From Fedora Project Wiki

< FWN‎ | Beats

Line 6: Line 6:
 
Contributing Writer: [[JoshBressers]]
 
Contributing Writer: [[JoshBressers]]
  
Last week wasn't very exciting as far as security issues go.  I have nothing of interest to note.  Next week should be quite busy though.
+
=== Encryption Security ===
 +
With all the recent talk of encrypting hard drives, the cold boot method, and using proper passwords, this xkcd comic reminds us of the weakest link in all cryptography, the person with the password:
 +
http://xkcd.com/538/[1]
  
Black Hat[1] and DEFCON[2] are going on in Las Vegas. Things are expected to be very busy[3].
+
=== Running things as root is a bad idea ===
 +
While I always knew this, this article still sort of blows my mind:
 +
''Windows Security Improved By Denial Of Administrative Rights''[2]
 +
To quote the article:
 +
<pre>... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...</pre>
 +
92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter.
  
[1] http://www.blackhat.com/<br>
+
[1] http://xkcd.com/538/
[2] https://www.defcon.org/<br>
+
[2] http://www.informationweek.com/news/security/app-security/showArticle.jhtml?articleID=213001021&subSection=Enterprise+Applications
[3] http://www.networkworld.com/news/2008/073108-black-hat.html?hpg1=bn<br>
 

Revision as of 02:04, 8 February 2009

Security Week

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

Encryption Security

With all the recent talk of encrypting hard drives, the cold boot method, and using proper passwords, this xkcd comic reminds us of the weakest link in all cryptography, the person with the password: http://xkcd.com/538/[1]

Running things as root is a bad idea

While I always knew this, this article still sort of blows my mind: Windows Security Improved By Denial Of Administrative Rights[2] To quote the article:

... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...

92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter.

[1] http://xkcd.com/538/ [2] http://www.informationweek.com/news/security/app-security/showArticle.jhtml?articleID=213001021&subSection=Enterprise+Applications