QotW #6: When the sysadmin leaves…
When we talk about security of systems, a lot of focus and attention goes on the external attacker. In fact, we often think of “attacker” as some form of abstract concept, usually “some guy just out...
View ArticleQotW #29: Risks of giving developers admin rights to their own PCs
Carolinegordon asked Question of the Week number 29 to try and understand what risks are posed by giving developers admin rights to their machines, as it is something many developers expect in order to...
View ArticleQoTW #44: How to block or detect user setting up their own personal wifi AP...
Nominated by Terry Chia, this question by User15580 should be of interest to anyone managing the security of network s. The show the variety of aspects security covers in this sort of scenario: Daniel...
View ArticleQoTW #48: Difference between Privilege and Permission
Ali Ahmad asked, “What is the difference is between Privilege and Permission?“ In many cases they seem to be used interchangeably, but in an IT environment knowing the meanings can have an impact on...
View ArticleStump the Chump with Auditd 01
ServerFault user ewwhite describes a rather interesting situation regarding application distribution wherein code must be compiled in production. In short he wants to keep track of changes to a...
View ArticleA short statement on the Heartbleed problem and its impact on common Internet...
On the 7th of April 2014 a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security published information on a security issue in OpenSSL. OpenSSL is a piece...
View ArticleIs our entire password strategy flawed?
paj28 posed a question that really fits better here as a blog post: Security Stack Exchange gets a lot of questions about password strength, password best practices, attacks on passwords, and there’s...
View Article