Archive for June, 2008
Security sites and XSS
You should always practice what you preach and the giants are not doing that all… Check out xssed! Versign, McAfee and Symantec have been found to be vulnerable according to the register.
McAfee do not appear to be handling XSS very well as their ‘hacker safe’ certification does not cover all XSS according to [...]
Administrators… Trust them?
System administrators have a lot of power when it comes to access control of systems and perhaps more importantly data. There is a lot of responsibility for these key players.
Nothing more highlights what can go wrong when you upset an administrator. An ex-IT manager for the Council of Community Clinics resigned after unfavourable evaluation. Over [...]
Leaking…
Really, it doesn’t matter whether you leave, lose or have something of value stolen. It’s not good but there have been a number of stories doing the rounds including that top secret being left on a train and this local government official. Now I don’t know about actual files, if it’s top secret, you should [...]
Dos and Don’ts of Firewalling
Firewalls are usually your first line of defence and often in an n-tier environment, your second and third line too. As someone told me, you are only as secure as your weakest link. And as Anne Robinson would tell you, humans are the weakest link. Firewalls need policies in place created by you’ve guessed it [...]
Dumbest ideas in Computer Security
Here’s six of the best from Marcus Ranum
1. Default Permit
2. Enumerating Badness (should only track the good things)
3. Penetrate and Patch
4. Hacking is Cool
5. Educating Users
6. Action is Better Than Inaction
