D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Web Pages

 

Henry is quite right in his last point. The vast majority of security
breaches come from soft targets and are indirectly targeted. Somebody
will search for a site with a known vulnerability (for example a
certain version of software running that is known to be exploitable).

It is a lot rarer to find people trying to gain access to individual
accounts, without a specific method in mind. Therefore if you're
worried about the more general security of your account just following
a simple set of security practices, such as using a strong password
that isn't easy to guess and keeping your wireless connection
encrypted if you use one.

Another method you may want to look into is domain forwarding if you
are worried about your email address getting out (although you are
emailing a public mailing list here!). For around £5 you can pick up a
com, org or net domain for a year (I sell them for £5.50, UKReg offer
them for £8.89 and give you a free .uk domain of your choice) and have
it forward to your ISPs web server, masking your current domain name
from site.

Hope that helps, if you have any further questions, don't hesitate to ask.

Regards, Ross Bearman



On Sun, Aug 10, 2008 at 10:13 AM, Henry Bremridge
<henry.bremridge@xxxxxxxxx> wrote:
> On Sun, Aug 10, 2008 at 07:17:04AM +0100, peter wrote:
>> On Sat, 2008-08-09 at 22:00 +0100, Ross Bearman wrote:
>> > What security concerns do you have about (using my ISP to hold a web page)?
>> > Somebody trying to access your account?
>> >
>> Hi Ross
>>
>> I am quite happy for them to get "stuff" I have stored on my ISP, but am
>> worried that perhaps they can get further.
>>
>> Yes, like getting into my e'mail account.  I may add I do not know a lot
>> about this.
>>
>
> Break down the problem into stages
>
> - Are you worried that someone you know will break in or someone you do not know. 
> If someone does not know you then they will have to discover your email address. 
> (Every member of the LUG has your email address). This quickly moves into identity 
> theft and problems associated with that and I would have thought that was a bigger 
> problem.
>
> - Does your ISP have a separate username and password to log in? (ie your username 
> is different from your email address?).
>
> - How easy is it to guess the password and or username? Look up google on "social 
> hacking". There are various sites on choosing good passwords eg 
> https://www.grc.com/passwords.htm And how often do you change the password? Look 
> up on google on "cracking passwords"
>
> - Do you use wifi when you access your internet? When you login to read webmail, 
> do you login to your server with SSL engaged (ie https) or with http?  To read 
> email over wifi do you download your email securely or in clear? Others may have 
> more information but my understanding is that if you download email over wifi (eg 
> in Macdonalds) then anyone nearby can read your email. see  
> http://www.securityfocus.com/columnists/385
>
> - How often do you change the password? ie if it is broken when do you change it 
> to an unbroken one?
>
> - Then how secure is the ISP itself? Most I would have thought are properly 
> patched and updated. But in a quick google I can across the following link 
> http://www.ukfast.net/int-news/broadbandchoices_nearly_expose_unsecure_isp.html
>
> - Finally how likely is it that someone is going to try and break in? My 
> understanding about security is that a lot of the issues are having enough 
> security that a random cracker will try an easier target. Conversely if you are 
> worried that Government Agencies or Organised Crime are looking for *you*, then 
> you have other problems. :)
>
> These are my own thoughts. Others who are experienced may have different 
> viewpoints.
>
>
>
> --
> Henry
> Photocopies or faxes of my signature are not binding. Electronic documents 
> (including email) are binding if digitally signed and appropriately verified
> PGP Key : 0x854F8D8D
> Sun Aug 10 10:13:20 BST 2008
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iJwEAQECAAYFAkiesTgACgkQrysVpvtEeqGbXAQAkOySq82H9j4zs14XBaijs+U5
> GNkqS4zQZbWH52snOGRlZ9aJDeyXyJsPQojRdw2HdOyhIay39/C0aHvkha5/NB19
> T7vJ0r5sS8617xfr/UKjQu7Ppxk0avIz8T+eDxihrfZHB8T+iQaF4Q6fFcXJv7OG
> mq2kqCzWW4sYpO8HpRQ=
> =8WFS
> -----END PGP SIGNATURE-----
>
> --
> The Mailing List for the Devon & Cornwall LUG
> http://mailman.dclug.org.uk/listinfo/list
> FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html
>
>

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html