HI,
Today is my 28th birthday so I am going to leave this post here, describing this day. I am sitting here on my computer with a very slow connection because of a storm that has knocked out my internet. I am trying to decided how I want to approach a very high tech project. Having the ability to think is all part of this game. If you cant think that you will never be a programmer.
For whatever sense that I make I dont know. I would like to give people a few tips that will help protect them against viruses and problems on the internet. As most people spend alot of time worrying about if they are hacked into or not or different aspects of web security. Lets make it simple. I have a quick Q & A for some of the questions that were submitted to me via email. Here are some answers to some of the questions that I have been asked over the past few days.
Q: How is someone able to steal my password over the internet and what can I do to stop people from stealing it.
A: Well typically passwords are stolen in a variety of ways. The easiest way for someone to steal your password is to trick you into giving it to them. This I call social manipulation. Typically have happens is someone tricks you into typing in your username and password into a website where they are submitted the data. People will create say a fake yahoo login page as soon as you type in your password it will reject it send you to the real yahoo login page than email the attacker your info. That is by far one of the most common methods of stealing a password. In order to prevent this its important to run Anti-virius software that like AVG surf-sheild that will scan the pages for you before you view them. This will alert you of spoofed pages. If you are not running software to alert you of this the chances are that someone will eventually trick you into giving up the goods.
Passwords are also stolen when you log into a website not protected by SSL. If you are typing data into a non secured page than an attacker can sniff out the data that you are passing from page to page. However
it requires someone with a little bit of skill to get your password in this manner. However its very easy to use a packet sniffer and pick up post data going from one page to another on a server. Any page not protected by https:// can be sniffed. If you go to a page that says there is some type of certificate error, all that means is that the certificate is expired or there are image on the page from a non secured connection or something in that manner. Even if there is a certificate error you are still protected by the encryption the warnings are just a way for the companies issuing the certificates to profit off them. Making sure you log in from secured pages will decrease the chances of giving up your password.
The other problem that people make is that they use the same password on everything. This is not very smart to do. This means if someone collects your password they have access to all the other accounts that use this password as well. Its smart to use a variation of 10 different passwords when signing up on websites. Mabe you have one password that you are familiar with. Well when you sign up on another website use a similar password that is one or 2 characters off. Say your password is V00pEYn& you next password could me V00pEYn&* and another could be V00pEYn&+ by setting up a bunch of very similar passwords you will know that the password is one character off however the attacker will not know that.
Do not use Dictionary words or names as passwords. If your password is a simple common name or dictionary word than your password can be hacked very easily. However if you use an email service like Yahoo it will prevent people from trying to run a brute force attack on your email account. However if you are running an email account located at something like mail.yourdomain.com than you will need to write a special program that will prevent people from trying to bruteforce attack your server.
Q: As a professional web developer why do you use a yahoo email account.
A: Using a yahoo email account will do as described above it prevents people from trying to hack into my email accounts. Its much easier to use a service such as yahoo mail or gmail which have built in email security features. Setting up squirrel mail on a pop3 SMTP server leaves you the responsibility of securing your email server. Emails downloaded to outlook express can be sniffed just like
any other data traveling on a non secured connection. So if you are going to use POP3 email secure your email server so people like me cannot read your email at will. However its much easier if you use an high end free email service with built in security. Lets let yahoo deal with keeping hackers out of my email. Un secured POP3 email accounts you might as well post your emails to a website. If you want to run email at
your.name@yourdomain.com than please call me to do a security audit on your server to determine if someone will be able to breach it. Also remember to roll your passwords this way if someone is able to get your password they will have to get it again. Like I said above set up about 10 similar passwords and rotate them.
Q: How come file systems commands are not able to run from php on a godaddy VPS.
A: Godaddy.com uses a program called SU to get to a root shell. There is no root user on the server. In order to run file system commands from php you must use "sudo" this is only after you have given the apache user a NOPASSWD:ALL entry in the sudoers file. Using sudo is much more secured however make sure that you are not routing user input into the function. That can cause problems.
Total Members: 643
Downloads
Author