Another major password FAIL. In fact, it’s not just the passwords, but more or less everything. Brought to you by Tesco.
http://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html
Thoughts on tech and random things I find on the web
I was born in Kiev and have been living in Los Angeles for almost 25 years. I've been in IT pretty much since I was 13 and got my first computer. My specialties lie in the area of devops and web security, although I've pretty much done everything at one time or another.
Another major password FAIL. In fact, it’s not just the passwords, but more or less everything. Brought to you by Tesco.
http://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html
LA Times ran a series last week about the explosion of population growth on Earth. A very interesting set of articles. To me, it seems unsustainable. There is no way that everyone can afford to eat meat every day and drive an SUV. The alternative appears to be billions of people living in absolute poverty.
http://www.latimes.com/news/nationworld/world/population/
Great quora post about the idiosyncrasies of English as spoken in India. When I first started working with an offshore Indian team, the phrase “please do the needful” confused the hell out of me. They also seem to use Mr. First Name a lot.
I remember looking it up at some point. There was a theory that this all stems from the time of East India Company. Apparently that’s how English was spoken at the time and after the British left, a lot of schools and textbooks remained the same. So while English evolved into the modern day version, a lot of Indians continue to learn and speak the version that was brought to them by the British a few centuries back.
Happy sysadmin day to everyone. In light of that, here is a link to a classic UNIX war story that’s about 25 years old.
http://www.ee.ryerson.ca/~elf/hack/recovery.html
I was reading an edition of PenTest Magazine (attached here for convenience). They’ve had a few decent articles in there, but one was talking specifically about securing your users. That’s an interesting topic. An attack against your company is very likely to come through the “meatware” vector. It’s often much easier then trying to find the latest 0-day or buffer overflow. Of course you have your security policies and user training, but even the security pros fall for a well crafted phishing attack. Your expectation of the extent that you’ll be able to harden and train your userbase should be limited. You need to be prepared for a breach to come through that direction.
A lot of defenses should be focused on isolating the user population from critical systems, so that when a breach does occur, the impact is limited. Of course users do need some access in order to perform their jobs and that’s where it’s critical to focus on granular access controls, specifically RBAC. You also need to have the capacity to detect and respond to any anomalies in user behavior. That’s what ultimately will allow you to contain the threat and limit it’s impact.
Recent Comments