Security Week
In this section, we highlight the security stories from the week in Fedora.
Contributing Writer: JoshBressers
Encryption Security
With all the recent talk of encrypting hard drives, the cold boot method, and using proper passwords, this[1] xkcd comic reminds us of the weakest link in all cryptography, the person with the password.
Running things as root is a bad idea
While I always knew this, this article still sort of blows my mind: Windows Security Improved By Denial Of Administrative Rights[2] To quote the article:
... configuring users to operate without administrative rights mitigates the impact of 92% of "critical" Microsoft vulnerabilities ...
92%, that is mind boggling. It's been sound advice for a long time in the Linux world, not to do things as root. I suspect if we expected everyone to be doing everything as root, virtual any minor security flaw would suddenly become a very serious matter.
[1] http://xkcd.com/538/ [2] http://www.informationweek.com/news/security/app-security/showArticle.jhtml?articleID=213001021&subSection=Enterprise+Applications