[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sun, Aug 10, 2008 at 07:17:04AM +0100, peter wrote: > On Sat, 2008-08-09 at 22:00 +0100, Ross Bearman wrote: > > What security concerns do you have about (using my ISP to hold a web page)? > > Somebody trying to access your account? > > > Hi Ross > > I am quite happy for them to get "stuff" I have stored on my ISP, but am > worried that perhaps they can get further. > > Yes, like getting into my e'mail account. I may add I do not know a lot > about this. > Break down the problem into stages - Are you worried that someone you know will break in or someone you do not know. If someone does not know you then they will have to discover your email address. (Every member of the LUG has your email address). This quickly moves into identity theft and problems associated with that and I would have thought that was a bigger problem. - Does your ISP have a separate username and password to log in? (ie your username is different from your email address?). - How easy is it to guess the password and or username? Look up google on "social hacking". There are various sites on choosing good passwords eg https://www.grc.com/passwords.htm And how often do you change the password? Look up on google on "cracking passwords" - Do you use wifi when you access your internet? When you login to read webmail, do you login to your server with SSL engaged (ie https) or with http? To read email over wifi do you download your email securely or in clear? Others may have more information but my understanding is that if you download email over wifi (eg in Macdonalds) then anyone nearby can read your email. see http://www.securityfocus.com/columnists/385 - How often do you change the password? ie if it is broken when do you change it to an unbroken one? - Then how secure is the ISP itself? Most I would have thought are properly patched and updated. But in a quick google I can across the following link http://www.ukfast.net/int-news/broadbandchoices_nearly_expose_unsecure_isp.html - Finally how likely is it that someone is going to try and break in? My understanding about security is that a lot of the issues are having enough security that a random cracker will try an easier target. Conversely if you are worried that Government Agencies or Organised Crime are looking for *you*, then you have other problems. :) These are my own thoughts. Others who are experienced may have different viewpoints. -- Henry Photocopies or faxes of my signature are not binding. Electronic documents (including email) are binding if digitally signed and appropriately verified PGP Key : 0x854F8D8D Sun Aug 10 10:13:20 BST 2008
Attachment:
signature.asc
Description: Digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html