Author Topic: Deja Vu - Web Apps a matter of Security  (Read 1145 times)

Offline dannjr

  • Main Certifiable NutcAsE
  • Administrator Nut
  • Certifiable Nut
  • *****
  • Posts: 6342
  • Gender: Male
  • Share your life. Be a organ donor other Bday 1998
    • DSLnuts | Broadbandnuts | Cablenut
Deja Vu - Web Apps a matter of Security
« on: February 28, 2009, 02:57:52 pm »
Why is this in the NEWS section of Broadbandnuts.. WELL its also an announcment see below...
Quote from the good security people of Sans.org
-------------------------------------------------------------
Deja Vu - Web Apps
Published: 2009-02-27,
Last Updated: 2009-02-27 04:09:28 UTC
by Patrick Nolan (Version: 1)
0 comment(s)

From FTC File No. 082 3113, the highlight is the Deja Vu, ymmv.

The  complaint is for violations of the provisions of the Federal Trade Commission Act by an operator of a "computer network that consumers use" and it says;

"respondents engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security for the personal information stored on their network. Among other things, respondents:

(1) stored personal information in clear, readable text;

(2) did not adequately assess the vulnerability of their web application and network to commonly known or reasonably foreseeable attacks, such as “Structured Query Language” (“SQL”) injection attacks;

(3) did not implement simple, free or low-cost, and readily available defenses to such attacks;

(4) did not use readily available security measures to monitor and control connections between computers on the network and from the network to the internet; and

(5) failed to employ reasonable measures to detect and prevent unauthorized access to personal information, such as by logging or employing an intrusion detection system.

FTC AGREEMENT CONTAINING CONSENT ORDER
-------------------------------------------------------------------

So why is this here in the News on Broadbandnuts. This pertains to all our websites and servers
It's to announce that we're in constant compliance to FTC/SCC and Government rules.
We take full measure to log all connections
We keep the logs for years at a time
We block would be Spammers and stop intruders as needed and when the firewall sends and intrusion attack.
We spend plenty of time upgrading the Apps on the servers we run in fact its starting to feel like a full time job with overtime.
When and if there is a security update for any of our public servers the Apps and software is updated.. The old programs are archived and the logs for the updates are kept with multiple backup.

We can at anytime make available our logs to the FTC or any other Government body to stay in compliance.

AND while we do all of that we warn our users to disable there email address or addresses from public view but we all know that sometimes it dosnt happen that way.. So if your reading this and have an account here please check your personal settings under your profile.
WE do not allow a user to delete an account here but we do encorage you having your accoun disabled

Thank you Sans.org for reminding us why we have to help keep things as secure as possible 
Be a Organ Donor. A chance at life.
This site never spams or sells its list to anyone. No pop up's or scams
An inconvenience, but if you want to make omelettes, you have to break some eggs.