PCPlus 311: Website security

Possibly a rather lightweight topic this one, but at the time (and frankly since) it was certainly in the news. The topic? Websites getting hacked, having customer data downloaded, including passwords. Sometimes the hacks are really simple, and I talk about a couple in the article: SQL Injection (which, even after all this time, is still one of the primary ways to hack a website) and XSS (cross-site scripting). Sometimes users bring the problems upon themselves by, say, having the same passwords for several sites (your password then is only as safe as the security at the weakest site). I also talk about the need to salt-and-hash passwords in your database if you are a website developer, and the need to use a good password manager if you are a user.

PC Plus logoCoincidentally, today Ars Technica published a well-researched article on weak passwords and how poor passwords and their reuse across many sites is compromising the Internet.

This article first appeared in issue 311, August 2011.

You can read the PDF here.

(I write a monthly column for PCPlus, a computer news-views-n-reviews magazine in the UK (actually there are thirteen issues a year — there's an Xmas issue as well — so it's a bit more than monthly). The column is called Theory Workshop and appears in the Make It section of the magazine. When I signed up, my editor and the magazine were gracious enough to allow me to reprint the articles here after say a year or so.)

Album cover for The End of the InnocenceNow playing:
Henley, Don - The End of the Innocence
(from The End of the Innocence)

Loading similar posts...   Loading links to posts on similar topics...

No Responses

Feel free to add a comment...

Leave a response

Note: some MarkDown is allowed, but HTML is not. Expand to show what's available.

  •  Emphasize with italics: surround word with underscores _emphasis_
  •  Emphasize strongly: surround word with double-asterisks **strong**
  •  Link: surround text with square brackets, url with parentheses [text](url)
  •  Inline code: surround text with backticks `IEnumerable`
  •  Unordered list: start each line with an asterisk, space * an item
  •  Ordered list: start each line with a digit, period, space 1. an item
  •  Insert code block: start each line with four spaces
  •  Insert blockquote: start each line with right-angle-bracket, space > Now is the time...
Preview of response