Archiv der Kategorie: English
In einem Wort
Internet helpdesk
In einem Wort
How Effective Are Child Car Seats?
Steven Levitt, after looking at a vast amount of accident data, is convinced that child car seats are pretty useless for children of ages >2. His TED talk teaches important lessons on how we think about safety equipment.
Many thanks to reader Doppelfish for digging this video out.
Don’t worry!
50 Ways to Inject Your SQL
(direct link, found here)
Cryptography for Penetration Testers
SOX – the new security standard
Sock security has been troubling me for a long time. Endless sundays I have spent with the fight against the single sock syndrom. But those days are over. Thanks to a colleague I have discovered sockstar, the revolutionary tool to improve the lower department of your wardrobe-BCM – a simple thing that just does what it should, if you manage to integrate it into your business processes… [end of commercial] http://www.sockstar.de/
Can We Say »Don’t Worry«?
Freeman Dyson, being interviewed about his climate catastrophe skepticism, claims that some professions have trouble shrugging off issues as unimportant. He thinks there be a natural tendency to magnify threats:
»Really, just psychologically, it would be very difficult for them to come out and say, “Don’t worry, there isn’t a problem.” It’s sort of natural, since their whole life depends on it being a problem. I don’t say that they’re dishonest. But I think it’s just a normal human reaction. It’s true of the military also. They always magnify the threat. Not because they are dishonest; they really believe that there is a threat and it is their job to take care of it.«
Obviously, computer security is another candidate. Paranoia is the norm in our subculture, we love to carry a better safe than sorry attitude. To an extent this attitude is justified by experience; there are many case studies of security not being taken seriously, leading to epic fail. Yet, more security technology is not always better. Do we have tools to reasonably say: »Don’t worry,« and justify our recommendation based on facts?
Security Experts: LEAVE YOUR PASSWORDS HERE
Seen by some cctv-cameras in the backgrounds and a colleague at this year’s Infosecurity Europe in London – „Europe’s No. 1 dedicated security event“. Ah those security nerds just know no fear…
The Mathematics of War
According to Sean Gourley this is the formula of war:
P(x)=Cx-α
In this formula, P is the probability of an event, x the number of people killed in the event, and α a value representing the structure of the conflict. Here is his talk of only seven minutes:
In einem Wort
Douglas Adams: Parrots, the Universe and Everything
Psychic Spoon Bender
Writing Cyberwarfare Articles
Foreign Policy net.effect: 10 easy steps to writing the scariest cyberwarfare article ever (via 1 Raindrop)
In einem Wort
Note to self
»The idea of Shutdown Day project is simple – just shutdown your computer for one whole day of the year and involve yourself in some other activities: outdoors, nature, sports, fun stuff with friends and family – whatever, just to remind yourself that there still exists a world outside your monitor screen.«
PS:
In einem Wort
Steven Pinker: A brief history of violence
10 Essential Security Checks
A few days ago Oliver presented his 10 essential Web site checks. Except for a few very basic things I didn’t see security on his list, so here are a few essential security checks for your Web site. You will have to scale them to your needs; the Web site of your local juggling club won’t need the same level of security as an Internet business built around a Web application.
- Understand your threat profile
Understand who might be your enemy and what would be the impact on your Web site and the users of your Web site if an attack succeeds. Don’t be overly paranoid but be honest to yourself. - Use SSL
Although it has its limitations, SSL is a standard security mechanism today and there is almost no excuse for not offering it to your users. It won’t solve all your security problems but it is useful. - Have a person in charge of security
Security requires continuous attention throughout the life cycle of your site. Somebody should be responsible for security, and this person must have sufficient authority to be more than a fig leaf. - Baseline protection
Don’t forget the simple things: backup, patches, secure configuration, etc. Be aware, however, that baseline protection will not make your applications and your own code any more secure. - Build security in
If your Web site serves more than a set of static pages, you must build secure software. Security is not a box in your architecture diagram, it is a set of rules and best practices for software development. - Test early and often
Everybody makes mistakes, and so will you. Have somebody to point out those mistakes to you before the bad guys find and exploit them. Do not rely on automated scanners too much. They are useful but limited. - Be hacker-friendly
The best security testers you can get are white-hat hackers who happen to find issues on your site. Be accessible, properly credit those who helped you, and don’t sue the messenger. Don’t be too proud of not having been hacked, though. - Don’t annoy your users
The point of security measures is to make attacks hard. Their point is not to make legitimate use of the site hard. Putting unnecessary burdens upon your users will likely reduce your security—and the number of users. - Plan ahead for failures and disasters
They are out to get you and eventually they will. Know what to do if your security failed despite all your efforts. Have plans for incident handling, business continuity and disaster recovery. - Compliance is just that
Do not assume that compliance with whichever standard or regulation would be a replacement for actual security.
Homework assignment: pick one item and expand it into another list of 10.
Sicher ist sicher? 