Forgot your password?
typodupeerror

Comment: Re:The CA's are not doing their due dilligence (Score 1) 64

by daeg (#31887652) Attached to: Become an SSLAdmin In a Few Easy Steps

I switched to DigiCert a few months ago and they are much more "rapid" than rapidssl was ever for us.

Our original account with Rapid was under one company name. We subsequently changed the holding company's name on a later request and apparently our account was flagged for manual validation 100% of the time. Each time we renewed it would take 4 or 5 days of faxing forms, confirmations, phone calls from hell, etc.

The nice thing was, at the time, they were one of the few SSL providers to allow unlimited re-issuance. Digicert does too, and has even better prices AFAIK.

(Note: I don't work for them or have any financial interest in them)

Comment: Community more unsecure than the language (Score 1) 229

by daeg (#27044323) Attached to: Securing PHP Web Applications

The community and fleet of developers available to PHP is far and away the more vulnerable than register_globals could ever be.

Modern code bases, books, and examples are STILL being written using string concatenation to build SQL! These examples are teaching these dated, insecure methods to novices, thus guaranteeing these horrible practices will propagate for a long, long time.

Space

+ - Panic of failing QuikSCAT satellite overlown->

Submitted by daeg
daeg (828071) writes "We previously read and discussed about the aging QuikSCAT weather satellite used to help predict tropical storms. It turns out that the panic is likely overblown and the loss of the satellite won't have any dramatic effects on forecasting at all. Some in the National Hurricane Center are now calling for Director Proenza's resignation over this and his overall handling of the center."
Link to Original Source
Security

+ - Passwords in small companies

Submitted by daeg
daeg (828071) writes "As any person in a small company can tell you, we have too many passwords and too many people know them because the defined job roles are very lax. The programmers know our shipping password because they've had to ship things before and the administrative assistants know our printer passwords, for instance. Are there any easy ways to manage these types of passwords securely? If an employee leaves, we have to change all of the passwords (particularly for the places that do not allow multiple delegate user accounts) and simultaneously tell everyone the new password, which is tedious and error prone, at best. What are some methods that have worked in your small companies?"
PHP

+ - PHP 5.2.2 and 4.4.7 Released

Submitted by daeg
daeg (828071) writes "PHP 5.2.2 and 4.4.7 have been released with a plethora of security updates. Many of the security notifications come from the Month of PHP Bugs effort, and range from double freed memory to bugs in functions that allow attackers to enable register_globals, to memory corruption with unserialize(), to input validation flaws that allow e-mail header injections, with an unhealthy sprinkling of other bugs and flaws fixed. All administrators that run any version of PHP are encouraged to update immediately."
Networking

+ - China net use may soon surpass US

Submitted by GuerillaRadio
GuerillaRadio (818889) writes "The BBC is reporting that China could soon overtake the US to have the world's largest number of internet users, according to a state-controlled think-tank.
"We believe it will take two years at most for China to overtake the US," an official at the China Internet Network Information Center told state media. China had 137m internet users by the end of 2006, an increase of 23% from the year before, the centre reported. This figure means that more than 10% of the population is now online."

After an instrument has been assembled, extra components will be found on the bench.

Working...