Re: Hackers
by "Steve Mount" <steve(at)saltyrain.com>
|
Date: |
Tue, 11 Jul 2000 10:30:48 -0400 |
To: |
<hwg-techniques(at)hwg.org> |
References: |
westhost barnum rr |
|
todo: View
Thread,
Original
|
|
In addition to all of Darrell's great suggestions, always be sure to keep
local backups of ALL of the files you place on your ISP/WPP's server. They
may be very secure, and they may do backups themselves, but nothing feels
better than holding a Zip disk in your hand with all of your web site firmly
stored on it.
And despite the seemingly losing battle, let's try to remember the vast
difference between hackers and crackers. I suspect a good many of the
people on this very list would be considered hackers in the traditional
sense of the word.
-------------------------------------------------------------
Steve Mount, Software Engineer steve(at)saltyrain.com
Home Site http://www.saltyrain.com
US Constitution Online http://www.usconstitution.net
UVM Class of 1989 Home Page http://www.saltyrain.com/uvm/
Manager, HWG Logo Team http://www.hwg.org
----- Original Message -----
From: "Darrell King" <darrell(at)webctr.com>
To: <hwg-techniques(at)hwg.org>
Sent: Tuesday, July 11, 2000 8:23 AM
Subject: Re: Hackers
> A few thoughts:
>
> 1) As some has suggested, change passwords when an employee leaves. Even
if
> that employee didn't have access to the password, you must consider that
> they obtained it somehow while with you. While this may not be practical
> with a large company, smaller companies should have no problem. If your
> turnover is so large this is a major inconvenience, it's possible you have
> bigger problems than site security...:)
>
> 2) Never store your password(s) in a public area of your site. It can be
> accessed with the view-source option, or by simply browsing to it.
>
> 3) Never use the same password for anything else. You have no idea who
runs
> "Joe's Online Newsletter", so don't use your Unix password for your member
> account at Joe's site...
>
> 4) Never use an easily guessed password, or one that follows a pattern. I
> can write a script in a short time that will combine all the words I know
> you like, as well as anything else I know about you, and it'll work it's
way
> through all the possible combinations very quickly. (BTW, everyone: that
> was hypothetical...don't bother writing me to ask for such a script!)
>
> 5) Check the server logs for access records as well, when attempting to
> track the cracker. They feel secure within their anonimity...track them
> down, drag them into the light and they wither and die into a smokey
puddle
> of sludge. This isn't really in line with your request, but it does make
a
> satisfying picture!
HWG hwg-techniques mailing list archives,
maintained by Webmasters @ IWA