Jump to content

Web Site Security and Logins


straycat19

Recommended Posts

In the wake of the recent Yahoo Cookies attack and the discussion at the RSA Conference, Stehphen Northcutt of SANS, made the following comment which I wanted to share since it is good security advice.

 

When you are logging on to a web site and they say you can authenticate with your FaceBook or Yahoo, or Google or whatever account, don't do it. Have a unique login for every account and never link one to another. That will not solve everything, but it will reduce your risk. And I realize that people that do not work in security would not like to delete cookies, but as a security professional, try to default to no cookies on your main browser and the one you use to set airline reservations etc, that needs cookies, clean them out on a regular basis. Yes, it is a hassle because you have to log in again and yes, it reduces your attack surface area.

 

 

Link to comment
Share on other sites


  • Replies 1
  • Views 604
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...