Over the years and quite a few moves on two different continents, my documents have become a barely-managed trail of valuable information that has become less and less secure over time because of my lifestyle. I decided that it was time to look into some method of digital document management, and I’d imagine I’m not alone. It’s not like I needed an enterprise solution or some sort of digital document management software, but my records are obviously critical to me, and their potential loss would represent an enormous amount of time that I would have to take to replace them where I could, and obviously many physical documents and records can never be replaced if they have not been backed up digitally. A friend’s story of losing his notebooks containing all of his accounts of his experiences in the Vietnam War-in a warehouse fire, as clichéd as that is!-pushed me to finally take the bull by the horns.

A digital document management solution was what I needed, a personal digital archive, and in addition to security I really required that it be easy to add to as time went on. I rejected the idea of a purely online document management method as anything more than an extra backup; it may sound simplistic but a physical solution that included encryption attracted me most. All that it really came down to for me was committing the time to do the document imaging-again I just needed a personal solution, as opposed to a way to store corporate documents. Still, I had quite a bit of work to do– digitizing hard copies of titles to property that had no digital backup was just the beginning.

I don’t want this to turn into a plug for a specific method of digital document management, but in the end the solution that I settled on was a secure flash drive that in addition to encrypting and storing my digital information also protects my passwords and lets me surf anonymously when I’m not using one of my computers. 1 GB of storage was less than US$100, and it was a small price to pay.

Here’s a brief article from Carsonified about the different parts of a cookie and their implications for security. It’s introductory, a good overview on how cookies work, cookie options and configuration, etc.

We did a post on ten security checks for PHP, and pointed to a PHP security guide as well. On a more recent, related note, you might want to take a look at Rkrishardy.com regarding researchers from MIT, Stanford and Syracuse having developed “Ardilla”, which analyzes PHP code for XSS (Cross-Site Scripting) and SQL injection attack vulnerabilities.
Derived from a modified version of the Zend Interpreter, from work done at IBM, Ardilla can’t be released as open source because of licensing issues.

John Pozadzides tells you How He’d Hack Your Weak Passwords. It’s neat to see how somebody might attempt to crack your passwords. And while you are learning some password cracking techniques, keep in mind how you might create better, less crackable passwords in the future.

If you’re running an Apache web server, you should most definately give this short how-to a try. Security Testing your Apache Configuration with Nikto is super simple to follow and you might find the results surprising (like I did).

This is the best guide I have found for configuring OpenSSH on Windows for Public Key Authentication. PK authentication makes it possible to ssh to a remote system without the need for a password (which can be dangerous) during tasks that you would like to automate, like backups or syncronization of two systems.

McAfee and Symantec released a virus alert on Monday about a new worm that targetings PHP and CGI scripts stored on vulnerable Web servers. The Linux/Lupper.worm looks to be real nasty, with the only fix being reinstalling the OS. The reason for this drastic fix is that worm could do things that would be difficult to detect.

So what does this have to do with Microsoft and the media? Well, consider if this worm targetted the Windows OS, and the only fix was reinstalling the entire OS. The media would have a field day! But, with this being on the Linux platform, the media probably won’t even pick up on this one.

Now Microsoft certainly has security issues. There’s no hiding that, and certainly they should be held accountable by the media, but in the same breath, so should any other OS. We keep alot of personal data stored on our personal computers, so security should be a priority in any desktop OS. We also keep alot of personal data stored (sometimes unknowingly) by web servers running Linux, so we should expect the same commitment to security on those servers that are storing our data on the Internet. Linux has a good track record in this area. Security holes are found regularly, and Linux sysadmins are diligent at patching and upgrading their systems.

However, having said that, I think the media needs to do a more balanced job with reporting security holes on all operating systems. Windows flaws affect alot of people and so do Linux flaws. As users of the Internet, we need to be aware when our network-stored personal data may potentially be at risk.