stevedoria.net

Only time--and money--will tell.

Category Archives: Security

Personal Password Policies

September 28th, 2019 Posted in Security | Comments »

Need secure passwords that are not completely unintelligible? Devise a personal password policy: Select three or four words from a dictionary. Consider using adverbial forms, past and present tense of verbs. Consider using singular and plural forms of nouns. Avoid idioms. Pick a number. Consider inserting leading 0s. Pick a symbol: !@#$%^&*()-_=+ Assemble the above […]

Securing Dynamically Generated HTML

September 22nd, 2019 Posted in Security | Comments »

Implementing code that simply displays a user’s IP address as part of an HTML page may be considered easy. Without security considerations, it can be implemented in PHP simply with the following: echo “IP: ” . $_SERVER[‘REMOTE_ADDR’]; 2011 CWE/SANS Top 25: Monster Mitigations recommends establishing and maintaining “control over all your inputs” and “control over […]

Security Review 2019

September 13th, 2019 Posted in Security | Comments »

Recent assignments that focus my efforts on securing web applications have motivated me to review the security of my personal websites. PHP code that I implemented 15 years ago is still used by my websites today. With the experience I gained over the years, and my current effort to acquire deep familiarization with security practices, […]

Potential HP Remote Exploit

December 8th, 2011 Posted in Security | Comments »

I remember my first computer. It was a standalone system that booted directly to the Microsoft DOS prompt. There were no logins nor passwords. There were no real security measures to protect files on disk or processes in memory. Floppy disks were the primary means of transferring data between computers. Bulletin board systems were popular […]

The Necessity of Securing Backups

April 26th, 2008 Posted in Security | Comments »

Another case of lost backups has recently been featured on the pages of Slashdot. Let’s just hope that the “proprietary compression and encoding tools” place the strength of their cipher on a key, rather than a proprietor’s secret cipher algorithm. The article seems to suggest that third-party security consultants were unable to decipher the data […]