Bob Sneidar wrote:
> DON'T CLICK THE LINK!
Amen, brother. A wise default. Click nothing in an email unless you're
certain it is what it claims to be.
This article was eye-opening for me:
The human attack surface, counting it all up
Humans have become the primary attack surface for cyber criminals.
<http://www.csoonline.com/article/3149510/security/the-human-attack-surface-counting-it-all-up.html>
...which includes this gem:
"Ninety-one percent of attacks by cyber criminals start through email..."
As app devs we're making ever-fewer solo apps with isolated islands of
information, increasingly supporting collaboration with client-server
systems.
Protecting our users' data is of course a priority, but often what's
more important to the attacker are the passwords and control of the
server itself.
This requires all of us in this profession to take a fresh look at not
only each individual part of a system, but the ways they connect to one
another.
Email plays a central role in much of what we do, and refining our
practices with how we use it can help mitigate risks to things that may
not immediately seem related.
Last year I moved my email credentials from the main hard drive to an
encrypted USB thumb drive. There are tutorials on the web for doing this
with most email clients. With that, stealing my laptop doesn't grant
the thief access to my email; they'd also need to steal my thumb drive,
and also have the password to that drive.
This year I want to take this further. I just turned off automatic
login; next I'll encrypt my home partition. I'm exploring options to
run browsers exclusively in containers to isolate them beyond their
sandbox. I'm upgrading my password hashing and salting. I'm replacing
my SSH keys with longer ones. And I'm reading more about these things
for new things to add as I go.
Risk can never be eliminated, but it can be mitigated. And as we've
seen with the DDoS attack on the east coast in October, and the email
hacks over the summer, much of the risk we face can be avoided with only
a little diligence.
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
ambassa...@fourthworld.com http://www.FourthWorld.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
