Security

Securing a server: correctly configuring Linux, etc.

If you operate or rent your own server, it is your responsibility to protect it against failures and external access. You can immediately begin to set the foundation for this when configuring the server, if you have the necessary administrative rights. The correct settings can work wonders, especially with encrypted remote connections via SSH protocol, and greatly increase security. [...]  

Content Security Policy: how websites are becoming safer

Websites can be full of security risks, especially when it comes to active content like JavaScript. Cross-site scripting enables cyber criminals to modify this content for their own purposes. This is dangerous for website operators and especially for internet users. The Content Security Policy tries to reduce this risk. Learn what’s behind the security standard and how it works. [...]  

Click fraud: how to out fraudulent clicks

Every year, click fraud costs the advertising industry billions. An increasing amount of advertising operators have to deal with the fact that their ads often don’t reach their intended targets due to artificially generated clicks through the likes of link farms or bot nets that seek to deplete advertising budgets. We take a closer look at the topic of click fraud and show you some counter measures that you can take. [...]  

S/MIME: the standard method for e-mail encryption

If you send an e-mail without additional security measures, it’s like sending a postcard: if everything goes as planned, the information should arrive unchanged and unread in the recipient’s inbox. However, if someone intercepts the card or the e-mail in transit, they can read the contents without any problem and make as many changes as possible. Just like you would use an opaque envelope to ensure privacy with your post, e-mail encryption helps to ensure privacy with e-mails. The guide reveals why the standard S/MIME procedure is suitable for this purpose and how it ensures your e-mails arrive safely. [...]  

Sign e-mails with a digital signature

Spam e-mails may be annoying, but they’re mostly harmless. What’s more problematic is phishing – a technique whereby fraudsters try to con you by posing as trustworthy sender addresses in an attempt to get hold of sensitive data. These messages appear genuine too, because without a digital signature, it’s very easy to assume a trusted identity online. In order to protect customers and their own reputations, businesses operating online should be fully aware of the importance of electronic signatures. Find out more about how they function here. [...]  

Referral spam: causes and countermeasures

Do you find that lots of the traffic that arrives on your site comes from suspicious sources? There’s no need to worry since website operators encounter inconsistencies in reports from analysis tools (such as Google Analytics, Piwik, or etracker). The reason: referral spam falsifies visitor statistics. Learn how hackers can manipulate referrer information and traffic data, as well as which countermeasures can help fight them off. [...]  

Tips for better website security

Would you leave your window open at night if you knew there were intruders lurking about? Obviously the answer to this question is ‘no’. Many companies and individuals leave their virtual window open to cyber criminals by not adequately protecting their websites. Website security is an extremely important topic. Only by regularly carrying out security checks and following the proper precautions can you be sure that your data stays out of the hands of criminals. [...]  

HPKP: The security feature for SSL/TLS certification

SSL/TLS certificates play an increasingly important role in the transmission of sensitive data. They guarantee that data packets reach the desired addressee without any detours. Problems only arise when internet users are deliberately redirected by invalid certificates from dubious certification bodies – a scenario that can be prevented using so-called HTTP public key pinning (HPKP). [...]  

Browser fingerprints: tracking without cookies

In recent years, so-called browser fingerprinting has established itself as a tracking method that doesn’t rely on the use of cookies. Web servers capture different characteristics from visitors’ browsers and determine their digital fingerprint based on them. They enable visitors to be recognised at a later date. While some information is automatically transmitted, it is mainly active elements such as Flash animations or JavaScript applications that provide crucial information. [...]  

Social engineering – the security gap at ‘layer 8’

The most effective system break-ins often happen without a scene. Instead of disrupting central network devices with DDoS attacks or sneaking through onto operating systems with Trojan horse techniques, hackers increasingly try to exploit the human security gap. There are various such methods that fall within the broader category of social engineering: a technique that sees hackers gather publicly available information. They then use it to attempt to trick company employees by exploiting their normal human traits, such as helpfulness or fear in order to obtain privileged information and passwords. Find out how social engineering works, and what you can do to prevent it. [...]