No edit summary |
|||
| Line 6: | Line 6: | ||
Contributing Writer: [[JoshBressers]] | Contributing Writer: [[JoshBressers]] | ||
=== Encryption Security === | |||
With all the recent talk of encrypting hard drives, the cold boot method, and using proper passwords, this xkcd comic reminds us of the weakest link in all cryptography, the person with the password: | |||
http://xkcd.com/538/[1] | |||
=== Running things as root is a bad idea === | |||
While I always knew this, this article still sort of blows my mind: | |||
''Windows Security Improved By Denial Of Administrative Rights''[2] | |||
To quote the article: | |||
<pre>... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...</pre> | |||
92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter. | |||
[1] http:// | [1] http://xkcd.com/538/ | ||
[2 | [2] http://www.informationweek.com/news/security/app-security/showArticle.jhtml?articleID=213001021&subSection=Enterprise+Applications | ||
Revision as of 02:04, 8 February 2009
Security Week
In this section, we highlight the security stories from the week in Fedora.
Contributing Writer: JoshBressers
Encryption Security
With all the recent talk of encrypting hard drives, the cold boot method, and using proper passwords, this xkcd comic reminds us of the weakest link in all cryptography, the person with the password: http://xkcd.com/538/[1]
Running things as root is a bad idea
While I always knew this, this article still sort of blows my mind: Windows Security Improved By Denial Of Administrative Rights[2] To quote the article:
... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...
92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter.
[1] http://xkcd.com/538/ [2] http://www.informationweek.com/news/security/app-security/showArticle.jhtml?articleID=213001021&subSection=Enterprise+Applications