security

answers to a few questions from my server logs:

• where does the justin come from?
  i'm from the southeastern end of washington state, but i currently reside in utah county, utah.
• is your space cooler?
  yes, my space is cooler than yours.
• how do i carry a loaded gun?
  i wouldn't suggest carrying it in your pants, unless you want to become another strange google search result

one of the most annoying things about sudo is the inevitable game of "Simon Says". today i learned a coping technique. the Ubuntu wiki says:

sudo !! will repeat the last command entered, except with sudo prepended to it.

my bank has the worst security for their online banking. honest.

for years, the only security feature (if you can call it a feature) was the password: seven letters or less, alpha-numeric. you couldn't even use punctuation symbols.

i guess there was one other security feature: if you messed up your password three times, it would lock your account. once locked, an account had to be reset by calling the bank during business hours and talking to a teller...

at some point the bank decided that this security was insufficient. but instead of improving their existing security (i.e. by letting me use a password of sufficient length), they decided to supplement it.

i just finished a fresh windows xp sp2 install... now it's doing the 65 critical security updates that have been released since sp2.

wow.

I love the Drupal CMS. One of my favorite features of Drupal is the ability to do a multisite install. This site and my other blog, i <3 stella, are hosted on the same box, using the same Drupal install. Several sites can share one codebase. Updates are easily rolled out to every site simultaneously. Overall, it's a wonderful idea. But I have some problems with the implementation...

drupal secure multisite tutorial after the jump.

Cliff Stoll, the author of The Cukoo's Egg points out that the most common vulnerabilities are the ones that come by default on a machine. DEC's Vax computers came with three system accounts, all with a default password. The system never forced the administrator to change them. For the most part "Hunter," the hacker he chased for over a year, didn't use sophisticated tools or brute force. He tried the front door, which was usually wide open.

The modern day front door is a wireless router. Cracking wireless security has become almost trivial. There are utilities that do it automatically. But as easy as it is, it's even easier to find an unsecured network. If you want free internet, look for a network called "linksys," "default," "Wireless," "NETGEAR," "belkin54g," or "Apple Network 0273df." Those are the default network names for the most popular routers. The owner will most likely have left it wide open, with no encryption of password.

There are entire industries that capitalize on our insecurity about security. These companies prey on our fears as a society by exaggerating both the probability of an attack and the effectiveness of their solution. we need an illusion of security.

It always amazes me how often people assume that they've been hit by a virus. In actuality, these "virii" are usually user error, corrupted critical files or random chance. Hanlon's Razor seems to apply quite well here: "Never attribute to malice that which can be adequately explained by stupidity."