From Fedora Project Wiki

< FWN‎ | Beats

(→‎Encryption Security: new reference format)
Line 11: Line 11:
<references/>
<references/>


=== Running things as root is a bad idea ===
=== Running Things as root is a Bad Idea ===
While I always knew this, this article still sort of blows my mind:
While I always knew this, this article still sort of blows my mind:
''Windows Security Improved By Denial Of Administrative Rights''[2]
''Windows Security Improved By Denial Of Administrative Rights''<ref>http://www.informationweek.com/news/security/app-security/showArticle.jhtml?articleID=213001021&subSection=Enterprise+Applications
</ref>
To quote the article:
To quote the article:
<pre>... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...</pre>
<pre>... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...</pre>
92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter.
92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter.


[1] http://xkcd.com/538/
<references/>
[2] http://www.informationweek.com/news/security/app-security/showArticle.jhtml?articleID=213001021&subSection=Enterprise+Applications

Revision as of 02:59, 9 February 2009

Security Week

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

Encryption Security

With all the recent talk of encrypting hard drives, the cold boot method, and using proper passwords, this[1] xkcd comic reminds us of the weakest link in all cryptography, the person with the password.

Running Things as root is a Bad Idea

While I always knew this, this article still sort of blows my mind: Windows Security Improved By Denial Of Administrative Rights[1] To quote the article:

... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...

92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter.