webddr

What should do when viewing a secure page or website with https url and the browser complains that the site certificate doesn’t match the server and asks user to continue?

The host name of the Web server is an unalterable part of the site certificate. If the name of the host doesn’t match the name on the certificate, the browser will notice this fact and alert you of the problem. (more)

If you are a Webmaster, system administrator, or are otherwise involved with the administration of a network, the single most important step you can take to increase your site’s security is to create a written security policy. This security policy should succinctly lay out your organization’s policies with regard to: (more)

Operating systems

Although the Unix and NT communities may not like to hear it. In general, the more powerful and flexible the operating system, the more open it is for attack through its Web (and other) servers.

Unix systems, with their large number of built-in servers, services, scripting languages, and interpreters, are particularly vulnerable to attack because there are simply so many portals of entry for hackers to exploit. Less capable systems, such as Macintosh and special-purpose Web server boxes, are less easy to exploit. The safest Web site is a bare-bones Macintosh running a bare-bones Web server. (more)

SSL uses public-key encryption to exchange a session key between the client and server; this session key is used to encrypt the http transaction (both request and response). Each transaction uses a different session key so that if someone manages to decrypt a transaction, that does not mean that they’ve found the server’s secret key; if they want to decrypt another transaction, they’ll need to spend as much time and effort on the second transaction as they did on the first. (more)

Unfortunately, there’s a lot to worry about Web servers. There are security risks that affect Web servers, the local area networks that host Websites, and even innocent users of Web browsers.

The risks are most severe from the Webmaster’s perspective. The moment you install a Web server at your site, you’ve opened a window into your local network that the entire Internet can peer through. Most visitors are content to window shop, but a few will try to to peek at things you don’t intend for public consumption. (more)

A security researcher has identified a new attack that has infected almost 300,000 website pages with links that direct visitors to a potent cocktail of malicious exploits.

The SQL injection attacks started in late November and appear to be the work of a relatively new malware gang, said Mary Landesman, a researcher with ScanSafe, a web security firm recently acquired by Cisco Systems. (more)