Security

If you have ever worked for a corporation or used IT services at a university, you have undoubtedly been prompted at one time to change your password. It is annoying and seems like a waste of time, but it is important. Running a web server that gives all or some …

Question: What is DNSBL and should I care about it? Answer: DNSBL stands for DNS Block List or Blacklist. Essentially, it is a published list of ipp addresses that are in some way connected to spam. Although the most common form of DNSBL is a list of actually servers and/or …

IDNs have been hailed as a milestone in web accessibility, but unfortunately, this new technology could make it easier for phishers and other cyber criminals to target victims. This is because while certain letters in two different scripts might look exactly alike, they have different meanings in their respective language. …

Hopefully, it has not been a year since you have given your server a good checkup, but just in case you need a reminder, here are a few things to check at the start of 2010: 1. Log rotation. Normally, Linux will rotate logs for the kernel, web server, and …

Question: How do I setup Dovecot to use IMAPS and POP3S with Postfix certificates? Answer: Dovecot is a free and open source IMAP and POP3 mail server. It is used for receiving incoming mail and works in conjunction with Postfix, which handles sending and delivery. Dovecot runs on all Linux …

Question: I was thinking of making my entire website HTTPS instead of just the shopping cart. Is this a good idea? Answer: There are both pros and cons to securing an entire site with SSL, but most seem to agree that the cons outweigh the pros. The advantage is that …

UltraDNS, the DNS provider for Amazon Web Services (AWS) in Northern California, briefly went offline Thursday due to a reported Denial of Service (DoS) attack. Specifically, their S3 cloud storage service was unreachable from about 5:43 pm to 6:38 pm Pacific Time. While the service itself continued to operate, users …

Only one user should have the root password to a server, but since virtual private servers (VPS) can exist within a server, those users also have root passwords. Generally speaking, it is a bad practice to login to the server directly as root (administrator). Although SSH connections are encrypted, it …

In our continuing series on SSH security practices, today I would like to focus on the dreaded idle user. It might seem like nothing more than an annoyance, but an unattended ssh session can turn into a security risk. The best way to avoid this is to set an timeout …

The Metropolitan Police’s Central e-Crime Unit (PCeU) announced today that it, in conjunction with the .uk registry, has shut down more than 1200 .co.uk domains. The domains in question were used by organised criminal networks for scamming. Many contained fake online stores where consumers could order designer goods for low …