From Fedora Project Wiki

Security Week

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

Encryption Security

With all the recent talk of encrypting hard drives, the cold boot method, and using proper passwords, this xkcd comic reminds us of the weakest link in all cryptography, the person with the password:[1]

Running things as root is a bad idea

While I always knew this, this article still sort of blows my mind: Windows Security Improved By Denial Of Administrative Rights[2] To quote the article:

... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...

92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter.

[1] [2]