Comments on: Learning about community. And an apology http://confusedofcalcutta.com/2008/04/28/learning-about-community-and-an-apology/ a blog about information Mon, 06 Feb 2012 01:37:12 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Andrew Back http://confusedofcalcutta.com/2008/04/28/learning-about-community-and-an-apology/comment-page-1/#comment-331585 Andrew Back Thu, 01 May 2008 16:49:07 +0000 http://confusedofcalcutta.com/?p=1085#comment-331585 Computer security is one of those things that requires a holistic approach and demands you never rest on your laurels for long. If you are not setting strong passwords and changing them periodically you are checking for updates to your software and looking out for new attacks. Many do fine without taking such measures, and of these some are keen to remind me of this. But just like insurance you never need it, until you need it. In any case all this is rather obvious, but still I have to admit that despite which I have myself been caught out in the past. Of course you get operating systems that have a reputation for being more secure, such as OpenBSD and OpenVMS (without default service accounts!) But the moment you add applications you introduce attack vectors. And even with managed solutions the same can be true once you start to customise the stock configuration. You would have thought a lot of this would be sorted out by now and we could take security for granted, but if anything the situation seems to get worse. And I'm not sure what the answer to the wider problem is. In terms of your situation it might be worth installing Tripwire or some other form of intrusion detection system. So that if another attacks occurs you at least get early notification and more clues as to the attack vector employed. Computer security is one of those things that requires a holistic approach and demands you never rest on your laurels for long. If you are not setting strong passwords and changing them periodically you are checking for updates to your software and looking out for new attacks. Many do fine without taking such measures, and of these some are keen to remind me of this. But just like insurance you never need it, until you need it. In any case all this is rather obvious, but still I have to admit that despite which I have myself been caught out in the past.

Of course you get operating systems that have a reputation for being more secure, such as OpenBSD and OpenVMS (without default service accounts!) But the moment you add applications you introduce attack vectors. And even with managed solutions the same can be true once you start to customise the stock configuration.

You would have thought a lot of this would be sorted out by now and we could take security for granted, but if anything the situation seems to get worse. And I’m not sure what the answer to the wider problem is.

In terms of your situation it might be worth installing Tripwire or some other form of intrusion detection system. So that if another attacks occurs you at least get early notification and more clues as to the attack vector employed.

]]> By: Rob Paterson http://confusedofcalcutta.com/2008/04/28/learning-about-community-and-an-apology/comment-page-1/#comment-330880 Rob Paterson Wed, 30 Apr 2008 10:57:02 +0000 http://confusedofcalcutta.com/?p=1085#comment-330880 Must have been awful JP - good luck Must have been awful JP – good luck

]]> By: Benjamin http://confusedofcalcutta.com/2008/04/28/learning-about-community-and-an-apology/comment-page-1/#comment-330356 Benjamin Tue, 29 Apr 2008 18:02:39 +0000 http://confusedofcalcutta.com/?p=1085#comment-330356 Not fun! Gave me flash backs to the time I discovered Digital had left back door service accounts on all the VAX machines, which various folks had been using... Default permissions are much better than they used to be, but security is still much of an elite art - definitely not plug and play! Not fun! Gave me flash backs to the time I discovered Digital had left back door service accounts on all the VAX machines, which various folks had been using…

Default permissions are much better than they used to be, but security is still much of an elite art – definitely not plug and play!

]]> By: Jeff Nolan http://confusedofcalcutta.com/2008/04/28/learning-about-community-and-an-apology/comment-page-1/#comment-329943 Jeff Nolan Mon, 28 Apr 2008 20:57:18 +0000 http://confusedofcalcutta.com/?p=1085#comment-329943 JP, I had something similar happen to my blog a few months ago, nefarious scripts on pages that were dropped into my /images folder were causing my account to be suspended by my hosting provider. I keep a pretty good eye on things now, but am very concerned about the state of insecurity in the blogosphere. JP,
I had something similar happen to my blog a few months ago, nefarious scripts on pages that were dropped into my /images folder were causing my account to be suspended by my hosting provider. I keep a pretty good eye on things now, but am very concerned about the state of insecurity in the blogosphere.

]]>