[TriLUG] Protecting from SSL Vulnerabilities - iFolder
Michael Peters
mpeters at plusthree.com
Thu Apr 29 09:28:11 EDT 2010
On 04/29/2010 05:47 AM, Matt wrote:
> Moving the port falls into the category of "security through obscurity",
> which can help to cut down on the noise. Moving the port would stop the
> script kiddies that specifically target port 443, but anybody who runs a
> port scan would quickly find the new location.
Yeah, it's minimal security at best and most likely won't help you at all.
> Since you are running apache, you may want to consider using browser
> certificates in addition to passwords.
I'm not sure this is applicable since I bet iFolder won't be able to use
those certificates.
> According to the IT consultant at work, who
> worked at a bank, over 80% of the people used one of three passwords:
> "password", "Jesus", and their first name.
Well, if he could see the user's passwords then their software already
has some security problems :)
--
Michael Peters
Plus Three, LP
More information about the TriLUG
mailing list