----------------------------------------------------------------- I-Search Discussion List "Social Search Marketing and Technology" ----------------------------------------------------------------- Moderator: Published by: Detlef Johnson Search Return http://www.searchreturn.com ----------------------------------------------------------------- February 26, 2013 I-Search #160 ----------------------------------------------------------------- SEND POSTS: ----------------------------------------------------------------- Refer a friend: http://www.searchreturn.com/subscribe.shtml ----------------------------------------------------------------- .....IN THIS DIGEST..... // -- NEW DISCUSSION -- // "Zero Day Down" ~ I-Search ----------------------------------------------------------------- // -- NEW DISCUSSION -- // ----------------------------------------------------------------- ==> Zero Day Down From: I-Search <> The Burger King ‘hack’ from last week made the New York Times on Monday. The thing about password systems these days is that the Internet presents some headache for web designers, and exposes brands to service breaches. Why make users go through complicated pass routines? Imagine if your Facebook password was compromised. Think about how many services you use which are connected to Facebook authentication, used to log you in. When authenticated via Facebook, a saboteur can run around the Web to see what else that gets them access to. Trolls Gone Wild. To avoid havoc for your brand make sure you have a good password routine yourself, and don't rely on services to provide 2-step authentication or perfect security. Breaches are bound to happen and this is the year that security comes up on everyone's radar. This is the year that in social media, and even in search, issues surrounding security come to the fore. It's not new. Breaches of accounts have happened, including, by example, the White House Google Webmaster Tools account. What I'm saying is the frequency with which these attacks are going to surface will increase this year. Hacking has gotten far more sophisticated than defense. The thing that is crucial to understand about software meant to protect your computer or network, is that it is always out of date, even when it is kept up to date. There is a market for software vulnerabilities that fetch high bids from all manner of organizations when an exploit goes unnoticed and unattended. The US government even makes use of such exploits, known as zero day for the amount of time manufacturers have an awareness about the security hole. It's virtually impossible to work on a computer without software, and software will have vulnerabilities. All security manufacturers want to find their vulnerabilities first. Sometimes, there is a software that is unnecessary in your world. That is why I recommend not having software installed that you aren't sure you absolutely need. I've written about not having blog plugins that you don't fully know, since they can contain nefarious code payloads (for being free). Software is the same way. When a software goes unused, why keep it around? There are strategies for doing this for middleware software you might use but only part of the time. An example of that is the recent rash of Java security bulletins have given rise to a lot of removal and strategies for running Java. ----------------------------------------------------------------- Stay Tuned. Got feedback?: http://www.searchreturn.com/feedback.shtml Archives: http://www.searchreturn.com/digest-archive.shtml Alternate formats: http://www.searchreturn.com/info-formats.shtml Manage Subscriptions: http://www.searchreturn.com/help/manage-subs.shtml Problems unsubscribing? Contact the postmaster: mailto:postmaster@searchreturn.com Information on how to sponsor this publication: http://www.searchreturn.com/help/advertise.shtml Published by Search Return http://www.searchreturn.com Website Membership: http://www.searchreturn.com/register.shtml The contents of the digest do not necessarily reflect the opinions of Search Return LLC or Detlef Johnson. Search Return LLC and Detlef Johnson make no warranties, either expressed or implied, about the truth or accuracy of the contents of the Search Return Digest. Copyright © 2005-2013 Detlef Johnson. All Rights Reserved. -----------------------------------------------------------------