The Objective ad verbatim:
“To keep your computer secure, it is important to know the latest security threats. Instead of making constant visits to security Web sites and scanning the pages looking for information, a new approach automates this process and makes it easier to have the information delivered to you. RSS (“Really Simple Syndication”) is an eXtensible Markup Language (XML) format for automatically retrieving content from a Web Page and delivering it to your browser.” (Ciampa, 2009)
Process:
(Click on the images to view in higher quality)
1. First, I opened up Google’s search engine and ran a search for “RSS Reader Tutorial” to turn up related web pages.
2. I then took a look at two videos on Youtube: “Video: RSS in Plain English” and “Creating an RSS feed in Firefox”.
3. Armed with the know-how, I ventured into www.securityincite.com to subscribe to their RSS feed. A simple click sufficed.
4. Google makes it easy for one to read his updates. It is possible to place the feed on your homepage or in a dedicated RSS Reader such as Google Reader.
5. Finalising this last step, I take a look at Google Reader. The interface is impressive, organised and easy to use. Reading your RSS Feeds would be a breeze once subscribed into Google Reader.
Reflection:
“The best way to guard against an enemy is to know your enemy.” When applied to any form of Security, it is a statement all too true. After all, Intelligence is one of the most important facets in a line of defence. Likewise, a constant stream of updates regarding the current IT security situation is a must. Keeping updated about new threats, new vulnerabilities, new attackers and new methods will allow one to pre-empt and target threats before it can cripple a system.
I subscribed to SingCERT’s Latest Security Updates and took a read through the available content. I came across "[SingCERT] Internet Explorer 8 Cross-Site Scripting Filter ’script’ Tag Cross-Site Scripting Vulnerability”, a security advisory from SingCERT. The attacker can make use of the vulnerability in systems that use Internet Explorer and Windows 7 Beta by exploiting a weak point in Internet Explorer 8 to run arbitrary code and bypass security measures. This allows theft of cookie-based authentication credentials and other sensitive data. ([SingCERT] Internet Explorer 8 Cross-Site Scripting Filter ’script’ Tag Cross-Site Scripting Vulnerability 2010)
In the modern world of everyday computing, people rely on the Internet for banking, Stock Market Trading and Foreign-exchange Trading. Money is electronically moving very quickly and in large amounts. Security cannot be compromised or it could potentially have devastating consequences. Thus, we can see how a vulnerability that can be exploited to reveal sensitive information can be a serious issue indeed.
Sine cera,
Jeremy Heng.
“Quis custodiet ipsos custodes?”
No comments:
Post a Comment