http://kerry-linux.ie/rss/rss.xml Great resources that help you understand and implement online security for your own business effectively en-gb Using the internet we all surrender our information (both sensitive and unimportant) to online applications that eventually dump them in a database. If you think your information is safe in the database, think again. Obviously there is a general problem with access to these databases that can render information resting there insecure. The problem arising with most online applications is that most of them use passwords to access the database that are stored unencrypted on the server. Even for commercial online applications it is quite common to store the crucial password that grants access to all data resting in a database in a simple configuration file, in clear text. For example, Magento, the well known online shop software, stores the database password in the file "app/etc/local.xml" where it shines in all its glaring plain text glory. Of course you can start to secure these files. It's the most natural thing to do. And you have to do it, fast. Because under normal circumstances, these config files are readable for everyone on the server when the default installation has finished. Most online applications seem to rely on the fact that the administrator knows that there is work left to be done. Following the principle of least privilege is a good guide to make those sensitive files as secure as possible on the server. But let's be honest, relying on the assumption that no unauthorized person will ever see the content of such a file may not be prudent. It's a little bit like putting the key under the doormat. http://kerry-linux.ie/articles/you-wont-find-the-key-under-the-doormat.php Tue, 02 Mar 2012 17:47:00 +0000 What has prevented you from using encryption with your webmail by now? I guess, there was no easy way to use it. The "Encrypt message" button simply wasn't there. This has changed now, as the web encryption extension can be used with webmail. The webmail application you are using may not provide you with this upgrade today, but integrating the encrypt button into your webmail application is possible, and may become a standard, soon. http://kerry-linux.ie/articles/upgrade-your-webmail-with-encryption.php Tue, 14 Feb 2012 11:40:00 +0000 Being nothing more than unprotected emails, contact forms lose one important quality that would make them even more useful on a website, confidentiality. For customers there is no way to convey a message to a business owner securely by using the contact form, because eventually it'll end up as an ordinary email, unprotected. With the Web Encryption Extension there is an alternative available now. And it's free, too http://kerry-linux.ie/articles/a-reinvention-of-the-contact-form.php Mon, 30 Jan 2012 15:30:00 +0000 Do you want to look behind the curtains of email protection? This article leads the way to a full understanding of how modern email encryption works. http://kerry-linux.ie/articles/revealing-the-secrets-of-email-encryption.php Mon, 19 Dec 2011 12:00:00 +0000 Public Key used to sign Program Code http://kerry-linux.ie/articles/codesigning.php Tue, 15 Nov 2011 11:00:00 +0000 Certainly not, if you store credit card information or passwords in clear text on the servers. Recent data theft disasters have shown, that it is not enough to operate a "secure server" and leave all customer's information unencrypted on this server. Because if you think your secure server is invincible, all your customer's data is at risk, the moment it turns out that the secure server is not as secure as you thought. http://kerry-linux.ie/articles/can-online-services-be-secure.php Wed, 15 Jun 2011 11:00:00 +0000