Category Archives: Information Security

Reason for salting password hash (or, why “season” the password?)

I recently decide to start re-learning PHP, and started with building in a security framework for the application I’m developing. In my search for how to implement password authentication in PHP, I started to notice that many still neglect “salting” the password at rest. In other words, many believe that creating an MD5 hash of the password is enough. This is simply not the case. The whole reason for salting a password is to create randomness in the password hashes created.
Continue reading Reason for salting password hash (or, why “season” the password?)

Information Security – Protecting yourself online (or, don’t accept candy from strangers)

I was told as a child to never accept candy from strangers, It’s no different as an adult. Emails, phone calls, and fliers, that offer deals that are just too good to be true are nothing more than adult candy. In this posting, I offer tips on how to stay safe while performing that one task that everyone does during the holiday season (and possibly year-round) – shopping. The article is lengthy, but hopefully it empowers you to be more aware of the attacks present online, and in “real life”, and how to better reduce the risks associated with online shopping.

Continue reading Information Security – Protecting yourself online (or, don’t accept candy from strangers)

Information Security – Unmaintainable code (it doesn’t just make your eyes hurt)

In my travels through the Internet, I found the , Java Coding Standards and wanted to highlight one portion as a concern for application security. The standards (specifically section 3) make me think back to my earlier days of code development. One person I worked with actually said to me after reviewing my code, “This makes my eyes hurt.” Now, as time has passed and my ability to code to standard has improved, I now get complements from the same person who’s eyes had hurt years ago after looking at my code.

Continue reading Information Security – Unmaintainable code (it doesn’t just make your eyes hurt)

Information Security – what is PII? (It’s not something you eat)

PII (personally identifiable information) is data, when associated with other data, identifies information associated with a single person. Some obvious data associated with a single person include a full name, Social Security Number, driver’s license number, birthday, and birthplace.

Continue reading Information Security – what is PII? (It’s not something you eat)

Information Security – what is CIA?

I had the opportunity to attend a training session on the CSSLP Body of Knowledge back in December, 2010. It was an overview on the Certified Secure Software Lifecycle Professional certification exam. The first part of the training is something every ‘Net-savy person should know and understand when talking about information security.

Continue reading Information Security – what is CIA?