Date: Tue, 21 Mar 2000 11:20:44 -0800 (PST) From: Kris Kennaway <kris@FreeBSD.org> To: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> Cc: freebsd-chat@FreeBSD.ORG Subject: Re: E-Commerce and security Message-ID: <Pine.BSF.4.21.0003211112320.34275-100000@freefall.freebsd.org> In-Reply-To: <4.1.20000321184816.009fb320@mail.rz.fh-wilhelmshaven.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Mar 2000, Olaf Hoyer wrote: > So, basically I am interested in detailed material/sources about the recent > Yahoo/Amazon etc dos attack, seen from technical side, and general security > spots and how to adress them. See the bugtraq archives or the www.securityfocus.com library for some analyses of the off-the-shelf DDoS tools out there. There's really nothing interesting or sophisticated about their effects - the design of the tools themselves and how they can and cannot be stopped is more interesting. I guess the most important point to make about security is to make sure you know what you're doing - don't just leave it at the "well, it's working" stage, or be satisfied if some junior systems guy takes a pass over your webserver. *So many* e-commerce sites out there are insecure, usually because of unaudited systems and poor default settings, or lack of understanding of the technology and how not to use it, and it's putting their business, and their customer's money, at risk. The crypto-gram newsletters (www.counterpane.com) and the RISKS digests (http://www.CSL.sri.com/risksinfo.html) are good general resources for the kinds of security pitfalls people make (the former is more focussed on cryptography, as the name suggests). Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe@alum.mit.edu> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003211112320.34275-100000>