Security

Security

A mistake amateur security people always make

A small percentage of people do bad things, this is human nature, thieves existed ever since people had things that can be stolen. And today where almost every technology product is connected to the entire world via the internet a lot of those technology products need to be secured against bad people. The first thing security people typically try to do is to detect and block the bad things – this can be spam, viruses and other malware or even more sophisticated attacks. Every detection system by its very nature has two ways it can fail –...

We’ll make you so secure you can’t do anything

Html injection is a serious security problem – it’s so serious Microsoft has decided it’s better to crush a web site that may potentially be attacked (even unsuccessfully) than to let it proceed – this is like executing someone on the spot because you suspect someone else may be planning to rob him. So, what is HTML injection? Web pages are basically text with embedded formatting instructions, for example if I wand to show the word bold in a bold font the web page will contain the text <b>bold</b> where <b> is the instruction to turn bold on...

Only one piece of data is needed to completely take over your life

Scary title, isn’t it? But it’s true, the only thing an evil hacker needs in order to take over everything you ever touched over the internet is your e-mail password. Once someone has your e-mail password all he or she needs to do it go to every popular web site and click the “forgot password” link, the web site will than happily send a new password to your inbox the attacker can now read, So what can you do? First secure your e-mail password, the one single thing that makes a password secure is to make...

Be careful with configuration files

Just about every program has some configuration or preference data it needs, and this data needs to be stored somewhere, it may be in the windows registry or a file but it’s saved somewhere and it is needed for the program to function correctly. Most of this data is completely harmless and contain things like the window location on screen, other is somewhat risky like the recently used file list (do you want your employer to accidently discover you are working on your resume?) But some of this configuration data is outright dangerous – passwords and secret encryption...