Google: Friend or Foe?
Dont get me wrong, almost all of us love Google to death. It has single-handedly changed the direction of this entire industry to something that is accessible for everyone. However, while Google is the darling poster child of Wall Street and the general public, there lurks a danger of abuse. We will cover this in a bit, but first lets look at a few years ago when the World Wide Web was still a novel concept.
We had a handful of methods of finding information. They were so-called search...
5 Security Considerations When Coding
1. Input Checking
Always check user input to be sure that it is what you expected. Make sure it doesnt contain characters or other data which may be treated in a special way by your program or any programs called by your program.
This often involves checking for characters such as quotes, and checking for unusual input characters such as non-alphanumeric characters where a text string is expected. Often, these are a sign of an attack of some kind being attempted.
2.Range...
On Denial of Service Attacks
I was thinking about this attack pattern after reading about the http://www.theregister.co.uk/2006/01/18/pixel_attack/ DDoSattack on the http://www.milliondollarhomepage.com/ Million Dollar Homepage. The site's owner was asked for $50,000 in exchange for the attack being halted.
It is clear, to me at least, that steps should be taken to prevent DDoS attempts at some point in the network where the bandwidth can cope. This is, usually, before it hits the destination server. Firewall hardware...
Public-Key SSH Login
SSH is a popular system allowing a remote shell (command interpreter) to be used over a secure connection. By secure, here, I mean that the connection is encrypted, authenticated and integrity checked. The encryption prevents attackers reading the contents of the data being transmitted, the authentication allows both the client and the server to be sure that they are connected to the other, and not to some intermediate system in a man-in-the-middle attack, and the integrity checking ensures...
Secure E-Mail With Google GMail
This is something Ive set up myself, recently, to send mail through Gmail without having the unencrypted e-mail stored on their servers.To achieve this, youll need a Google GMail account, PGP or GnuPG, Mozilla Thunderbird, and the Enigmail extension.
First, set your Gmail account to allow POP3 access. This can be set in your mail settings within the web interface. The Gmail system will tell you the settings you need to make in Thunderbird in order to use this.
Next, get Thunderbird and...
Sending Passwords By Email
It amazes me how many sites allow you to register, and then send you an e-mail to your registered address containing your password in plain-text. There is never a warning stating that the site will email the password you use, for all to see.
Sending passwords by e-mail works when you forget a password. The site changes it and e-mails you the new one, which you then use to log in and change it to something else. The e-mailed password is not active for very long, and it isnt something you...
|
|