Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Security From A To Z

kdawson posted more than 7 years ago | from the P-is-for-passwords dept.

45

Haruki Soma writes, "Unearthed: An A to Z guide to security — from antivirus to zero-day. The writer includes the latest on the UK's newly updated Computer Misuse Act. She also pokes around rootkits, IM, and spyware, pens an ode to Gary McKinnon (aka the NASA hacker, in the 'E is for Extradition' entry), probes Google-induced Spear Phishing, and takes a look back at the Love Bug and Jaschan's Sasser." Security pros won't find much new here, but the rest of us might learn a thing or two.

cancel ×

45 comments

Sorry! There are no comments related to the filter you selected.

that sounds pretty simple. (4, Insightful)

User 956 (568564) | more than 7 years ago | (#16844976)

If we had only known that all along, there were only 26 things to know about with regards to Security, we wouldn't have had to hire that consultant!

Re:that sounds pretty simple. (4, Funny)

eviloverlordx (99809) | more than 7 years ago | (#16845150)

According to the consultant, 25 of 26 items are 'Hire the Consultant'.

Re:that sounds pretty simple. (1)

wiz31337 (154231) | more than 7 years ago | (#16845226)

I wish I would have had this "study guide" before I took my CISSP exam.

A= (0)

Anonymous Coward | more than 7 years ago | (#16844992)

Avoid Microsoft products at all costs!

moo (0)

Anonymous Coward | more than 7 years ago | (#16845012)

Security pros won't find much new here, but the rest of us might learn a thing or two.

what, buzzwords?

"O" should be for OpenBSD (0)

Anonymous Coward | more than 7 years ago | (#16845140)

If "M" is for Microsoft and its awful security record, then the exact opposite security model should be in there also.

But this is /. (0)

Anonymous Coward | more than 7 years ago | (#16845238)

Security pros won't find much new here, but the rest of us might learn a thing or two.
We are ALL security pros here, regardless of how many times we had an infestation on our PCs

Why Slashdot ? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16845268)

Why is this on Slashdot ?
Slow day ?

Smpamphigorey: P is for Pageviews (5, Funny)

Tackhead (54550) | more than 7 years ago | (#16845310)

A is for Adverts, and Goatse Guy's butt,
B is for Banners, what's my piece of the cut?
C is for C-Net, that page-whoring slut,
D is for Dickhead, by an ass and two nuts,
E is for Extra page views for the win,
F is for Flash, it's a whole 'nother sin,
G is for Google, do no evil (today!)
H is for Hackers, not crackers, OK?
I is for IM, "wut r u do now?"
J is for Javashit, shut it off now.
K is for Kids, 'cuz it's all for their sake,
L is for Legislators, all on the take.
M is for Microsoft, and masturbate meekly,
N is for Neologisms, which I invent weekly,
O is for Orange, with which nothing rhymes
P is for Pageviews, 26 fucking times?!
Q is for Question, WTF are you thinking?
R is for Readership, C-Net's lost a few drinking,
S is for Spammer, and spyware, and shit,
T is for Trash, Turd, and also twenty-six.
U is for Useless, the number of clicks,
V's for Vendettas on marketing pricks,
W is for Wizard, his robe and my hat,
X is for X-rated wizardly chat,
Y's what's starts "You", not the twenty-first letter,
Z is for Zero. (Shoulda wrote this poem better.)

Re:Smpamphigorey: P is for Pageviews (1)

eviloverlordx (99809) | more than 7 years ago | (#16845386)

I think you're my new hero...

Re:Smpamphigorey: P is for Pageviews (0, Offtopic)

shadowcode (852856) | more than 7 years ago | (#16845488)

Indeed! If only I still had my modpoints :/
Okay. It is off-topic. But come on, the funny outweighs the off-topicness, right?

Re:Smpamphigorey: P is for Pageviews (0)

Anonymous Coward | more than 7 years ago | (#16846646)

> Okay. It is off-topic. But come on, the funny outweighs the off-topicness, right?

How's it off-topic, he's flaming the hell out of the marketing schlub at C-net who split the article onto 27 pages :)

Re:Smpamphigorey: P is for Pageviews (0)

Anonymous Coward | more than 7 years ago | (#16845498)

> I think you're my new hero...

Ya gotta admit, it was more fun than reading an article split onto 27 pages. Woulda changed one line, though:

"T is Tom's Hardware Guide, and twenty-six" :)

Re:Smpamphigorey: P is for Pageviews (1)

D3m0n0fTh3Fall (1022795) | more than 7 years ago | (#16845458)

Your ideas intrigue me and I wish to subscribe to your newsletter.

Re:Smpamphigorey: P is for Pageviews (0)

Anonymous Coward | more than 7 years ago | (#16845502)

And H is for Happy Hour.

Re:Smpamphigorey: P is for Pageviews (1, Funny)

Anonymous Coward | more than 7 years ago | (#16845838)

Um, door hinge rhymes w/orange.

Re:Smpamphigorey: P is for Pageviews (1)

jginspace (678908) | more than 7 years ago | (#16850018)

All alone in my cubicle, all dank and cheerless I read your post and cried, this guy is peerless Among all this drivel and dupes with grammar all gone A geek that does word craft - that's number one.

Re:Smpamphigorey: P is for Pageviews (1)

jginspace (678908) | more than 7 years ago | (#16850104)

How can we thank you? For our mod points we do fumble But I upset that guy Taco and my karma did tumble I could make a new user and mod you by stealth But I'll just open this page and reply to myself

Re:Smpamphigorey: P is for Pageviews (1)

bdonalds (989355) | more than 7 years ago | (#16852068)

Reading your poems make me dizzy and achey,

Please type <br> to insert line breaky!

M... (0)

Anonymous Coward | more than 7 years ago | (#16845476)

They couldn't think of an entry for "M" unfortunately. Would you have any suggestions?

Interesting, but only half the story... (2, Interesting)

Sensor (15246) | more than 7 years ago | (#16845484)

I've been working in security for 5 years now, penetration testing, managed firewalls/IDS, BS7799 prep, etc... currently (among other bits and bobs) I run security for a UK motor insurance company.

Lots of security material is all about the tech, but really (outside of Hollywood) hacking or any form of abuse is largely about people. The tech makes it easier or harder for the people - but ultimately at some point there is still someone at a keyboard making the decision to do something.

For the last couple of years I've been doing what is essentially an MSc in traditional Criminology and it really is interesting how much of the traditional models of motivation and causation cross over into the online environment (and also how little traditional criminologists seem to understand the parrellels).

I'm actually running a survey for my dissertation at the moment looking at IT admin access to confidential information - if you'd like to take part (and be in with a chance of winning a £25 or $40 amazon voucher) take a look at:

https://msc-survey.priogenus.com/amazon.php [priogenus.com]

Re:Interesting, but only half the story... (2, Funny)

know1 (854868) | more than 7 years ago | (#16846222)

Is one of the questions on your survey "What is your root password?"?

Re:Interesting, but only half the story... (1)

Sensor (15246) | more than 7 years ago | (#16849608)

No, but if you have lost it I can put you in touch with people who could help :P

FUD Anyone? (2, Insightful)

gt_mattex (1016103) | more than 7 years ago | (#16845524)

FTA

Be afraid. Threats to corporate security are everywhere. Just when you thought your network was safe from hackers, along came wi-fi - or your iPod-wielding workforce - and opened a whole new can of worms.


Security is by its nature ever-evolving. Just as one threat is apparently locked down, another springs up to take its place - or an old one rears its head in a new form. Grappling with this malicious hydra it's no wonder the security space spawns new terms and phrases at a rate of knots - and you're supposed to keep up with them all.

I'm guessing the average reader will either be a) a techy who'll read it for kicks or b) joe shmoe who is duped (read FUD) into buying it.

Mandatory Sleepwalking Warning (1)

psema4 (966801) | more than 7 years ago | (#16845530)

Security pros won't find much new here, but the rest of us might learn a thing or two.
Several mentions today about the UK sleepwalking into extreme IT dangers. Please proceed with caution if you're a) in the UK and b) learning security.

A-Z explained (4, Funny)

Anonymous Coward | more than 7 years ago | (#16845538)

Any Linux box has basically no virus weaknesses when compared to Windows.
Buy a Mac or Linux box instead.
Change all needed Windows boxes to use open source programs like Firefox instead of the virus prone shipped programs.
DRM is not your friend.
Exclude Linux users when sending warnings about Windows viruses.
Forget about stability if using Windows servers.
Go ahead, send a "virus" to my Linux email.
Hire Linux IT people. The MS "professionals" cannot think outside buying a new box.
Insert "Windows" in front of "Virus" in any warning emails.
Join the open source club, and understand why transparency helps security.
Kick out any "Linux is to hard to learn" sys-admins.
Look out for those that say that a new box will fix it.
Make plans to use open standards and avoid lock-ins.
Never spend thousands on external software, when Linux can do it for free.
Open source software that would never be your core business, but could benefit from thousands of eyes.
Put all windows boxes behind firewalls.
Quit your job if they are migrating from Linux to Windows.
Run Linux to avoid virus problems.
Stop all unused services, in Mac, Linux or Windows.
Try OpenOffice. Viruses are not compatible with it.
Understand which blackbox systems are hard to verify.
Value employee advice.
Windows will eventually go open source to compete
XP only added fisher price colors.
Your easy way out is to migrate away from Windows.
Zune DRM is not friendly.

Re:A-Z explained (0)

Anonymous Coward | more than 7 years ago | (#16846140)

I is for internet.

can somebody call Al Gore cause my internet is slow. he can fix it, he invented it.

Re:A-Z explained (0)

Anonymous Coward | more than 7 years ago | (#16846598)

Forget about stability if using Windows servers.


Obviously you have zero experience or understanding of Windows servers. Its the same as any other OS, it just requires a skilled and knowledgeable admin to configure it stably.

Re:A-Z explained (0)

Anonymous Coward | more than 7 years ago | (#16853128)

Sorry to reply to myself, but now I realize that he was talking about Windows need to constantly reboot.

Even though some of that can be avoided, I admit that Linux is better at doing updates without reboot.

Needs saying (1)

jpetts (208163) | more than 7 years ago | (#16845818)

<Comic_Book_Guy>
  Worst...article...ever!
</Comic_Book_Guy>

Forgot the most important K or U factors (2, Insightful)

Anonymous Coward | more than 7 years ago | (#16846154)

Out of all his points the writer left out the most important factor of them all and that small detail makes the whole thing useless to me. What happened to "Knowing your system" or perhaps "Understanding the environment you're on" ?

'You' maybe the weakest link to him with regards to passwords or trickery, but if you know what you're doing you'll decrease that risk factor tremendously.

For the home user: (2, Informative)

bendodge (998616) | more than 7 years ago | (#16846376)

Here is my summary for securing relatives:

1. Get them behind a hardware firewall (Linksys router?)

2. Get them off the admin account, and if you did step 1 and 2 stop worrying about logging off.

3. Run Windows Defender 24/7 with real time protection ON.

4. Make sure Window's Automatic Updates are on.

5. Install AVG Free, with auto updates.

6. Install Spybot S&D and Adware SE, and teach them (or preferably their kid) to double click each one, click update, then scan, then remove. You could also get one of those one-click bundles floating around.

7. Run msconfig and turn all the junk off.

9. Install Firefox, maybe change the icon to IE's, and install the Qute skin (look similar to IE). Maybe show them the tabs, but don't mention that is it a different browser.

10. Check back in a couple months and tweak the strategy.


Now, unless they are big into crummy sites and downloads, they should be OK until the computer landscape changes.

Re:For the home user: (1)

weicco (645927) | more than 7 years ago | (#16850074)

"9. Install Firefox"

You mean that when you install Firefox, user is unable to download pamela_nude.exe files from internet and execute them? It doesn't really matter which browser user has if they install all that fancy stuff (like Windows themes, screensavers, MSN Messenger plugins, heck FF plugins) that comes with bunchload of malware, spyware, whatever. But your points 5 and 6 helps alot on this.

Btw. here's a nice web page http://mywebpages.comcast.net/SupportCD/FirefoxMyt hs.html [comcast.net]

Re:For the home user: (1)

compro01 (777531) | more than 7 years ago | (#16858386)

short of putting the user in a complete padded cell, any enviroment is gonna give the user enough rope to hang themselves.

Re:For the home user: (1)

xiong.chiamiov (871823) | more than 7 years ago | (#16853150)

#2&3:
You really trust MS to fix their own problems?
One of the easiest ways I've found to crash a computer is to install Windows updates as soon as they come out (which is 3 mos. after the vulnerability was discovered anyway).

#5:
I really prefer Avast! myself. More user-friendly than avg imho.

#6:
You forgot Spywareblaster [javacoolsoftware.com] . It's passive protection.

Re:For the home user: (1)

bendodge (998616) | more than 7 years ago | (#16877510)

You really trust MS to fix their own problems?
Considering that they made the OS, yes. I've never had it crash a computer that isn't running all kind of pirate junk.

I really prefer Avast! myself. More user-friendly than avg imho.
That depends on what type of user. I like AVG because you can set-and-forget. I would also be more confident with definitions from a for-profit company, and AVG is way slimmer on the resources.

You forgot Spywareblaster. It's passive protection.
Thanks for the tip.

You could also get them to pay for some.. (1)

cheros (223479) | more than 7 years ago | (#16860852)

If you take the paid-for AdAware you can automate some of the stuff they now have to manually do. In my experience, any manual operation will be omitted within weeks from taking your hands off the system..

Hacker definition (2, Informative)

Nikademus (631739) | more than 7 years ago | (#16846378)

It's quite funny some people try to write articles on security and speak of "hackers" without even knowing what it means.

HACKER (Originally, someone who makes furniture with an Ax.) n. 1. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary. 2. One who programs enthusiastically, or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating hack value (q.v.). 4. A person who is good at programming quickly. Not everything a hacker produces is a hack.

Re:Hacker definition (2, Informative)

Anonymous Coward | more than 7 years ago | (#16846476)

Don't you understand that this comes from the term 'hack writer': A writer that just churns out words quickly with no regard to their accuracy.

Re:Hacker definition (0)

Anonymous Coward | more than 7 years ago | (#16848568)

Which one does social hacking fit into? Methinks it would fit better if any technology-related terms were changed to more broad terms.

Hackers == Crackers (0)

Anonymous Coward | more than 7 years ago | (#16849690)

Computer hackers write, use and modify software to break into computer systems - often exploiting flaws in another programmer's code. The security troubles that have dogged Microsoft's Internet Explorer web browser, for instance, are caused by hackers writing pieces of code that exploit vulnerabilities in IE's code, enabling them to use the browser as a springboard to carry out a malicious action - such as hijacking a user's PC.
So now it is official. It's on the A to Z of security therefore has to be true, all the hackers have become crackers.

Re:Hackers == Crackers (0)

Anonymous Coward | more than 7 years ago | (#16849794)

just what we need, more bad publicity...
these people really need to get their facts straight.

I saw the title, (1)

nowhere.elysium (924845) | more than 7 years ago | (#16849790)

And I honestly thought this was going to be some spoof article about ROT-26, or something.

Re:Hack (1)

xiong.chiamiov (871823) | more than 7 years ago | (#16853276)

The security troubles that have dogged Microsoft's Internet Explorer web browser, for instance, are caused by hackers writing pieces of code that exploit vulnerabilities in IE's code, enabling them to use the browser as a springboard to carry out a malicious action - such as hijacking a user's PC.
Meanwhile, web designers are busy at work creating web pages that work in Internet Explorer. Since MS doesn't give a DRM about standards, the developers' beautiful code must be "hacked" to work in IE.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>