[TriLUG] Protecting from SSL Vulnerabilities - iFolder

Michael Peters mpeters at plusthree.com
Thu Apr 29 09:28:11 EDT 2010


On 04/29/2010 05:47 AM, Matt wrote:
> Moving the port falls into the category of "security through obscurity",
> which can help to cut down on the noise.  Moving the port would stop the
> script kiddies that specifically target port 443, but anybody who runs a
> port scan would quickly find the new location.

Yeah, it's minimal security at best and most likely won't help you at all.

> Since you are running apache, you may want to consider using browser
> certificates in addition to passwords.

I'm not sure this is applicable since I bet iFolder won't be able to use 
those certificates.

>  According to the IT consultant at work, who
> worked at a bank, over 80% of the people used one of three passwords:
> "password", "Jesus", and their first name.

Well, if he could see the user's passwords then their software already 
has some security problems :)

-- 
Michael Peters
Plus Three, LP



More information about the TriLUG mailing list