|
|
Security Basics
Hashing passwords Jun 11 2012 05:33PM haZard0us (hazard0us pt gmail com) (3 replies) Re: Hashing passwords Jun 11 2012 05:55PM Ansgar Wiechers (bugtraq planetcobalt net) (2 replies) Re: Hashing passwords Jun 11 2012 07:11PM Kai Wirt (u-turn1 gmx de) (1 replies) Re: Hashing passwords Jun 11 2012 06:32PM Rory Browne (rbmlist gmail com) (1 replies) RE: Hashing passwords Jun 12 2012 01:54PM Liam Randall (Liam Randall gigaco com) (1 replies) Re: Hashing passwords Jun 12 2012 05:39PM martin mngoma gmail com (1 replies) Re: Hashing passwords Jun 12 2012 06:30PM Kai Wirt (u-turn1 gmx de) (2 replies) |
|
Privacy Statement |
>> Just also revise enforcing password changing rules (every after 30 days) on your site and strong passwords(no less then 8 characters, special characters, upper cases,numbers and symbols) , this helps when attackers try brute forcing, so by the time they crack the password its no longer in use...
>
> There's an interesting paper on this topic:
>
> http://research.microsoft.com/users/cormac/papers/2009/SoLongAndNoThanks
.pdf
>
> In short, most of the password rules employed today are mostly annoying to users and
> don't really improve security.
That paper is deeply flawed, if not outright wrong, and borders on the
pernicious.
The end-user externality not considered by them is the cost to clean
up an incident in an organization by IT staff after someone picks the
dancing pigs over the secure way of doing things.
If more staff were fired or otherwise disciplined after it was proved
that they had gotten their company PC infected by navigating to
non-work-related web sites (or performing their work in an unsafe
manner against advice), we'd have a much better security environment -
and the discipline must also apply to C-level execs, as the data they
handle are even more precious than some staffer in shipping.
I've personally cleaned up malware from the CxO's machines at $WORK,
multiple times, because they a) won't pay attention to my
recommendations for handling web sites and email and b) won't let me
block or quarantine executables and suspect documents at the gateways
that are designed to handle them.
Kurt
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]