Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security From A To Z

Posted by ryuzaki0 on from the P-is-for-passwords dept.

Haruki Soma writes, "Unearthed: An A to Z guide to security — from antivirus to zero-day. The writer includes the latest on the UK's newly updated Computer Misuse Act. She also pokes around rootkits, IM, and spyware, pens an ode to Gary McKinnon (aka the NASA hacker, in the 'E is for Extradition' entry), probes Google-induced Spear Phishing, and takes a look back at the Love Bug and Jaschan's Sasser." Security pros won't find much new here, but the rest of us might learn a thing or two.

45 comments

  1. that sounds pretty simple. by User+956 · · Score: 4, Insightful

    If we had only known that all along, there were only 26 things to know about with regards to Security, we wouldn't have had to hire that consultant!

    --
    The theory of relativity doesn't work right in Arkansas.
    1. Re:that sounds pretty simple. by eviloverlordx · · Score: 4, Funny

      According to the consultant, 25 of 26 items are 'Hire the Consultant'.

      --
      'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
    2. Re:that sounds pretty simple. by wiz31337 · · Score: 1

      I wish I would have had this "study guide" before I took my CISSP exam.

      --
      /whisper/ Thanks for the candy!
  2. A= by Anonymous Coward · · Score: 0

    Avoid Microsoft products at all costs!

  3. moo by Anonymous Coward · · Score: 0

    Security pros won't find much new here, but the rest of us might learn a thing or two.

    what, buzzwords?

  4. "O" should be for OpenBSD by Anonymous Coward · · Score: 0

    If "M" is for Microsoft and its awful security record, then the exact opposite security model should be in there also.

  5. But this is /. by Anonymous Coward · · Score: 0
    Security pros won't find much new here, but the rest of us might learn a thing or two.
    We are ALL security pros here, regardless of how many times we had an infestation on our PCs
  6. Smpamphigorey: P is for Pageviews by Tackhead · · Score: 5, Funny

    A is for Adverts, and Goatse Guy's butt,
    B is for Banners, what's my piece of the cut?
    C is for C-Net, that page-whoring slut,
    D is for Dickhead, by an ass and two nuts,
    E is for Extra page views for the win,
    F is for Flash, it's a whole 'nother sin,
    G is for Google, do no evil (today!)
    H is for Hackers, not crackers, OK?
    I is for IM, "wut r u do now?"
    J is for Javashit, shut it off now.
    K is for Kids, 'cuz it's all for their sake,
    L is for Legislators, all on the take.
    M is for Microsoft, and masturbate meekly,
    N is for Neologisms, which I invent weekly,
    O is for Orange, with which nothing rhymes
    P is for Pageviews, 26 fucking times?!
    Q is for Question, WTF are you thinking?
    R is for Readership, C-Net's lost a few drinking,
    S is for Spammer, and spyware, and shit,
    T is for Trash, Turd, and also twenty-six.
    U is for Useless, the number of clicks,
    V's for Vendettas on marketing pricks,
    W is for Wizard, his robe and my hat,
    X is for X-rated wizardly chat,
    Y's what's starts "You", not the twenty-first letter,
    Z is for Zero. (Shoulda wrote this poem better.)

    1. Re:Smpamphigorey: P is for Pageviews by eviloverlordx · · Score: 1

      I think you're my new hero...

      --
      'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
    2. Re:Smpamphigorey: P is for Pageviews by D3m0n0fTh3Fall · · Score: 1

      Your ideas intrigue me and I wish to subscribe to your newsletter.

    3. Re:Smpamphigorey: P is for Pageviews by shadowcode · · Score: 0, Offtopic

      Indeed! If only I still had my modpoints :/
      Okay. It is off-topic. But come on, the funny outweighs the off-topicness, right?

    4. Re:Smpamphigorey: P is for Pageviews by Anonymous Coward · · Score: 0
      > I think you're my new hero...

      Ya gotta admit, it was more fun than reading an article split onto 27 pages. Woulda changed one line, though:

      "T is Tom's Hardware Guide, and twenty-six" :)

    5. Re:Smpamphigorey: P is for Pageviews by Anonymous Coward · · Score: 0

      And H is for Happy Hour.

    6. Re:Smpamphigorey: P is for Pageviews by Anonymous Coward · · Score: 1, Funny

      Um, door hinge rhymes w/orange.

    7. Re:Smpamphigorey: P is for Pageviews by Anonymous Coward · · Score: 0
      > Okay. It is off-topic. But come on, the funny outweighs the off-topicness, right?

      How's it off-topic, he's flaming the hell out of the marketing schlub at C-net who split the article onto 27 pages :)

    8. Re:Smpamphigorey: P is for Pageviews by jginspace · · Score: 1

      All alone in my cubicle, all dank and cheerless I read your post and cried, this guy is peerless Among all this drivel and dupes with grammar all gone A geek that does word craft - that's number one.

    9. Re:Smpamphigorey: P is for Pageviews by jginspace · · Score: 1

      How can we thank you? For our mod points we do fumble But I upset that guy Taco and my karma did tumble I could make a new user and mod you by stealth But I'll just open this page and reply to myself

    10. Re:Smpamphigorey: P is for Pageviews by bdonalds · · Score: 1

      Reading your poems make me dizzy and achey,

      Please type <br> to insert line breaky!

      --
      The most important thing to do in your life is to not interfere with somebody else's life. -FZ
  7. M... by Anonymous Coward · · Score: 0

    They couldn't think of an entry for "M" unfortunately. Would you have any suggestions?

  8. Interesting, but only half the story... by Sensor · · Score: 2, Interesting

    I've been working in security for 5 years now, penetration testing, managed firewalls/IDS, BS7799 prep, etc... currently (among other bits and bobs) I run security for a UK motor insurance company.

    Lots of security material is all about the tech, but really (outside of Hollywood) hacking or any form of abuse is largely about people. The tech makes it easier or harder for the people - but ultimately at some point there is still someone at a keyboard making the decision to do something.

    For the last couple of years I've been doing what is essentially an MSc in traditional Criminology and it really is interesting how much of the traditional models of motivation and causation cross over into the online environment (and also how little traditional criminologists seem to understand the parrellels).

    I'm actually running a survey for my dissertation at the moment looking at IT admin access to confidential information - if you'd like to take part (and be in with a chance of winning a £25 or $40 amazon voucher) take a look at:

    https://msc-survey.priogenus.com/amazon.php

    1. Re:Interesting, but only half the story... by know1 · · Score: 2, Funny

      Is one of the questions on your survey "What is your root password?"?

    2. Re:Interesting, but only half the story... by Sensor · · Score: 1

      No, but if you have lost it I can put you in touch with people who could help :P

  9. FUD Anyone? by gt_mattex · · Score: 2, Insightful

    FTA

    Be afraid. Threats to corporate security are everywhere. Just when you thought your network was safe from hackers, along came wi-fi - or your iPod-wielding workforce - and opened a whole new can of worms.


    Security is by its nature ever-evolving. Just as one threat is apparently locked down, another springs up to take its place - or an old one rears its head in a new form. Grappling with this malicious hydra it's no wonder the security space spawns new terms and phrases at a rate of knots - and you're supposed to keep up with them all.

    I'm guessing the average reader will either be a) a techy who'll read it for kicks or b) joe shmoe who is duped (read FUD) into buying it.

    --
    "No doubt one may quote history to support any cause, as the devil quotes scripture." - Learned Hand
  10. Mandatory Sleepwalking Warning by psema4 · · Score: 1
    Security pros won't find much new here, but the rest of us might learn a thing or two.
    Several mentions today about the UK sleepwalking into extreme IT dangers. Please proceed with caution if you're a) in the UK and b) learning security.
  11. A-Z explained by Anonymous Coward · · Score: 4, Funny

    Any Linux box has basically no virus weaknesses when compared to Windows.
    Buy a Mac or Linux box instead.
    Change all needed Windows boxes to use open source programs like Firefox instead of the virus prone shipped programs.
    DRM is not your friend.
    Exclude Linux users when sending warnings about Windows viruses.
    Forget about stability if using Windows servers.
    Go ahead, send a "virus" to my Linux email.
    Hire Linux IT people. The MS "professionals" cannot think outside buying a new box.
    Insert "Windows" in front of "Virus" in any warning emails.
    Join the open source club, and understand why transparency helps security.
    Kick out any "Linux is to hard to learn" sys-admins.
    Look out for those that say that a new box will fix it.
    Make plans to use open standards and avoid lock-ins.
    Never spend thousands on external software, when Linux can do it for free.
    Open source software that would never be your core business, but could benefit from thousands of eyes.
    Put all windows boxes behind firewalls.
    Quit your job if they are migrating from Linux to Windows.
    Run Linux to avoid virus problems.
    Stop all unused services, in Mac, Linux or Windows.
    Try OpenOffice. Viruses are not compatible with it.
    Understand which blackbox systems are hard to verify.
    Value employee advice.
    Windows will eventually go open source to compete
    XP only added fisher price colors.
    Your easy way out is to migrate away from Windows.
    Zune DRM is not friendly.

  12. Needs saying by jpetts · · Score: 1
    <Comic_Book_Guy>
      Worst...article...ever!
    </Comic_Book_Guy>
    --
    Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
  13. Re:A-Z explained by Anonymous Coward · · Score: 0

    I is for internet.

    can somebody call Al Gore cause my internet is slow. he can fix it, he invented it.

  14. Forgot the most important K or U factors by Anonymous Coward · · Score: 2, Insightful

    Out of all his points the writer left out the most important factor of them all and that small detail makes the whole thing useless to me. What happened to "Knowing your system" or perhaps "Understanding the environment you're on" ?

    'You' maybe the weakest link to him with regards to passwords or trickery, but if you know what you're doing you'll decrease that risk factor tremendously.

  15. For the home user: by bendodge · · Score: 1, Informative
    Here is my summary for securing relatives:

    1. Get them behind a hardware firewall (Linksys router?)

    2. Get them off the admin account, and if you did step 1 and 2 stop worrying about logging off.

    3. Run Windows Defender 24/7 with real time protection ON.

    4. Make sure Window's Automatic Updates are on.

    5. Install AVG Free, with auto updates.

    6. Install Spybot S&D and Adware SE, and teach them (or preferably their kid) to double click each one, click update, then scan, then remove. You could also get one of those one-click bundles floating around.

    7. Run msconfig and turn all the junk off.

    9. Install Firefox, maybe change the icon to IE's, and install the Qute skin (look similar to IE). Maybe show them the tabs, but don't mention that is it a different browser.

    10. Check back in a couple months and tweak the strategy.


    Now, unless they are big into crummy sites and downloads, they should be OK until the computer landscape changes.
    --
    The government can't save you.
    1. Re:For the home user: by weicco · · Score: 1

      "9. Install Firefox"

      You mean that when you install Firefox, user is unable to download pamela_nude.exe files from internet and execute them? It doesn't really matter which browser user has if they install all that fancy stuff (like Windows themes, screensavers, MSN Messenger plugins, heck FF plugins) that comes with bunchload of malware, spyware, whatever. But your points 5 and 6 helps alot on this.

      Btw. here's a nice web page http://mywebpages.comcast.net/SupportCD/FirefoxMyt hs.html

      --
      You don't know what you don't know.
    2. Re:For the home user: by xiong.chiamiov · · Score: 1

      #2&3:
      You really trust MS to fix their own problems?
      One of the easiest ways I've found to crash a computer is to install Windows updates as soon as they come out (which is 3 mos. after the vulnerability was discovered anyway).

      #5:
      I really prefer Avast! myself. More user-friendly than avg imho.

      #6:
      You forgot Spywareblaster. It's passive protection.

      --
      have you read the Moderation Guidelines Addendum?
    3. Re:For the home user: by compro01 · · Score: 1

      short of putting the user in a complete padded cell, any enviroment is gonna give the user enough rope to hang themselves.

      --
      upon the advice of my lawyer, i have no sig at this time
    4. Re:For the home user: by bendodge · · Score: 0
      You really trust MS to fix their own problems?
      Considering that they made the OS, yes. I've never had it crash a computer that isn't running all kind of pirate junk.

      I really prefer Avast! myself. More user-friendly than avg imho.
      That depends on what type of user. I like AVG because you can set-and-forget. I would also be more confident with definitions from a for-profit company, and AVG is way slimmer on the resources.

      You forgot Spywareblaster. It's passive protection.
      Thanks for the tip.
      --
      The government can't save you.
  16. Hacker definition by Nikademus · · Score: 2, Informative

    It's quite funny some people try to write articles on security and speak of "hackers" without even knowing what it means.

    HACKER (Originally, someone who makes furniture with an Ax.) n. 1. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary. 2. One who programs enthusiastically, or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating hack value (q.v.). 4. A person who is good at programming quickly. Not everything a hacker produces is a hack.

    --
    I gave up with the idea of an useful sig...
    1. Re:Hacker definition by Anonymous Coward · · Score: 2, Informative

      Don't you understand that this comes from the term 'hack writer': A writer that just churns out words quickly with no regard to their accuracy.

    2. Re:Hacker definition by Anonymous Coward · · Score: 0

      Which one does social hacking fit into? Methinks it would fit better if any technology-related terms were changed to more broad terms.

  17. Re:A-Z explained by Anonymous Coward · · Score: 0
    Forget about stability if using Windows servers.


    Obviously you have zero experience or understanding of Windows servers. Its the same as any other OS, it just requires a skilled and knowledgeable admin to configure it stably.
  18. Hackers == Crackers by Anonymous Coward · · Score: 0
    Computer hackers write, use and modify software to break into computer systems - often exploiting flaws in another programmer's code. The security troubles that have dogged Microsoft's Internet Explorer web browser, for instance, are caused by hackers writing pieces of code that exploit vulnerabilities in IE's code, enabling them to use the browser as a springboard to carry out a malicious action - such as hijacking a user's PC.
    So now it is official. It's on the A to Z of security therefore has to be true, all the hackers have become crackers.
    1. Re:Hackers == Crackers by Anonymous Coward · · Score: 0

      just what we need, more bad publicity...
      these people really need to get their facts straight.

  19. I saw the title, by nowhere.elysium · · Score: 1

    And I honestly thought this was going to be some spoof article about ROT-26, or something.

    --
    http://xkcd.com/313/
  20. Re:A-Z explained by Anonymous Coward · · Score: 0

    Sorry to reply to myself, but now I realize that he was talking about Windows need to constantly reboot.

    Even though some of that can be avoided, I admit that Linux is better at doing updates without reboot.

  21. Re:Hack by xiong.chiamiov · · Score: 1
    The security troubles that have dogged Microsoft's Internet Explorer web browser, for instance, are caused by hackers writing pieces of code that exploit vulnerabilities in IE's code, enabling them to use the browser as a springboard to carry out a malicious action - such as hijacking a user's PC.
    Meanwhile, web designers are busy at work creating web pages that work in Internet Explorer. Since MS doesn't give a DRM about standards, the developers' beautiful code must be "hacked" to work in IE.
    --
    have you read the Moderation Guidelines Addendum?
  22. You could also get them to pay for some.. by cheros · · Score: 1

    If you take the paid-for AdAware you can automate some of the stuff they now have to manually do. In my experience, any manual operation will be omitted within weeks from taking your hands off the system..

    --
    Insert .sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.