Submitted by Jeff Geerling on May 2, 2011 - 10:35am
I use CentOS, but these guidelines should apply no matter what flavor of linux you use. We all know it's a good security practice to lock down your server and require SSH logins to use an RSA key/pair, rather than a password, right? Plus, it makes it easier for you to login to your server from your primary computers/devices...
Submitted by Jeff Geerling on May 31, 2010 - 9:48pm
From MacRumors:
Google is phasing out the use of Windows company-wide due to security concerns. The move comes after news in January that Google was hacked in an attack originating in China. Those attacks used a security vulnerability in Internet Explorer for Windows. News of the report comes from FT.com who cites several Google employees.
"We're not doing any more Windows. It is a security effort," said one Google employee.
Submitted by Jeff Geerling on July 29, 2009 - 1:03am
Every month or so, another scary story about a huge security compromise (a.k.a. a hack) surfaces on the Internet, and this month is no exception. Earlier this month, the whole Twitter corporate heirarchy had a lot to worry about, as a hacker (that's kind of a misnomer... hackers are usually nothing more than persistent, patient and sly computer users) accessed many Twitter employees' email, iTunes, Google, etc. accounts, all because of the fact that one of the employees (probably not the only one, though) left an open door via a few small missteps, security-wise.
The hacker, after gathering tons of personal information gleaned from all over the web, was able to recover a user's Gmail password by guessing a few personal questions Gmail asks on the password recovery form (i.e. "Who was your favorite actor?," "What is your maiden name?," etc.). Then the hacker simply searched through the user's emails for something like "username password," because he knew that a lot of websites (like the Joomla! forums, some gaming sites, online stores, etc.) simply send an email upon a new user registration that contains the person's username and password. Once the hacker got ahold of a few more passwords this way, he was on his way to 'hacking' all the user's accounts... because like most people online, the user had only one or maybe two passwords he used for everything.
...but using the same password for multiple sites/services isn't necessarily a bad thing. Not if you follow these steps:
