Security From A To Z

Haruki Soma writes, "Unearthed: An A to Z guide to security — from antivirus to zero-day. The writer includes the latest on the UK's newly updated Computer Misuse Act. She also pokes around rootkits, IM, and spyware, pens an ode to Gary McKinnon (aka the NASA hacker, in the 'E is for Extradition' entry), probes Google-induced Spear Phishing, and takes a look back at the Love Bug and Jaschan's Sasser." Security pros won't find much new here, but the rest of us might learn a thing or two.

that sounds pretty simple.

[User 956]

If we had only known that all along, there were only 26 things to know about with regards to Security, we wouldn't have had to hire that consultant!

Re:that sounds pretty simple.

[eviloverlordx]

According to the consultant, 25 of 26 items are 'Hire the Consultant'.

Re:

[wiz31337]

I wish I would have had this "study guide" before I took my CISSP exam.

Smpamphigorey: P is for Pageviews

[Tackhead]

A is for Adverts, and Goatse Guy's butt,
B is for Banners, what's my piece of the cut?
C is for C-Net, that page-whoring slut,
D is for Dickhead, by an ass and two nuts,
E is for Extra page views for the win,
F is for Flash, it's a whole 'nother sin,
G is for Google, do no evil (today!)
H is for Hackers, not crackers, OK?
I is for IM, "wut r u do now?"
J is for Javashit, shut it off now.
K is for Kids, 'cuz it's all for their sake,
L is for Legislators, all on the take.
M is for Microsoft, and masturbate meekly,
N is for Neologisms, which I invent weekly,
O is for Orange, with which nothing rhymes
P is for Pageviews, 26 fucking times?!
Q is for Question, WTF are you thinking?
R is for Readership, C-Net's lost a few drinking,
S is for Spammer, and spyware, and shit,
T is for Trash, Turd, and also twenty-six.
U is for Useless, the number of clicks,
V's for Vendettas on marketing pricks,
W is for Wizard, his robe and my hat,
X is for X-rated wizardly chat,
Y's what's starts "You", not the twenty-first letter,
Z is for Zero. (Shoulda wrote this poem better.)

Re:

[eviloverlordx]

I think you're my new hero...

Re:

[D3m0n0fTh3Fall]

Your ideas intrigue me and I wish to subscribe to your newsletter.

Re:

[Anonymous Coward]

Um, door hinge rhymes w/orange.

Re:

[jginspace]

All alone in my cubicle, all dank and cheerless I read your post and cried, this guy is peerless Among all this drivel and dupes with grammar all gone A geek that does word craft - that's number one.

Re:

[jginspace]

How can we thank you? For our mod points we do fumble But I upset that guy Taco and my karma did tumble I could make a new user and mod you by stealth But I'll just open this page and reply to myself

Re:

[bdonalds]

Reading your poems make me dizzy and achey,

Please type <br> to insert line breaky!

Interesting, but only half the story...

[Sensor]

I've been working in security for 5 years now, penetration testing, managed firewalls/IDS, BS7799 prep, etc... currently (among other bits and bobs) I run security for a UK motor insurance company.

Lots of security material is all about the tech, but really (outside of Hollywood) hacking or any form of abuse is largely about people. The tech makes it easier or harder for the people - but ultimately at some point there is still someone at a keyboard making the decision to do something.

For the last couple of

Re:

[know1]

Is one of the questions on your survey "What is your root password?"?

Re:

[Sensor]

No, but if you have lost it I can put you in touch with people who could help :P

FUD Anyone?

[gt_mattex]

FTA

Be afraid. Threats to corporate security are everywhere. Just when you thought your network was safe from hackers, along came wi-fi - or your iPod-wielding workforce - and opened a whole new can of worms.

Security is by its nature ever-evolving. Just as one threat is apparently locked down, another springs up to take its place - or an old one rears its head in a new form. Grappling with this malicious hydra it's no wonder the security space spawns new terms and phrases at a rate of knots - and you're

Mandatory Sleepwalking Warning

[psema4]

Security pros won't find much new here, but the rest of us might learn a thing or two.

Several mentions today about the UK sleepwalking into extreme IT dangers. Please proceed with caution if you're a) in the UK and b) learning security.

A-Z explained

[Anonymous Coward]

Any Linux box has basically no virus weaknesses when compared to Windows.
Buy a Mac or Linux box instead.
Change all needed Windows boxes to use open source programs like Firefox instead of the virus prone shipped programs.
DRM is not your friend.
Exclude Linux users when sending warnings about Windows viruses.
Forget about stability if using Windows servers.
Go ahead, send a "virus" to my Linux email.
Hire Linux IT people. The MS "professionals" cannot think outside buying a new box.
Insert "Windows" in front of "Virus" in any warning emails.
Join the open source club, and understand why transparency helps security.
Kick out any "Linux is to hard to learn" sys-admins.
Look out for those that say that a new box will fix it.
Make plans to use open standards and avoid lock-ins.
Never spend thousands on external software, when Linux can do it for free.
Open source software that would never be your core business, but could benefit from thousands of eyes.
Put all windows boxes behind firewalls.
Quit your job if they are migrating from Linux to Windows.
Run Linux to avoid virus problems.
Stop all unused services, in Mac, Linux or Windows.
Try OpenOffice. Viruses are not compatible with it.
Understand which blackbox systems are hard to verify.
Value employee advice.
Windows will eventually go open source to compete
XP only added fisher price colors.
Your easy way out is to migrate away from Windows.
Zune DRM is not friendly.

Needs saying

[jpetts]

<Comic_Book_Guy>
  Worst...article...ever!
</Comic_Book_Guy>

Forgot the most important K or U factors

[Anonymous Coward]

Out of all his points the writer left out the most important factor of them all and that small detail makes the whole thing useless to me. What happened to "Knowing your system" or perhaps "Understanding the environment you're on" ?

'You' maybe the weakest link to him with regards to passwords or trickery, but if you know what you're doing you'll decrease that risk factor tremendously.

For the home user:

[bendodge]

Here is my summary for securing relatives:

1. Get them behind a hardware firewall (Linksys router?)

2. Get them off the admin account, and if you did step 1 and 2 stop worrying about logging off.

3. Run Windows Defender 24/7 with real time protection ON.

4. Make sure Window's Automatic Updates are on.

5. Install AVG Free, with auto updates.

6. Install Spybot S&D and Adware SE, and teach them (or preferably their kid) to double click each one, click update, then scan, then remove. You could also get one of tho

Re:

[weicco]

"9. Install Firefox"

You mean that when you install Firefox, user is unable to download pamela_nude.exe files from internet and execute them? It doesn't really matter which browser user has if they install all that fancy stuff (like Windows themes, screensavers, MSN Messenger plugins, heck FF plugins) that comes with bunchload of malware, spyware, whatever. But your points 5 and 6 helps alot on this.

Btw. here's a nice web page http://mywebpages.comcast.net/SupportCD/FirefoxMyt hs.html [comcast.net]

Re:

[compro01]

short of putting the user in a complete padded cell, any enviroment is gonna give the user enough rope to hang themselves.

Re:

[xiong.chiamiov]

#2&3:
You really trust MS to fix their own problems?
One of the easiest ways I've found to crash a computer is to install Windows updates as soon as they come out (which is 3 mos. after the vulnerability was discovered anyway).

#5:
I really prefer Avast! myself. More user-friendly than avg imho.

#6:
You forgot Spywareblaster [javacoolsoftware.com]. It's passive protection.

You could also get them to pay for some..

[cheros]

If you take the paid-for AdAware you can automate some of the stuff they now have to manually do. In my experience, any manual operation will be omitted within weeks from taking your hands off the system..

Hacker definition

[Nikademus]

It's quite funny some people try to write articles on security and speak of "hackers" without even knowing what it means.

HACKER (Originally, someone who makes furniture with an Ax.) n. 1. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary. 2. One who programs enthusiastically, or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating h

Re:

[Anonymous Coward]

Don't you understand that this comes from the term 'hack writer': A writer that just churns out words quickly with no regard to their accuracy.

I saw the title,

[nowhere.elysium]

And I honestly thought this was going to be some spoof article about ROT-26, or something.

Re:Hack

[xiong.chiamiov]

The security troubles that have dogged Microsoft's Internet Explorer web browser, for instance, are caused by hackers writing pieces of code that exploit vulnerabilities in IE's code, enabling them to use the browser as a springboard to carry out a malicious action - such as hijacking a user's PC.

Meanwhile, web designers are busy at work creating web pages that work in Internet Explorer. Since MS doesn't give a DRM about standards, the developers' beautiful code must be "hacked" to work in IE.