Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Today I ran across a random link on how organized crime is systematically taking advantage of known security holes. This reminded me of RE (tilly) 2: Warning our Fellow Monks, with the moral being that with port scanning once an error is found, there really aren't fish that are too small to be noticed.

Security is hard because it is not obvious. You can fail to be secure and there are no overt symptoms. Your software still works. You don't know of the hole. But it is there, and you can still suffer for it.

However, hard or not, you still need to do it. Choose reasonable passwords. Keep up on patches. Use taint mode. Whenever you are processing arguments, rather than trying to search for every way of breaking in (an approach that always fail) consistently instead validate that the input is a form that you know is trustworthy. If you can, get someone who is knowledgable to review your security setup before someone "volunteers" to do the job for you.

Now that link talks about Windows. And it is true that Windows has an abysmal track record. However the track record for Windows is due to a combination of Microsoft not prioritizing security, and the belief (which Microsoft has promoted) that you don't need competent admins for Microsoft products. However an NT box with a competent admin is going to be orders of magnitude safer than any *nix with an admin who doesn't know what they are doing. (Home users of Linux are at serious risk.)

This is a general problem, and it is one which many here contribute to in one way or another, as admins, techs, programmers...

In reply to Stay aware of security by tilly

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others wandering the Monastery: (6)
    As of 2020-04-09 11:16 GMT
    Find Nodes?
      Voting Booth?
      The most amusing oxymoron is:

      Results (47 votes). Check out past polls.