Computer Security Tips

There is much to be said about computer security, but the greatest problem to overcome is user education. How to make all those people aware of the problems and how to avoid them?

I don't claim to have all the answers; in fact, I don't claim to have any of the answers. What I hope to achieve here is simply to provide a source of some of the information I have, which can be helpful in the on-going effort to educate the growing population of computer users.

Computer security advisories:

These advisories were written for the Concordia University community, but are no doubt relevant to anyone out there:

Melissa: (released 1999/03/29) Users of Microsoft Word-97 or Word-2000 may, under certain circumstances be affected by an email borne "virus" (it's a worm, actually), that has numerous malicious effects.
FrontPage Server Extensions: (released 1999/04/22) Web servers with FrontPage Server Extensions with incorrect configuration could permit remote users to gain access to privileged accounts on the system hosting the web server.
Telephone Scam: (released 1999/06/07) On some business telephone systems, it may be possible for an outside caller to gain control of a telephone line and make calls charged to that line.

Recent incidents:

Well, these aren't so recent any more, but they're still interesting. These are source code to incidents that have affected people around the world:

I LOVE YOU: (released 2000/05/04) Similar to Melissa (above), this email-borne worm-style virus carries multiple payloads. Formatted and commented source-code.
Very Funny: (released 2000/05/04) Essentially a copy of the I LOVE YOU worm, with different file names.
Very Funny (diff): See the differences between I LOVE YOU and Very Funny.

Additional information:

Web pages I've created to assist people in keeping their systems secure. I hope this can help people.

Securing Passwords: (created 2000/10/13) A discussion of issues surrounding the perceived security of re-usable passwords.
Securing Unix and Linux Systems: (created 2000/09/20) So you want to set up a Unix server, but you'd like to do it securely? Here's a list of hopefully useful pointers to get you moving in the right direction.
Unix Production Checklist: Actually, not one I created myself, but this is a checklist of items used by the IITS SSG-Unix group to measure the production-readiness of our systems. It is, of course, a constantly evolving document.

Links to Remote Documents:

Secure Programming: A document by Oliver Friedrichs, of the secprog mailing list.
Secure Programs HOWTO: David Wheeler's HOWTO on secure programming. David Wheeler also has a secure programs introduction page.
The Stanford SRP Authentication Project: by integrating secure password authentication into widely used protocols instead of adding security as an afterthought, SRP improves network security from the ground up.

This web page was created entirely by hand, and is best viewed with any web browser you choose.
Last updated Friday, 31-Aug-2007 02:12:12 EDT.

Sylvain Robitaille webmaster@therockgarden.ca