From Fedora Project Wiki
(→Encryption Security: new reference format) |
(→Running things as root is a bad idea: new reference format) |
||
| Line 11: | Line 11: | ||
<references/> | <references/> | ||
=== Running | === Running Things as root is a Bad Idea === | ||
While I always knew this, this article still sort of blows my mind: | While I always knew this, this article still sort of blows my mind: | ||
''Windows Security Improved By Denial Of Administrative Rights'' | ''Windows Security Improved By Denial Of Administrative Rights''<ref>http://www.informationweek.com/news/security/app-security/showArticle.jhtml?articleID=213001021&subSection=Enterprise+Applications | ||
</ref> | |||
To quote the article: | To quote the article: | ||
<pre>... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...</pre> | <pre>... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...</pre> | ||
92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter. | 92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter. | ||
<references/> | |||
Revision as of 02:59, 9 February 2009
Security Week
In this section, we highlight the security stories from the week in Fedora.
Contributing Writer: JoshBressers
Encryption Security
With all the recent talk of encrypting hard drives, the cold boot method, and using proper passwords, this[1] xkcd comic reminds us of the weakest link in all cryptography, the person with the password.
Running Things as root is a Bad Idea
While I always knew this, this article still sort of blows my mind: Windows Security Improved By Denial Of Administrative Rights[1] To quote the article:
... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...
92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter.