finally{}: Experts or Out-of-touch?

After talking to someone about ideas for new security education, I popped over to check out the latest OWASP Top Ten list. A quote on their homepage stood out to me:

This category represents the scenario where the security community members are telling us this is important, even though it’s not illustrated in the data at this time. https://owasp.org/www-project-top-ten/

The experts in their community were telling them that a specific issue was critical and widespread enough to warrant a place in the top ten, but the data they collected from codebases and users didn’t reflect this at all. Is this because the issue is too up-and-coming to be reflected in the current boots-on-the-ground numbers, but we need to act now because it will soon be a huge issue? Or is this a situation where the experts work on a level so different from the standard developer that the security risk is only applicable to them and not in everyday circumstances?

Continue reading “finally{}: Experts or Out-of-touch?”

Can’t Authorize SSH Key in cPanel

I was working on a new website that is on a shared host using cPanel. I contacted the host and had them activate SSH access on the account for me, and then I added my public key using cPanel’s import feature. After adding my key, I clicked on “Manage” to authorize the key for use, but I just got a blank cPanel screen with no options on it other than the “Go back” link.

Continue reading “Can’t Authorize SSH Key in cPanel”

Cleaning Up a Hacked E-mail Account

Many people use free e-mail account; in fact, you might say almost all of us do. Free e-mail accounts are easy to get and handy to have, but there has been a more consistent pattern as of late where e-mail accounts are being hacked. This is becoming very common, and I have been asked so many times what to do when an account is hacked, that I decided to write down my suggestions for getting things cleaned up. Continue reading “Cleaning Up a Hacked E-mail Account”