>

|> War dialing (however you spell it) is the ritual of calling all
|> the phone numbers in an exchange to see which answer with a modem. It's good
|> for either cracking into a network or for seeing if your network is properly
|> defended -- random modems are usually much easier to get into than a
|> company's firewall.

|Actually, that's not true. Most company's firewalls are very easy to get
|through. They're also easier to brute-force attack. Modems on the other hand
|are harder to find and take much longer to brute-force attack. Firewalls are
|therefore a considerably more important aspect of an organization's security as
|they experience more security incidents then modem pools. Wardialing, while
|interesting, rarely yields results.

Correction noted. The context I'm used to is pretty high-security; I should
have remembered and written accordingly. For most companies, wardialing
should be really far down on the list of Secure Things to Do.

I think I will go with one word (wardialing, to wardial, etc.) because...because.
The SANS papers are split on the matter, and compound nouns tend to end up
as one word anyway.

Rachael