I-Search #160: Zero Day Down

                    I-Search Discussion List
            "Social Search Marketing and Technology"
Moderator:                                          Published by:
Detlef Johnson                                        Search Return
February 26, 2013                                   I-Search #160
Refer a friend:       http://www.searchreturn.com/subscribe.shtml

                   .....IN THIS DIGEST.....

// -- NEW DISCUSSION -- //

             "Zero Day Down"
			 ~ I-Search


// -- NEW DISCUSSION -- //


==> Zero Day Down

From: I-Search <>

The Burger King ‘hack’ from last week made the New York Times on 
Monday. The thing about password systems these days is that the 
Internet presents some headache for web designers, and exposes 
brands to service breaches. Why make users go through complicated 
pass routines? Imagine if your Facebook password was compromised. 
Think about how many services you use which are connected to 
Facebook authentication, used to log you in. When authenticated 
via Facebook, a saboteur can run around the Web to see what else 
that gets them access to. Trolls Gone Wild.

To avoid havoc for your brand make sure you have a good password 
routine yourself, and don't rely on services to provide 2-step 
authentication or perfect security. Breaches are bound to happen 
and this is the year that security comes up on everyone's radar. 
This is the year that in social media, and even in search, issues 
surrounding security come to the fore. It's not new. Breaches of 
accounts have happened, including, by example, the White House 
Google Webmaster Tools account. What I'm saying is the frequency 
with which these attacks are going to surface will increase this 
year. Hacking has gotten far more sophisticated than defense.

The thing that is crucial to understand about software meant to 
protect your computer or network, is that it is always out of 
date, even when it is kept up to date. There is a market for 
software vulnerabilities that fetch high bids from all manner of 
organizations when an exploit goes unnoticed and unattended. The 
US government even makes use of such exploits, known as zero day 
for the amount of time manufacturers have an awareness about the 
security hole. It's virtually impossible to work on a computer 
without software, and software will have vulnerabilities. All 
security manufacturers want to find their vulnerabilities first.

Sometimes, there is a software that is unnecessary in your world. 
That is why I recommend not having software installed that you 
aren't sure you absolutely need. I've written about not having 
blog plugins that you don't fully know, since they can contain 
nefarious code payloads (for being free). Software is the same 
way. When a software goes unused, why keep it around? There are 
strategies for doing this for middleware software you might use 
but only part of the time. An example of that is the recent rash 
of Java security bulletins have given rise to a lot of removal 
and strategies for running Java.


Stay Tuned.

Got feedback?: http://www.searchreturn.com/feedback.shtml

Archives: http://www.searchreturn.com/digest-archive.shtml

Alternate formats:

Manage Subscriptions:

Problems unsubscribing? Contact the postmaster:

Information on how to sponsor this publication:

Published by Search Return

Website Membership:

The contents of the digest do not necessarily reflect the
opinions of Search Return LLC or Detlef Johnson. Search Return LLC 
and Detlef Johnson make no warranties, either expressed or implied,
about the truth or accuracy of the contents of the Search Return

Copyright © 2005-2013 Detlef Johnson. All Rights Reserved.