July 9th 2010
RT @alanogden: hard work moving office today. All in and happy now!

July 9th 2010
obviously our previous tweet meant Friday 9th July :) Thanks to those who let us know!

July 7th 2010
Blog: Slackware, The love affair http://3dpixel.net/blog/slackware-the-love-affair/

July 6th 2010
we are moving to new office premises Friday 6th July. Moving up in the world (literally).

You are here: Home » 3DPixelBlog

Security And The Internet

Do you know how secure your information is? Do you know that by visiting your favourite sites you are broadcasting to those sites your computer Operating System, your web browser version, the site you came from? Do you know that when you upload files to your website and collect email you are most likely broadcasting your user details in plaintext? The digital equivalent of shouting your password from your window.

With the recent loss of personal details of UK families (from which my family is personally affected) it’s made me reconsider how secure my information is, in everyday life and on the internet.

I did some scanning of our server logs and found some worrying statistics. Despite 3dpixel.net having guides specifically detailing how to connect via secure methods which will encrypt the transaction between the client’s machine and the server, 99% of people inexplicably did not. Essentially they are broadcasting their username and password via several networks (which by default must be considered untrusted) in plaintext. People may consider how important or indeed unimportant this information is. “It’s only my personal email”, or “the site does not matter”. Do people not care about inherent security?

Of course you can get paranoid. Run your web browser through several SOCKS4 proxies over SSH2, never accept any cookies from sites you don’t implicitly trust, have a 50 character password, never buy anything online, don’t read any email in case it’s fraudulent etc etc.. but at least use some common sense and do the easiest things.

Staying with the theme of FTP (because that’s what I looked at in the logs), I had a quick look through some of the most popular FTP clients and they use plaintext connections as their default. You have to actually make some effort to change it to SSL, why not make this the default?

Several months ago we also set our FTP server software to force SSL connections. Unfortunately it only presented the user with a message informing them to connect via SSL (with a link to guide) and didn’t actually automatically change them over. We never found out how to do that. The amount of complaints and grief we received… you’d think we’d committed murder.

Just goes to show…



(not my picture)

This entry was posted on Thursday, November 22nd, 2007 at 4:08 pm and is filed under Technology Stuff. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.