I recently read an article that reported a new vulnerability found in one of the most long lasting and trusted encryption protocols on the internet. It really sent home to me the issues associated with our online activities and I wanted to share those with you. Here is the article:
http://lwn.net/Articles/448699/
This article highlights the main reason I started this site. The technology the internet is based on and the security protocols we place are trust in were first conceived decades ago and were not designed for the web we know today. Security is very much a bolt on to a technology that, even though still revolutionary today, is really not suited, by design, to the intended purpose. All it takes is a very minor omission in a line of code to render that code harmful rather than secure. The difficultly here is that we don't know how many omissions exist in the software we use today and so we need to be more careful than we might think to ensure we stay safe.
Casting my mind back to those management training courses at work where they roll out the health and safety courses reminds me of the swiss cheese model. This is a very simple model that says there are many barriers that prevent us from getting hurt, but if all the holes in the cheese line up then an accident happens (which is bad). The more barriers between the hazard and the person the better. We need to adopt this same approach when thinking about computers and our online activities. Relying on just one barrier has the potential to allow a flaw in the software code that creates that barrier to harm us. I use the term 'harm' exceedingly loosely, but I hope you get the point. We need to ensure we think a little bigger. I will expand on this concept in future blogs as I think this really sows the seeds for responsible online behaviour. By understanding that those things which should be secure are not, allows us to put in contingencies so we have a better chance of not being caught out.
Monday, August 8, 2011
Sunday, August 7, 2011
Dave-Bytes Website v0.1 is up and running
Looking back, its hard to believe that I only started hosting the site 2 days ago and have most of the basic features up and running. So its official, http://www.dave-bytes.com is finally off the ground. Now the hard work starts in pulling all the material together for it.
Okay, so where did it all start. Well, I've always been into computers and networks and in all honesty, more of the network than the computer side. I just love the way that networks use some amazingly resilient protocols that just work. Unfortunately, these protocols have been around for decades and security wasn't designed in from the outset because they weren't designed for hostile environments like the internet, but secure offices and military installations. Some time ago, I realised that there is some fairly basic stuff that we have to do to keep ourselves safe online, unfortunately, although a lot of these things are just common sense, they arn't common practice. I saw the need for a site that just focuses on individual internet security and so starts my mission to educate the masses........
I've blogged enough already about the site content, so now I wanted to cover the process I went through to get the site off the ground. For most of us techies, web hosting is pretty much meat and gravy kind of stuff. We've had web servers running at home for years, but this time, I wanted a hosted solution. So the first job was selecting someone to register the domain with. Well, there are a lot of big names out there, but all I wanted was a cheap one. So I went with GoDaddy as they are a big company, fairly cheap, have data centres all over the world and most importantly also offered a cost effective mail solution. As a quick aside, I intend to configure my own mail server at home as a long term mail solution, but wanted to put the framework in place with a host (ie, domain name and mx forwarding) but that's a story for another day.
So, was it hard? Well, no, it was painless. The domain registration was quick and easy. Selecting a hosting package was also easy. Linking the domain name to the hosting package was a few easy and obvious clicks in the configuration webpage, and it was even obvious how to upload files using the web browser ftp software. The website ftp programme was very limited not allowing me to upload directories and only transfer files from within a folder so if you are thinking of running your own site where you write the actual web pages yourself and then upload them, I would highly recommend the opensource FileZilla ftp programme. It's just so simple and works. I included a forum as part of the site which has many hundreds of files of and folders and so an automatic solution was essential. The other thing that is a god send was the mysql databases that are included as part of the package. For the uninitiated, if your website has the ability to store user information like comments or blogs then it needs to have a database somewhere to store this information and that is what mysql does. Its amazing how many different databases you actually need for a website...one for the forum....one for the blog ...... one for comments and that's just for starters.
So, what went wrong. Well, nothing major really. The main lesson I learnt was that domain registration includes the address of the holder and contact information like a phone number and email address and this is available to everyone on the internet. I knew this was going to happen but just not where the information was going to come from and was hoping I could change it to something other than my home address. I couldn't. So, I've had to employ a third party to act as an intermediary to remove this info. It's all done and I'm nicely safe again, but it was an extra step I'd preferred to not have had to take.
If you get a chance, please check out my website, and I'd love to hear your views on it.
Happy Computing!
Okay, so where did it all start. Well, I've always been into computers and networks and in all honesty, more of the network than the computer side. I just love the way that networks use some amazingly resilient protocols that just work. Unfortunately, these protocols have been around for decades and security wasn't designed in from the outset because they weren't designed for hostile environments like the internet, but secure offices and military installations. Some time ago, I realised that there is some fairly basic stuff that we have to do to keep ourselves safe online, unfortunately, although a lot of these things are just common sense, they arn't common practice. I saw the need for a site that just focuses on individual internet security and so starts my mission to educate the masses........
I've blogged enough already about the site content, so now I wanted to cover the process I went through to get the site off the ground. For most of us techies, web hosting is pretty much meat and gravy kind of stuff. We've had web servers running at home for years, but this time, I wanted a hosted solution. So the first job was selecting someone to register the domain with. Well, there are a lot of big names out there, but all I wanted was a cheap one. So I went with GoDaddy as they are a big company, fairly cheap, have data centres all over the world and most importantly also offered a cost effective mail solution. As a quick aside, I intend to configure my own mail server at home as a long term mail solution, but wanted to put the framework in place with a host (ie, domain name and mx forwarding) but that's a story for another day.
So, was it hard? Well, no, it was painless. The domain registration was quick and easy. Selecting a hosting package was also easy. Linking the domain name to the hosting package was a few easy and obvious clicks in the configuration webpage, and it was even obvious how to upload files using the web browser ftp software. The website ftp programme was very limited not allowing me to upload directories and only transfer files from within a folder so if you are thinking of running your own site where you write the actual web pages yourself and then upload them, I would highly recommend the opensource FileZilla ftp programme. It's just so simple and works. I included a forum as part of the site which has many hundreds of files of and folders and so an automatic solution was essential. The other thing that is a god send was the mysql databases that are included as part of the package. For the uninitiated, if your website has the ability to store user information like comments or blogs then it needs to have a database somewhere to store this information and that is what mysql does. Its amazing how many different databases you actually need for a website...one for the forum....one for the blog ...... one for comments and that's just for starters.
So, what went wrong. Well, nothing major really. The main lesson I learnt was that domain registration includes the address of the holder and contact information like a phone number and email address and this is available to everyone on the internet. I knew this was going to happen but just not where the information was going to come from and was hoping I could change it to something other than my home address. I couldn't. So, I've had to employ a third party to act as an intermediary to remove this info. It's all done and I'm nicely safe again, but it was an extra step I'd preferred to not have had to take.
If you get a chance, please check out my website, and I'd love to hear your views on it.
Happy Computing!
Friday, August 5, 2011
Finally, the website is up, albeit under construction
It has long been an aim of mine to get a website up and running. I'm not one of those people who considers squarespace a serious option - as they say - no pain, no gain, so I've done it mostly from scratch (and it shows). Well, it's been painful, but I finally have the website up and running. http://www.dave-bytes-com. It's up, but still has a long way to go. The current homepage is very lame and needs some serious styling before it's anywhere near ready. The forums are up which has taken by far the most amount of work, but they too need styling to blend in with the rest of the site.
I can go to bed tonight content I have achieved something, however, there is a massive list of things to do still.
Night night internet, see you tomorrow ;)
I can go to bed tonight content I have achieved something, however, there is a massive list of things to do still.
Night night internet, see you tomorrow ;)
Subscribe to:
Posts (Atom)