>
> Well, now there are people looking to steal the keys to your web
> services so they can hold your business web site ransom, for a much
> larger ransom. It's either punishment for careless web
> administration or nearly impossible to defend against depending on
> which expert sound bite you want to take seriously.
"In December a company was reportedly held to ransom after a critical
web app was taken offline through the attack. The hackers had broken
into the servers that ran the web app six months prior, but waited until
some critical data had been encrypted and the security key stored on a
protected remote server."
To notice this, one could use a data diode (yes, that's a thing) to do
copies to another system. On the other system, run daily diffs between
the intended code and the periodic new copy of it.
Give how buggy software is (and that means insecure) and that it is only
likely to get worse, I think passive security is the way to go.
Marcus
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe
http://redfish.com/mailman/listinfo/friam_redfish.com
Locked
