Archive for May, 2009
A few weeks ago, I wrote about getting ready to attend a security competition called CANVAS: Computer and Network Vulnerability and Assessment Simulation. I was among five students in the field of Advanced Networking and Information Assurance who participated from my University, Fort Hays State University. Here’s the lowdown on what we learned at the competition.
Lessons Learned
- Just how easy an SQL Injection can be
- SQL Injections can lead to much more serious problems
- Why attack a router/firewall when the systems behind it are not secure?
- Emergency Incident Response can be stressful, but very rewarding
- Team building among geeks in time-critical environments can be interesting
In my previous post (Complex Passwords for Complex Security) I detailed the importance of complex passwords. After posting, I thought of all the passwords we have to remember, and felt like I should post an addition to it. By no means do I condone writing down passwords, but having worked in an office IT enviornment I know for a fact it happens. So instead of ignoring the problem, I thought it would be helpful to at least offer some advice to make it as secure as possible.
To continue this week’s security focus, today we’re going to talk about how to securely delete sensitive data off of old hard drives. All businesses must make it a top priority to protect their customer’s private information because in many states, the data they store becomes their liability if mishandled. There is a proper way to sanitize hard drives that significantly reduces your liability if there is a policy in place to address data destruction and the company follows it to a T.
Read the rest of this entry »
There are hundreds of ways to make your site or network more secure. These can involve expensive hardware, complicated software, and a LOT of research and time to develop and implement. What’s a low-cost way to beef up your security? Complex passwords! This is a great way for a smaller company to step up a notch in security, and its an easy way for a larger company to add one more roadblock for those malicious “black hats.”
Sign up today for our 2 for 1 offer for any shared hosting plan and get another hosting plan absolutely free, for life time!
I was at a brand new Taco Bell this afternoon with my girlfriend when I noticed an interesting problem: the new drink dispenser had four drinks per spout, with a button that selected the drink you wanted dispensed.
I’ve obviously been in a security mindset too much recently, as when I saw it, I immediately turned to my girlfriend and asked, “What happens when you press two buttons at once?”
If you are wondering what this has to do with IT or web hosting, here’s your answer: that same question is the first one that pops into the mind of someone trying to break into your systems.
Security Mindset
What happens when I do this? Does it break? If not, does it do something unintended? If so, can I make it break because of that unexpected outcome?
These are questions that need to be considered when you are designing software for the web. If you can look at a piece of software and see a possibility for unintended results, you should try to find a way to prevent those results from occurring.
All too often, unexpected input or output can cause serious damage to your systems. This is why data validation and verification is such an important tool for programmers to use wherever possible!
Did It Break?
Did the fountain dispenser break when I pushed two buttons at once? No, it actually did not dispense anything at all. But you can be sure I tried all combinations of buttons and even pressing three or all four at a time, just to see what would happen.
Whoever designed the system considered that some moron would try to press two or more at once and did a good job at preventing it from causing damage to the system!
With computers being the fulcrum of almost all business these days, many of us find ourselves spending more and more hours of the day staring at a computer screen. Regardless of the profession, staring at the computer screen for too long can be an arduous and inspiration-sapping experience. Whether you’re coding, designing, writing, or handling email, everyone gets a little bleary eyed and run down after a long stint at the keyboard.
Here’s a short list of books which everyone interested in information security/assurance should read when they have time (all links go to Amazon’s listing of that book). Beyond Fear and the two that were written, in part, by Kevin Mitnick are good to read even for those who aren’t interested in IA as a career because of their valuable insight into the human elements of security. Organizations can benefit from knowing how a hacker thinks and ways they can use humans – the weakest element of security – to get what they want.
There is an interesting read over on Slashdot today, linking to an article at ITWorld which talks about the different rituals programmers use when they are “getting in the zone.” Some things mentioned by the programmers include listening to certain types of music or going to movies the night before a rough day of work.
These superstitions are common throughout life, as they all give the mind a routine to go through when it needs to focus.
Calling all web designers! Do you do freelance work and have customers who need web hosting? You can make some easy money by signing up for the WebHostingBuzz Affiliate Program today!
What are the benefits of becoming a WebHostingBuzz Affiliate?
- Earn up to $100 per sale
- Word-class support for your clients
- Free CommissionAlert to track your commissions
Sign up today!