Everybody is writing about Heartbleed this week. The reason? It probably affects more people than any other vulnerability we've ever seen. If you ever log into any web site, anywhere, your password might be revealed -- and that is just the start. The biggest problem?
Ha. Just got another message from a client who has been the victim of several comment spam campaigns:
Not 4 hours after posting my most recent blog stressing the importance of setting up systems with disaster recovery in mind, fate stepped up and thwacked me. "Oh yeah, think you're so resilient?
Yesterday Drupal.org got hacked, and potentially all the password hashes on the site fell into malicious hands.
XSS is short for Cross-Site Scripting, but you probably might ask why the short term is not CSS instead. That's because CSS is already used for Cascade Style Sheets, a pre-existing language for defining styles for web pages, so using XSS will prevent confusion.
Not 2 weeks after my newsletter calling out how people take for granted that nothing bad will happen to their web sites, two of the biggest providers went down yesterday, Amazon and Akamai, in several separate incide
All the planning and preparation in the world won't prevent an incident, but it can greatly reduce the consequences.
Nothing better prepares you for responding to disaster than experience. In the world of web applications, sometimes we act as firefighters, coming in to rescue the smoldering remains of a hacked site, a crashed server, or an unexpected traffic burst.
No matter how diligent you are at preventing vulnerabilities and securing your environment, it's impossible to be completely secure on the Internet. What you can do is plan for how to limit the damage that people can do when they manage to compromise some part of your system. This line of thinking is called "Defense in depth" -- you can't just apply security updates and call it good.
At Freelock, we don't think one backup is enough. All kinds of things can, and often do go wrong. Murphy was an optimist, after all.
We get a lot of questions about how to fight spam. For the most part, it's too late when it reaches your email program--but on the mail server, there are several tactics we employ to minimize what reaches your inbox.
Carla Schroder covers a great network backup utility in her current series. Here's where the rubber meets the road:
Do Automated Cross-Platform Network Backups The Easy Way (Part 2)
Just stumbled upon a pretty cool web interface to a centralized backup system. You can manage a series of snapshot backups of all the computers on your network. It can automatically send a user an email if there's a repeated problem of missed backups.
