By BoLOBOOLNE payday loans

Electronic Security

Sorry for the downtime – we got hacked

Posted in Electronic Security, Geek, Hacks on March 11th, 2012 by leodirac – 2 Comments

My apologies that the blog has been down for the last few days.  Some hackers got into my PHP and inserted some malware onto the blog.  A helpful reader alerted me to the problem within hours of it happening, and I quickly turned the whole site off to prevent spreading malware.  It took me a […]

...full article

Democratizing HTTPS

Posted in Analysis, Democratization of Information, Electronic Security, Geek, Google on March 21st, 2011 by leodirac – Comments Off on Democratizing HTTPS

Dear Google, Please democratize SSL certificates.  The ability to serve HTTPS:// pages without scaring users is currently controlled by a handful of “trusted authorities” whose business is to make it difficult to secure web communications.  Google, you have the ability to disrupt this oligarchy and empower individuals to make the web safer. The web is […]

...full article

How to protect yourself from DNS hacks

Posted in Electronic Security, Geek, Hacks on July 22nd, 2008 by leodirac – 2 Comments

A couple weeks ago, Dan Kaminsky found a flaw in DNS. Without getting into details, this flaw enables a malicious attacker to fool your web browser into connecting to the wrong computer to get your web pages. So when you type into your browser, you might actually go to Joe Hacker’s site, even though your browser says in its address bar just like it should. Dan, being a “good guy”, tried to keep the details of this hack quiet for long enough for network operators to patch their systems and close the loophole. He wanted everybody running a…

...full article

Greening up the Home Office

Posted in Cloud Computing, Electronic Security, Hardware, Sustainability, Tech Industry on April 22nd, 2008 by leodirac – Comments Off on Greening up the Home Office

It was pretty late at night at my friend Miller’s birthday party last week. She had asked everybody to do something good for the world in lieu of birthday presents. The awake were discussing options as I was dozing off. I overheard somebody say “If you’ve got an old linux box that you’re using as a firewall drawing 400 watts continuously, consider spending $30 on a dedicated router.” I thought about the headless Pentium 3 box in my office closet which is running the IP Cop Linux firewall distro. I thought about the four matching ethernet cards I’d put in…

...full article

Standards for handling passwords

Posted in Electronic Security, Geek on October 19th, 2007 by leodirac – Comments Off on Standards for handling passwords

Every time we sign up for a new service on the net, we have to make a new account and pick a password to go with this account. We’re going to be stuck like this until something like OpenID becomes dominant which is going to take years. Until then we’re stuck remembering which password goes with which site, which is an age-old problem. I think very few of us actually use a unique password for every account we have. For sanity’s sake, we re-use passwords, or at least password themes. Personally, a couple of times I’ve had throw-away passwords get…

...full article

Model Security: Such a good idea

Posted in Electronic Security, Ruby on Rails, Software Engineering on May 9th, 2007 by leodirac – 2 Comments

Why it’s good to break the MVC pattern Bruce Perens hit on a really good thing when he wrote a package for Ruby on Rails called Model Security. It’s too bad the project is gathering dust. But even if you don’t use the whole thing (I haven’t been able to) there are some really valuable ideas and chunks of code in there. The idea behind Model Security is to centralize security rules in the model classes. Certain objects can only be accessed by certain users. Perens talks about multi-layered security. But in my mind the real benefit is that you…

...full article

Protecting against casual hacking: security through inconvenience

Posted in Electronic Security on January 23rd, 2007 by leodirac – 1 Comment

I’ve often heard that “security through obscurity is no security.” I don’t agree with this one bit. After all a password is only useful in that its value is obscure. DRM schemes rely on obscurity — they are only effective because the public doesn’t know where or how the secure media’s decryption keys are stored. Similarly, it actually does help to use a non-standard port number for exposing a service to the public net that you really don’t want outsiders using — it significantly reduces the number of people who will notice that the service is exposed and even think…

...full article

Upgrade Firefox or lose all your Gmail

Posted in Electronic Security, Tech Industry on December 28th, 2006 by leodirac – Comments Off on Upgrade Firefox or lose all your Gmail

Here’s the best reason I’ve heard to upgrade your browser in a long time. Apparently a number of people are finding their gmail accounts wiped clean. This is potentially linked to a known security flaw in Firefox 2.0 which was fixed in related to cross-site scripting (XSS). So upgrade your firefox, yo. I’ve heard from security experts that FF has way more problems than IE does, but it just doesn’t get attacked as much. I hate to say it, but we’re probably already living in a world where all software not only has bugs but has security bugs too….

...full article

Isolate your Continuous Integration Server!

Posted in Electronic Security, Software Engineering, System Architecture on October 20th, 2006 by leodirac – Comments Off on Isolate your Continuous Integration Server!

Here’s a little food for thought about hacking into a development system. If you wanted to gain control of somebody’s network how would you do it? Well, you’d probably try to figure out a way to get one of the computers on the inside of their firewall to run some code for you. If you could get it to run an arbitrary block of code that you wrote, then you’re probably pretty close to 0wning it. Now think about the continuous integration server in your development farm. What does it do? Whenever anybody checks in new code, it runs all…

...full article