I remember my first computer. It was a standalone system that booted directly to the Microsoft DOS prompt. There were no logins nor passwords. There were no real security measures to protect files on disk or processes in memory. Floppy disks were the primary means of transferring data between computers. Bulletin board systems were popular […]
Another case of lost backups has recently been featured on the pages of Slashdot. Let’s just hope that the “proprietary compression and encoding tools” place the strength of their cipher on a key, rather than a proprietor’s secret cipher algorithm. The article seems to suggest that third-party security consultants were unable to decipher the data […]
I read Graff and van Wyk’s Secure Coding: Principles & Practices to completion, but not because each page was more enlightening than the previous. I realized that the same themes and adages were being repeated constantly after having read half the book. Because it was pretty easy to get midway through the book, I decided […]
Sure, traffic between an SSH client and server is enciphered, but how can certainty that the correct server is directly processing client requests be enhanced. A man in the middle attack occurs when an SSH server poses as the desired host, and forwards messages between the desired host and the client. The fake SSH server […]
I do not allow people to use Telnet on servers that I manage, because usernames and passwords are transmitted over the network as clear text. As concerned about security as people are, I am surprised at peoples’ insistence on using FTP. FTP, a network protocol that also transmits password information as clear text, continues to […]