Yawn.
"a new feature called dynamic root disk"
So, exactly like LiveUpgrade, which has been around for donkey's years. Since Solaris 2.6, IIRC.
Real cutting edge stuff, there...
3 publicly visible posts • joined 30 Apr 2008
"The point of the "Hacker Safe" certification is to announce that the server cannot be accessed by unauthorized "hackers", therefore submitting your credit card and personal details in the transaction is safe, as it will be stored in a purportedly secure environment."
Nope, sorry, this is still totally wrong. A successful XSS attack can be used to gain access to a server and elevate privileges. It's not "just" a defacement vector.
Also, as I mentioned before, I've seen the results from a security audit on a "hacker safe" site, and it was a joke. There is no way I would ever let that site process my credit card details, or store any kind of personal information.
This doesn't surprise me at all; nor, would I imagine, will it come as a shock to anyone who has had any professional dealings with a "Hacker Safe" site.
At my previous workplace, a collegue (who I'm sure is reading this - Hi, Dave!) was responsible for security audits on potential business partners' websites. One had passed the "hacker safe" tests and proudly displayed the logo on their site, yet he discovered the site itself and the processes in place behind it were laughable.
When you logged out of the site, it displayed a message reminding you of what your password was for the next time you visisted. Their policy regarding changing passwords was that the customer could email them with details of what they wanted their new password to be. All this was sent and stored in plain text. This was right up, in your face - you couldn't fail to notice this, yet someone at McAfee decided to still issue the "Hacker Safe" certificate.
And this was before we even got to the application errors, XSS, DoS opportunities, configuration files and information being left out in the open - and on a site storing VERY personal data as well. It just goes to show that whatever tests go on to certify a site as being "Hacker Safe", they're a joke at best; and incredibly damaging at worst.
Paris, because her "box" has probably been rooted less than many Hacker Safe sites.