Announcement

Collapse
No announcement yet.

Security as a Point-of-View

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Security as a Point-of-View

    Whether you design websites, as I do, or build apps or are a casual user of the Internet, this effects you.

    Security is being compromised to a greater degree, lately.

    Whatever the reason for this trend, the real question is "How do I deal with it?"

    This ZDNet(r) article has some suggestions, which I think are reasonable and do-able by everyone. Yes, you need to change the way you do some things... Change is a fact of life.

    http://www.zdnet.com/article/serious...de-on-hackers/

    The three suggestions are:
    "...We as consumers need to understand the value of our data and then hold those that store it to account."

    "Second, companies should design security as a fundamental part of the services we use, not a nice-to-have addition...."

    "Third, the use of strong encryption should be the standard, not the exception...."


    If you follow the threads here on Kubuntu forums, you will have seen reports, by myself and others, of the recent failures of Major 'net companies (e.g. Yahoo(r), Google(r) and others). These are indicators of the problem as well as being part of the problem.

    So, what are you doing to address the three points of the linked article?

    My actions:

    1) I'm moving my custom to businesses which are more likely to protect my data and identity.

    2) See #1. That means moving my email away from Yahoo(r) and/or Google(r). It means hosting on more secure servers, when I can find them.

    3) If I must send valuable and private information, I do it with strong encryption (Minimum 2048 bit encoding, 4096bit preferable). I design websites with two points in mind;

    a) My end users bear a part of the responsibility to use secure email addresses and
    b) The contact information stored on servers which run my website code are ASSUMED A PRIORI to be IN-SECURE and vulnerable to hacking. There is no free lunch.

    Yes, I design with encrypted database(s) and use "secure" HTTPS links, but that is NOT guaranteed to protect all data.

    No, I cannot make a guarantee to my customers (who order my designs) that the website will be 100% secure from attack. Don't believe anyone who tries to tell you otherwise. "There's a sucker born every minute...".

    This is NOT an ad for my business (you can't find me from here...).

    Again, what are you doing to preserve your security and privacy?
    Kubuntu 24.11 64bit under Kernel 6.12.3, Hp Pavilion, 6MB ram. Stay away from all things Google...

    #2
    Thumbsupemoticonthingyhere!

    woodsmoke

    Comment


      #3
      @TWPonKubuntu,
      I agree with everything you wrote, except that I no longer have a webpage or blog. My email encryption, when I want to use it, which so far is never, is RSA 4096.

      Unfortunately, the majority of our computers were made in China, including the CPUs, GPU,s PROMS and such. China burned the microcode burned onto those chips. Those are keys to a GIANT back door, if they have been compromised. The US "persuaded" American manufacturers to install back doors into their digital equipment, before that manufacturing ended up in China.

      My latest example is my Cisco E2500 Linksys wifi. A month after I got it I got a popup message from the router asking for an agreement to a EULA before they would install the firmware update remotely. To agree to the update I had to sign on to Cisco's new cloud service. I didn't want to use a cloud service and was curious as to why they would predicate a firmware update on a subscription to their cloud, even if it was "free". I did some investigation and discovered that MANY folks received the same upgrade "offer" almost independent of the hardware model, and there were links to sources suggesting that the NSA had a hand. That's when I went to the DD-WRT website and downloaded the firmware for the E2500 and installed it. It turned out to give COMPLETE control to the E2500, something that the Cisco firmware did not. And, it had no back doors in it, either.

      Like most people, there is nothing I do in my personal life that I could imagine that would interest any government, but governments tend to be paranoid, which often leads to psychotic paranoia. It's not what you know you didn't do, it becomes what they think you did, and in our PC society accusation equals guilt.
      "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
      – John F. Kennedy, February 26, 1962.

      Comment


        #4
        Greygeek; "You're not paranoid if they really are out to get you."

        I too have used DD-WRT to change my Linksys router firmware. That is a recommendation, particularly if you have an older model router.

        I wish I could find firmware for my laptop BIOS that is as trustworthy as DD-WRT for routers.

        I'm a Linux OS user for similar reasons.
        Kubuntu 24.11 64bit under Kernel 6.12.3, Hp Pavilion, 6MB ram. Stay away from all things Google...

        Comment


          #5
          Originally posted by TWPonKubuntu View Post
          Greygeek; "You're not paranoid if they really are out to get you."....
          So true, as the dead bodies in the wake of some politicians demonstrate.
          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
          – John F. Kennedy, February 26, 1962.

          Comment

          Working...
          X