My passwords are an example. I don't do anything stupid like use dictionary words or proper names, but I do use Firefox's handy password tool, which records my user name and password to each of my favorite sites.
But does Firefox have a backdoor or a bug that a hacker could exploit? I don't know, but it wouldn't be the first time*. (Programmers aren't perfect, even though we're much closer than the rest of the human population) The point is that it's theoretically possible that a FF bug exists which would allow a malicious website access to my user names and corresponding passwords. If I was truly paranoid, I would memorize all passwords, and possibly kill anyone who knows them.
I'm not paranoid enough with websites I've worked on. To be paranoid about a website, there are a lot of things to consider:
- Security patches to all applications must be installed! This is an ongoing process, since malicious hackers usually hear about security flaws the second they're released.
- All default passwords need to be changed.
- Web applications need to be protected against all kinds of attacks.
- User passwords can not be trusted, since users are stupid.
The problem is that to be a developer, you only need to know how to do things, not how to protect what you do. In fact, most bosses will be happy if you can just program things the way they want. It's up to the developer to learn about security and implement security measures. No one else will do it effectively.
So I'm taking possible threats a little more seriously now, and I've turned the personal paranoia level up from yellow to orange. I'm trying to memorize my passwords and keep security in mind whenever I program anything. I can only hope that this will be enough to keep intruders out of my systems.
* Here are a couple of security flaws found in FF: 1 2. I know, IE is far, far worse, but that's a different post.
No comments:
Post a Comment