Security

links 3.6.11

http://www.heise.de/security/artikel/Das-verraet-Facebooks-Like-Button-1230906.html

http://www.heise.de/tp/artikel/34/34861/1.html

http://www.heise.de/tp/artikel/34/34872/1.html

http://www.heise.de/tp/artikel/34/34867/1.html


IT Security – Extreme Summary

  1. Passwords
    • for sensitive information/systems use special nonprinting characters
    • -> Num Lock, Alt key, and numeric keypad like: ªË?ª¦ (ASCII-Codes)
    • normal passwords shouldn’t be words + no. (dictionary attack)
    • mix letters and numbers, use an abbreviated version of your favorite quote or something similar
    • replace any default password on every device!
  2. Know your system
    • inspect the process list -> any unusual or unknown processes?
    • examine the list of scheduled programs: unauthorized changes or additions?
    • examine the file system and look for modifications
    • research any unusual reduction in free disk space
    • verify that all system or user accounts are currently active, and remove dormant or unknown accounts
    • verify that special accounts installed by default are configured to deny interactive or network logins
    • verify that system directories and files have proper file access permissions
    • check the system log for any strange activity (remote access from unknown origins, unusual times during the night or weekend)
    • audit the web server logs to identify any requests that access unauthorized files(attackers upload to web server and download “their” file via HTTP)
    • if using WebDAV or FrontPage, ensure that proper permissions are set to prevent unauthorized users from accessing files
    • use tripwire to recognize/notice changes in files etc.
  3. Mail
    • outgoing mails should be without any information about the network
    • -> no host names or IP addresses which an attacker may use to get a picture of the (internal) network
  4. Firewalls
    • use corporate firewall + personal firewall!
  5. Port scanning
    • use products which identify port scans + drop packets or throttle the connection
  6. Don’t forget social engineers
    • question persons you don’t know and persons behaving suspicious
    • don’t give any information to untrusted or unknown persons
    • don’t get into comfortable roles (like the “helpful” or “cooperative” person)
  7. Restrict physical access
    • check badges
    • don’t open doors for anyone who seems to have a malfunctioning chipcard
    • don’t access restricted areas with other people you don’t know (holding the door for you / you for them etc.)
  8. Always remember
    • Develop a process for patch management to ensure that all the necessary security fixes are applied in a timely manner.
    • For remote access to sensitive information or computing resources, use stronger authentication methods than are provided by static passwords.
    • Change all default passwords
    • Use a defense-in-depth model so that a single point of failure does not jeopardize security, and routinely test this model on a regular basis.
    • Establish a corporate security policy concerning the filtering of both incoming and outgoing traffic.
    • Harden all client-based systems that access sensitive information or computing resources. Let’s not forget that the persistent attacker also targets client systems to either hijack a legitimate connection or to exploit a trusted relationship between the client system and the corporate network.
    • Use intrusion-detection devices to identify suspicious traffic or attempts to exploit known vulnerabilities. Such systems may, as well, identify a malicious insider or an attacker who has already compromised the secure perimeter.
    • Enable auditing features of the operating system and critical applications. Also, ensure that the logs are preserved on a secure host that has no other services and the minimal number of user accounts.

Summary of my february findings on the internet

I am way to busy, but want to kind of “backup” all interesting stuff here. So now back to february 2010.

One nice application of the internet is randomate, webcam speed dating online. A friend of mine tried it and had to metion it. You may find interesting but also annoying and strange guys there. My nephew had fun triggering some sexual needs of men by showing his fist to the cam. Because it was very close to the webcam the “mate” on the other end thought it was a nice butt or cleavage of a beatiful woman. Please excuse my nephew, he is only 16 years old. I can understand him ;) I recommend checking randomate. After that leave a comment and tell me how it works for you. Mayby you’ll find your next ex-girlfriend there…
An other funny alternative was even mentioned in a recent south park episode. Get your webcam ready and start with chatroulette. Not only wankers there, as can be seen here: Chat Roulette Funny Piano Improv #1

Funny news: A german family was granted political asylum in the USA, because they are disagreeing with the german compulsory school attendance. This a common thing in germany and should be followed by every parent/pupil. Why not, you get educated for free and the german school system isn’t the worst. But the above mentioned parents wanted to home school their child. This is an articel of the guardian about it. More can be found on the internet.

Captain Planet on NES

I am remembering one of my childhood heroes. Yes, it is captain planet, responsible for me being “green”. Anyone else fund of captain planet and the planeteers? The memorable slogan was “recycle, reuse, reduce”, hard to think of people bearing that in mind, when they get a new cell every year. Everything is getting old very fast. The world needs to progress! Really? Okay, without it how could we keep the vastly growing population occupied working and earning money?
MobileCrunch wrote about this TV series in conjunction with Sprint, which is a carrier in the US. They want you to return your used mobiles for recycling. Sprint suddenly gets all Captain Planet on us with green movement

Apple censores app-store, 5000 apps deleted.
>5000 Apps Banned; The New Rules « Chillifresh

TweetMeme – Search and Retweet the Hottest Stories on Twitter

Windows-Lücke nach 17 Jahren gefunden [Update] Von wegen die haben das irgendwann mal alles neu entwickelt…

Wonderful World:
Royal Dutch Shell entlässt Mitarbeiter aufgrund von Profitrückgang. Dabei ist der Profit natürlich noch enorm. Die können sich halt die Taschen nicht voll genug stopfen :(
Ähnlich läuft es seit Jahren bei der Deutschen Bank. Deutsche Bank mit Rekordgewinn im ersten Quartal 2010. Und dazu ein wenig ältere Nachrichten: Ackermann auf Rekordgewinn-Kurs.


Copyright © 1996-2010 marmu's blog/notepad. All rights reserved.
Jarrah theme by Templates Next | Powered by WordPress