stevedoria.net

Any sufficiently advanced technology is indistinguishable from magic.

Archive for the 'Security' Category

Security Review 2019

September 13th, 2019 Posted in Security | Comments »

Recent assignments that focus my efforts on securing web applications have motivated me to review the security of my personal websites. PHP code that I implemented 15 years ago is still used by my websites today. With the experience I gained over the years, and my current effort to acquire deep familiarization with security practices, […]

Potential HP Remote Exploit

December 8th, 2011 Posted in Security | Comments »

I remember my first computer. It was a standalone system that booted directly to the Microsoft DOS prompt. There were no logins nor passwords. There were no real security measures to protect files on disk or processes in memory. Floppy disks were the primary means of transferring data between computers. Bulletin board systems were popular […]

The Necessity of Securing Backups

April 26th, 2008 Posted in Security | Comments »

Another case of lost backups has recently been featured on the pages of Slashdot. Let’s just hope that the “proprietary compression and encoding tools” place the strength of their cipher on a key, rather than a proprietor’s secret cipher algorithm. The article seems to suggest that third-party security consultants were unable to decipher the data […]

Secure Coding: Principles & Practices

August 28th, 2007 Posted in Security, Software Engineering | Comments »

I read Graff and van Wyk’s Secure Coding: Principles & Practices to completion, but not because each page was more enlightening than the previous. I realized that the same themes and adages were being repeated constantly after having read half the book. Because it was pretty easy to get midway through the book, I decided […]

Securing SSH Connections

April 26th, 2007 Posted in IT Administration, Security | Comments »

Sure, traffic between an SSH client and server is enciphered, but how can certainty that the correct server is directly processing client requests be enhanced. A man in the middle attack occurs when an SSH server poses as the desired host, and forwards messages between the desired host and the client. The fake SSH server […]