Archive for the 'Security' Category

Potential HP Remote Exploit

December 8th, 2011 Posted in Security | Comments »

I remember my first computer. It was a standalone system that booted directly to the Microsoft DOS prompt. There were no logins nor passwords. There were no real security measures to protect files on disk or processes in memory. Floppy disks were the primary means of transferring data between computers. Bulletin board systems were popular […]

The Necessity of Securing Backups

April 26th, 2008 Posted in Security | Comments »

Another case of lost backups has recently been featured on the pages of Slashdot. Let’s just hope that the “proprietary compression and encoding tools” place the strength of their cipher on a key, rather than a proprietor’s secret cipher algorithm. The article seems to suggest that third-party security consultants were unable to decipher the data […]

Secure Coding: Principles & Practices

August 28th, 2007 Posted in Security, Software Engineering | Comments »

I read Graff and van Wyk’s Secure Coding: Principles & Practices to completion, but not because each page was more enlightening than the previous. I realized that the same themes and adages were being repeated constantly after having read half the book. Because it was pretty easy to get midway through the book, I decided […]

Securing SSH Connections

April 26th, 2007 Posted in IT Administration, Security | Comments »

Sure, traffic between an SSH client and server is enciphered, but how can certainty that the correct server is directly processing client requests be enhanced. A man in the middle attack occurs when an SSH server poses as the desired host, and forwards messages between the desired host and the client. The fake SSH server […]

Comments for RFC 959 – File Transfer Protocol

February 13th, 2007 Posted in IT Administration, Security | 2 Comments »

I do not allow people to use Telnet on servers that I manage, because usernames and passwords are transmitted over the network as clear text. As concerned about security as people are, I am surprised at peoples’ insistence on using FTP. FTP, a network protocol that also transmits password information as clear text, continues to […]