Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Today I ran across a random link on how organized crime is systematically taking advantage of known security holes. This reminded me of RE (tilly) 2: Warning our Fellow Monks, with the moral being that with port scanning once an error is found, there really aren't fish that are too small to be noticed.

Security is hard because it is not obvious. You can fail to be secure and there are no overt symptoms. Your software still works. You don't know of the hole. But it is there, and you can still suffer for it.

However, hard or not, you still need to do it. Choose reasonable passwords. Keep up on patches. Use taint mode. Whenever you are processing arguments, rather than trying to search for every way of breaking in (an approach that always fail) consistently instead validate that the input is a form that you know is trustworthy. If you can, get someone who is knowledgable to review your security setup before someone "volunteers" to do the job for you.

Now that link talks about Windows. And it is true that Windows has an abysmal track record. However the track record for Windows is due to a combination of Microsoft not prioritizing security, and the belief (which Microsoft has promoted) that you don't need competent admins for Microsoft products. However an NT box with a competent admin is going to be orders of magnitude safer than any *nix with an admin who doesn't know what they are doing. (Home users of Linux are at serious risk.)

This is a general problem, and it is one which many here contribute to in one way or another, as admins, techs, programmers...

In reply to Stay aware of security by tilly

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?

What's my password?
Create A New User
Domain Nodelet?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (3)
As of 2022-12-08 20:03 GMT
Find Nodes?
    Voting Booth?

    No recent polls found