skip to main content

TAMU Webmaster's Blog


Information and insight from the A&M Webmasters

security

Updating Privacy Statements

You get them from your bank every year – those notices that something has changed in their privacy and a booklet if fine print spelling out what you can and cannot expect if you visit their home page.  New and updated mandates from the state mean that it’s now our turn to update our statements and let our visitors know what we do and don’t do on our websites.

Because every website at Texas A&M potentially behaves differently and collects different data, CIS should soon be posting a basic university-wide Privacy & Security Statement to complement our own local statement for each of our own sites.   We encourage all of the webmasters on campus to read through CIS’s master statement and post your own local copy specifying what is relevant to your own site.

Tags: , ,

Wednesday, December 2nd, 2009 Miscellaneous No Comments

Using the Bad Guys’ Tools to Keep You Informed and Secure!

My background did not start out in web development but in network administration and security. As such, I monitor the IT security industry in addition to all the web development blogs and sites I frequent. One of the things I’ve learned in IT security is that typically the bad guys are faster than the good guys. A good way to stay on top of things is to watch the resources the bad guys use to keep your good guys up to speed.

One of the sites I watch is milw0rm, an exploit archive and notification site. I use an RSS reader to watch everything that comes from them. Yesterday (12/8/08) I saw an item regarding XSRF in phpMyAdmin 3.1.0, which is the latest version (as of this writing). Since we use phpMyAdmin sometimes, I notified those responsible for it’s upkeep and made sure we didn’t use it when visiting other sites until a patch is available.

Today (12/9/08), I got a notification from the phpMyAdmin Security Feed site about the vulnerability. My point is that by monitoring what the bad guys are doing, we were able to move faster to protect ourselves than the company who writes the software. In fact, the Security notification links back to milw0rm as well.

I wrote earlier about monitoring RSS feeds from product vendors, and this is just another way for you to stay informed and avoid bad PR from a security incident.

Some of the security related RSS feeds I watch are:

Tags: ,

Wednesday, December 10th, 2008 Web Security No Comments

Categories

Archives