CYBER SECURITY INFORMER - news and tips to help you stay safe online and protect your networkBloggable Security Tips for BusinessCorporate blogs have become mainstream, but how do companies ensure their blogs don't open up a security hole in their network? This week, Cyber Security Informer talked with "Blogging for Dummies" author and Left Right Minds co-founder Shane Birley, to get tips on how companies can lock down their blogs and protect their businesses. "The basics include making sure your software and plug-ins are maintained and up-to-date, keeping spam-comment blockers on, and passwords, passwords, passwords... I can't emphasize enough how important it is to use good passwords," Birley says. "The most common point of failure for online software is from using poor passwords. If you don't have a good one, people could guess it, brute-force it, or do all kinds of things." It's also critical for the company to ensure someone is maintaining the blog's software. "A lot of people tend to ignore updating or doing any kind of maintenance to their blogging software because they just don't know how to do it," Birley notes. "But the problem is that eventually, technical things will go wrong. There's no data system that is bulletproof." Systems that aren't updated can be exploited and depending on how integrated the site is with a company's website and network, it could cause a system-wide vulnerability. An example of this occurred a few years ago, when a flaw in the popular Wordpress blogging software allowed hackers to destroy thousands of databases in the 10 hours it took for Wordpress support professionals to plug the vulnerability. If companies are thinking about adding a blog to their corporate website, they need to do research to figure out which blogging software will meet their needs in terms of Web 2.0 capabilities and security. "See what kind of network and website you already have and talk with your IT people. They can make a decision on how best to implement it. It could be as simple as setting up a blog on Blogger.com. But there are plenty of software packages to choose from, so do your research." Web Application Security Fundamentals Webinar March 6More companies are using web applications to run their business. For some companies, the web application IS their business. How can companies build security into their web applications and protect their revenue stream? Date & Time: Wednesday May 6, from 8:30-8:45 am Pacific Time How to register: To register for this free webinar, go to http://boonbox.webex.com/meet/boonbox Click the "Register" link on the right in the Status column for "PCIS Devfense Web Application Security Fundamentals " and fill in the short registration form. You will be sent your registration confirmation information and instructions on how to participate. Who Should Register: This webinar is a great opportunity for IT managers, web developers, webmasters and other professionals. Future PCIS webinars will also provide information for CEOs and people in charge of risk management to understand web security.
|
May 5, 2009Cyber Security Informer is distributed by: Pacific Coast Information Systems Ltd. (IT Consulting) Boonbox, a division of PCIS (Security Packaged Services) Toll-free 1.877.744.7558 In this issue:* Bloggable Security Tips for Business * Web Application Security Fundamentals Webinar May 6 * Hacker Bait * Ask A Security Expert Cyber Security Informer provides security news and tips to help organizations protect their business and their customers. Give us your feedback about Cyber Security InformerResources Links: |
 |
Hacker BaitThe latest Hacker Bait list contains highly trafficked websites that have been found to have vulnerabilities that hackers and cyber criminals could exploit. This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry. If you would like more information on our data and why these sites are listed here, please contact PCIS Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days
|
Ask A Security Expert"When should I undertake a network or web vulnerability assessment?" It's important to ensure your network and web vulnerabilities are pinpointed with regular scans and manual checks by qualified experts. Outsourcing security assessment to an unbiased third party can help your IT team to consider areas which may not have come under the radar during internal tests and can assist your team to determine priorities. |
||
Boonbox and Pacific Coast Information Systems Ltd.Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup. PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America. |
|||
|
HOW TO SUBSCRIBE/UNSUBSCRIBE SUBSCRIBE: To subscribe to Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com UNSUBSCRIBE: If you do not wish to receive future issues of Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list. WE WANT YOUR FEEDBACK Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558 |
|||
