Site NavigationSearch the words
Click on any word on this site to see a definition.
hot links on TGhot links on the webhot jobsnetwork tools |
|
Some thoughts about security on the web
* Not security expert - speaking as person who uses the web: like all of you --
and a person who makes the web: like all of you.
Yes, all of you!
If you have a FaceBook or Hi5, if you use Yahoo Messenger
or Skype, ... you are making the web.
If you have Gmail or Yahoo mail you are making the web!
- Google is searching your email all the time, in order to choose ads
to show you.
Your email is their databases - for how long? forever?
- go look at your CPanel page access logs and see how many are coming
from clicking on a link in their email.
But because my life for past 15 years has been *only* making the web,
on a professional level ... maybe i have had the time to follow up on
some ideas, that might make me a little bit knowledgeable on this.
So. I have two things to say to you here.
One: how the web has changed and why "security" is important.
Two: some practical things you can do. Which will the same as what
everybody else is telling you. You just have to do them.
One: What is the web, why is it important, why "it's too hard"
* A class IX student said way back in 2002:
"Internet technology is the strongest means to propagate the Tibetan cause
throughout the world."
Unfortunately it is possible that your manager, director, boss, haven't
figured this out yet. My challenge to *you*, is to be as smart as this 15-year-old kid.
* Two questions with same answer:
why i am here 24x7 9 years
why China is spending billions of dollars [1] to block your website.[2,3]
* Internet is now a battleground - we have to wake up and realise this
> "It's too hard" - Well i have two answers to that, one as mr nice guy and
two as mister mean guy
- "it's too hard": really, it's not!
It's just new, and it can be confusing because it is new.
- confusion between this world of fun, communication, and commerce of youtube and facebook,
(where we can just relax, don't have to think or analyze)
and threats of invisible, hard-to-understand "viruses", "malware"
(where the thinking is so hard we don't even want to start!)
I'm here to tell you: they are both the same world, and it's time
to face reality and deal with it.
- "war" has changed. It used to be, the battleground was "there"
and we, the non-military, were "here". (Until they invaded "here")
Then with long-range missiles etc we started feeling more part of "there" ...
but now, the internet *is* the battleground, and there is no "here" and "there"!
> "it's too hard" : well, that's too bad.
It is not to protect you!
I don't care if your personal email gets hacked, if your facebook photos
get destroyed. That is your problem.
It is to protect your friends, your associates,
and most of all, the people inside Tibet and China who are doing the
real suffering as a result of *our* easy passwords and sloppy security.
> "it's too hard" : well, that's too bad.
If we are in the 50s and the PRC army are invading your country and
shooting your father and brothers and sisters, and someone shows you
how to fight from the mountains and jump out of airplanes and use radio equipment ...
Do you say "it's too hard"??
And how would you expect them to respond if you did?
Two: So let's get practical! What to do?
1. Number 1 number 1 number 1: SECURE PASSWORDS!
http://netsecurity.about.com/cs/generalsecurity/a/aa112103b.htm
- letters cap and lower, numbers, punctuation
- NOT the same password for every account.
- NOT your name, your girl/boy friend's name, your birth year -
unless you really want to be loved -- when you do that,
the hackers just loooove you, feel the love!
I can't say it enough. This is number 1.
Most hacking results from easy passwords.
Using the web:
http://netsecurity.about.com/od/newsandeditorial1/u/securitybasics.htm#s2
1. If you log in somewhere and it has an option for secure connection (https),
use it.
2. Don't use M$Windows. Ubuntu Linux is now very "user-friendly" ....
- If you have to use M$Windows
- Don't use MeSsIE. Use FireFox
- Don't use Yahoo Messenger, *especially* if you are communicating
with people in Tibet or China. Yahoo put people in prison CHECK
3. Keep your web browser and other apps updated.
On Ubuntu this is *really* easy - Update manager will do it for you
whenever you go online.
Making the web:
http://webdesign.about.com/od/security/Web_Security.htm
1. If you are using a CMS on your website (WordPress, Joomla)
Keep it updated. URL
2. If you are writing programs for the web (such as in PHP)
Always check and clean your input, no matter where it comes from.
http://php.about.com/od/security/Security_for_PHP_and_MySQL.htm
2. Do not send passwords in email. SMS or Skype chat.
3. Check your logs (CPanel AWstats) for high bandwidth use, ...
4. Check your site with URL to see if it has gotten cracked.
5. Again, my concern is not if a website gets destroyed.
You can build another one. The concern here is the personal information
that can be compromised ... XXX
Anywhere, everywhere:
1. Pay attention.
And use secure passwords! Different passwords for different accounts!
Number one!
OK - Now relax and have fun. You've done the best you can ...
and after all ... "it's life and life only" ...
http://www.bobdylan.com/#/songs/its-alright-ma-im-only-bleeding
----------------------------------------------------------------------------
References:
1. http://organharvestinvestigation.net/events/ZHOU_061008.htm
2. http://en.wikipedia.org/wiki/Golden_Shield_Project
3. http://en.wikipedia.org/wiki/Internet_censorship_in_the_People%27s_Republic_of_China
Info:
http://netsecurity.about.com/
http://www.tibetangeeks.com/using_tech/security/
ADD links from bookmarks.
More -
http://www.webappsec.org/ - web application Security Consortium
80/20 rule: "20% of the defects cause 80% of the problems"
http://www.webappsec.org/projects/articles/013105.shtml
Fix the basic things listed on this page, and close 80% of your security holes!
Computer security basics: http://netsecurity.about.com/od/newsandeditorial1/u/securitybasics.htm
SQL injection - http://databases.about.com/od/security/a/sql_inject_test.htm
More programming security:
http://python.about.com/od/cgiformswithpython/ss/ProgramSecurity.htm
(this is about python, but it's very good, and the principles apply to any language.)
NOTES - security talk/post - 3 april 2010
==========================
|
|
|
This site built with Open Source: html/css, php, apache, linux Page revised: 29 August 2010 Copyright © 2006 - 2012 Tibetan Geeks |
|
