Computer Science Stuff

Recently I have heard about how Twitter has been hacked using brute force techniques and even how Barack Obama page was hacked on Twitter. You would think a web application as popular as Twitter would have better security measures. There are different ways to hack websites but the most common way websites are hacked is by poor configurations and weaknesses found in the websites. Here are the ways to combat hackers.

1. Check the file permissions for files on your server

If you have files that allow anybody to modify them such as groups and users then you already have a major problem. You need to only allow users to view your content not write to it.

2. Check the privileges of user names accessing the database you are using.

Sometimes granting all privlieges for a username of a database can be dangerous. When designing your website that stores all of your information in a database it is best to split the privlieges between multiple usernames. This could cause the hacker some pain and time when trying to retrieve information from your database.

3. Make sure passwords are above 6 characaters with CAPS and Numbers and double hash them.

When passwords are short lengths and contain no caps and no numbers it makes it easier to do brute force attacks on the websites. So always make sure it is over 6 characters and add caps and numbers to your password. On the backend make sure you double hash passwords. When you double hash them use two different types of hashes. This is will throw hackers off some.

4. Always validate the visitors input.

When you have visitors enter in information that will be sent to the database make sure you protect against query attacks. There are certain combinations that visitors could use to reset passwords or drop your database. So every time they enter in values make sure you have a function to remove bad characters to protect your database.

5. Use computer generated pictures when allowing users to login or signup.

When hackers hack login information, they use a program and to loop through all the possible combinations for a password. If you use computer generated pictures for validation it will cause them even more discomfort for a hackers because they will need a program to read computer generated pictures which is close to none!

6. Use SSL.

SSL is a cryptographic system that uses two keys to encrypt data. SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely. To get a better understanding look below at the block quote from php.net.

SSL/SSH protects data travelling from the client to the server, SSL/SSH does not protect the persistent data stored in a database. SSL is an on-the-wire protocol.

Once an attacker gains access to your database directly (bypassing the webserver), the stored sensitive data may be exposed or misused, unless the information is protected by the database itself. Encrypting the data is a good way to mitigate this threat, but very few databases offer this type of data encryption.

You can buy SSL certificates from your web hosting company or from independent websites.

7. Keep your system up-to-date.

If you are using php 3 and php 5 is out then you need to UPGRADE!!! Usually when you update your system they include patches to solve security problems that the previous release did not have.

8. Customize your security and create no documentation for IT!!!

Most of the time on the internet everybody is using the code because they downloaded it from somewhere in which over a thousand users downloaded the same thing. Hackers will download it to so they can know how to hack it to. If you are real serious about security I suggest you create your own technique after researching other methods out there and create NO documentation for it. I agreed with open source but not when it comes to SECURITY! This will make it hard for hackers and they will move on to an easier website to wreck havoc.

Popularity: 23% [?]

I recently heard of story in which a student blamed linux for the reason why they failed class! The reason being she couldn’t install microsoft office and she couldn’t get her Verizon internet to work on the Linux operating system, called Ubuntu.

#1 Error – Dell

Dell trying to sell an average customer an operating system that requires some computer expertise.

If Dell is going to sell Ubuntu to the average customer they need to configure it all the way or at least provide some documentation to windows alternatives that is on ubuntu. When she gave it a chance and didn’t like it, the Dell representative discouraged her.

“The person I was talking to said Ubuntu was great, college students loved it, it was compatible with everything I needed,” said Schubert.

Sad to say with Linux that is not the case, it is almost compatible with everything you need.

Solution to this problem: They have a Linux alternative to Microsoft Office called OpenOffice. If she still wanted to be determined to use Microsoft Office she could have used wine which allows you to install windows programs in Linux. Also with the verizon software you could probably use wine or a virtual software to set it up but I’m speaking in theory because I’m not sure what verizon gave her.

#2 Error – The User

Now if you are going to choose an operating system as a user you should do some research if you are choosing something that will run alllllllllll of your software on your computer and then move to downplay a popular operating system such as ubuntu.

Solution to this problem: Just do your research before buying products. I guarantee if you do, you will have a beautiful life.

Conclusion

All in all, dell mess up by convincing her to stay with Linux and voiding her warranty if she decided to switch, and for her to not taking the appropriate time to research her operating system. Linux is a beautiful operating system and is making great strides, but its still lacks the strength to fully grab the desktop market from windows. Reason being that I believe it is still hard for the average user to understand the concept and architecture of linux. I also believe linux should have a desktop helper endowed with artifical intelligence to guide users throughout their desktop to help them understand. Hey it’s an idea let me know what you think.

I want the readers to comment to this article and tell me exactly what you think.

Popularity: 20% [?]

This is a simple survey where all you do I copy the questions that apply to you and post them as a comment.

Windows fans

I’ve been a Windows user for _____?

The best thing about Windows is ____

The thing I hate about the other OS’s the most is____

One statement to why people should switch to this OS.

Unix fans

I’ve been a Unix user for _____?

The best thing about Unix is ____

The thing I hate about the other OS’s the most is____

One statement to why people should switch to this OS.

Linux fans

I’ve been a Linux user for _____?

The best thing about Linux is ____

The thing I hate about the other OS’s the most is____

One statement to why people should switch to this OS.

Mac OS fans

I’ve been a Mac OS user for _____?

The best thing about Mac OS is ____

The thing I hate about the other OS’s the most is____

One statement to why people should switch to this OS.

Popularity: 20% [?]

As a developer it is always good to keep up with trends and have an understanding of the direction the field of computer science or web development is moving. Recently I have started to notice just how many thin client applications that are out there that do the exact same thing as many thick client applications. Now for those who don’t know what I’m talking about in terms of thin and thick client apps let me break it down a little.

Thick client applications are your traditional applications. These are the software that you go out and buy from the store then download onto your computer from a CD like Quicken or MS Office. Such applications are then stored on your personal computer’s hard drive taking up memory and runs completely on that computer’s resources. This also means that the security of the application is dependent on the local computer, which in most cases has a limited amount of users and access. These apps, because they are stored on a person’s local computer, are always readily available as long as there are no issues with the computer housing them. This also means that the only way to us such an application from a different computer is that it has to be loaded on that machine, and an individual would have to have there information on some kind of portable media so that it can be uploaded an reused. That means these kinds of apps are not very portable and in most cases can not be used with a mobile device.

Thin client applications are web applications. These are applications that can be accessed from the internet with out the use of a CD or any other type of media. These applications are purchased by paying for an account or subscription to a website which gives you access to the app, as opposed to purchasing it at a store. With the application itself being used from the web it dose not take up any space on the local computer, but still uses other resources from the local computer. Instead the app resides on a server somewhere that can be accessed by many users at any time, which means a need for greater security measures to be taken. Also thin client apps can be accessed by any computer or mobile device that has internet access making them very portable. With that said thin apps are only as fast and reliable as the user’s internet connection and the producer’s server. This also means that if either is not working correctly for any reason then the application could be unreachable or extremely slow.

Now with a better understanding and some background information of what is a thin client and thick client app, I go back to the original questing of which one is better? Well that’s a tough question because at the end of the day they both do the same job and usually cost about the same. Even though thin apps are easier to access and do not take up any memory of the local computer, thick apps are more reliable and usually a lot more secure. Thus I think the best way to answer this question is for users to first decide how big of an issue accessibility is. If it is a big issue for the user then yes, a thin client app is defiantly better. Yet, if that is not the case then maybe a thick client app is better. It all depends on what the user is looking for out of their apps. If you have any questions and want to know more about thick and thin client apps you can e-mail me at me_conwell@compscistuff.com.

Also a side note: Thin client apps are the basis of cloud computing, which is the idea of a computer running with its apps being ran from a remote server as opposed to on the local computer itself. This is an Idea that will be further explored in a later article so being on the look out.

Popularity: 69% [?]