Web Security: Are You Part of the
Problem?
Christian Heilmann
Website security is an interesting topic and should be high on the radar of
anyone who has a Web presence under their control. Ineffective Web
security leads to all of the things that make us hate the Web: spam, viruses,
identity theft, to name a few.
The problem with Web security is that, as important as it is, it is also very
complex. I am quite sure that some of you reading this are already part of a
network of attack computers and that your servers are sending out spam
messages without you even knowing it. Your emails and passwords have
been harvested and resold to people who think you need either a new
watch, a male enhancement product or a cheap mortgage. The fact is, you
are part of the problem and you don’t know what you did to cause it.
The reason is that security experts don’t like to talk too much in public
about what they do and where the issues lie; and sadly enough, they can
also come across as arrogant in their views. This could be the result of
people not taking security seriously and not following the most basic
advice, such as using passwords that are clever, not “password” or “letmein.”
Another reason is those tutorials that show you how to “do something in
five minutes” and conveniently neglect to mention the security implications
of their advice. If it sounds too easy to be true, it probably is. A perfect
example of this is PHP solutions that use a file for data storage and ask you
to make it writable to the world. This is easy to implement, but it means
that any spammer can write to this file.