informationweek.com— A lot of "accepted wisdom" is just flat-out wrong. If you've been told that patches always fix a security hole, or that SSL is all you need to be safe, read on.
Oct 11, 2005View in Crawl 4
For a short artcile this covers some good information. Very basic, but good. Anyone who is interested in network security as a hobby or a job covers issues like this in their base paranoia. Could have been a bit longer and more in depth, but still gets a digg.
The authors reasoning about SSL is incomplete. The problem I have with blindly trusting sites using SSL is that I am less concerned with someone snooping my credit card number off the network then I am with someone getting it out of the vendors database. Data security has to take into consideration two states, data in rest and data in motion. SSL solves 1/2 the problem.
>> The authors reasoning about SSL is incomplete. The problem I have with blindly trusting sites using SSL is that I am less concerned with someone snooping my credit card number off the network then I am with someone getting it out of the vendors database.Good point. And not only that, not many people even know to look at see just where this data is going. What would you do, for example, if the so-called 'secure' transaction had two email addresses mentioned in the URL?
Why would he give his take on how to fix these myths - call 1-800-nub-secu and for only 4.99 a minute he will tell you how to be more secure.This artical is crap and a weak attempt at PR.
How to be secure:1. Install the patches. Yeah, okay, they may not fix the problem, but not patching sure as hell won't fix the problem.2. Don't give critical information to people you don't trust. If the website looks poorly made, don't give them your credit card number or information. Always check the "don't save my information" checkboxes on websites. Make your your credit card company will back you up if your info gets misused. Basically, SSL doesn't make things secure, but it might indicate that somebody has at least put a bit of thought into designing the website they want you to put your personal information into.3. Don't be totally paranoid, but don't be a fool either. Stay away from warez sitez. Don't allow software to install on your computer if you don't know what it does. Run anti-spyware and anti-virus products. Use a hardware NAT router or firewall. Don't click links in emails. Don't read spam, don't feed the trolls.4. Wireless is perfectly fine if it's configured properly. But most are not configured properly. If it's your wireless, then configure it to be secure (basically just turn on WPA-Shared Key.. any other steps are not really helpful to security). If it's not your wireless, then only use secure protocols over it like SSL or SSH or what have you.And there you go. A more useful version of the same article. :)
th3_anomolyOct 12, 2005
For a short artcile this covers some good information. Very basic, but good. Anyone who is interested in network security as a hobby or a job covers issues like this in their base paranoia. Could have been a bit longer and more in depth, but still gets a digg.
shanzerOct 12, 2005
The authors reasoning about SSL is incomplete. The problem I have with blindly trusting sites using SSL is that I am less concerned with someone snooping my credit card number off the network then I am with someone getting it out of the vendors database. Data security has to take into consideration two states, data in rest and data in motion. SSL solves 1/2 the problem.
5blocksfreeOct 12, 2005
>> The authors reasoning about SSL is incomplete. The problem I have with blindly trusting sites using SSL is that I am less concerned with someone snooping my credit card number off the network then I am with someone getting it out of the vendors database.Good point. And not only that, not many people even know to look at see just where this data is going. What would you do, for example, if the so-called 'secure' transaction had two email addresses mentioned in the URL?
twylightOct 12, 2005
Why would he give his take on how to fix these myths - call 1-800-nub-secu and for only 4.99 a minute he will tell you how to be more secure.This artical is crap and a weak attempt at PR.
ottoOct 13, 2005
How to be secure:1. Install the patches. Yeah, okay, they may not fix the problem, but not patching sure as hell won't fix the problem.2. Don't give critical information to people you don't trust. If the website looks poorly made, don't give them your credit card number or information. Always check the "don't save my information" checkboxes on websites. Make your your credit card company will back you up if your info gets misused. Basically, SSL doesn't make things secure, but it might indicate that somebody has at least put a bit of thought into designing the website they want you to put your personal information into.3. Don't be totally paranoid, but don't be a fool either. Stay away from warez sitez. Don't allow software to install on your computer if you don't know what it does. Run anti-spyware and anti-virus products. Use a hardware NAT router or firewall. Don't click links in emails. Don't read spam, don't feed the trolls.4. Wireless is perfectly fine if it's configured properly. But most are not configured properly. If it's your wireless, then configure it to be secure (basically just turn on WPA-Shared Key.. any other steps are not really helpful to security). If it's not your wireless, then only use secure protocols over it like SSL or SSH or what have you.And there you go. A more useful version of the same article. :)