{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1400px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Security for Security's Sake.... At Last!!

by Ed Adams on November 29, 2011

Recently we received a request to test a couple of consumer devices -- the vendor wants us to try and root the device and gain access to protected applications and data. A common worry for the security-conscious company.

The trouble is most manufacturers of consumer devices are not security-conscious. Several years ago, we had a project in which we tested a consumer device that, in its previous versions, had no connectivity; however, in this to-be-released version, the device was including Internet connectivity for the first time. In fact, not just point-to-point collaboration but full unlimited browsing -- this ~$100 device was suddenly a full-featured netbook.

Here's where the problem came in -- the embedded/on-device code was rock solid but the AJAX and web-connect code was terrible... really awful. Security holes so large, we could drive the proverbial truck through them.

This is an all-too-typical case of smart engineers (or managers) thinking those "smarts" can transfer to a new medium w/o any new education or training .... it doesn't.

This is a topic about which I wrote quite a bit ~5 years ago. It's old news now; however, the same story repeats itself over and over. New medium, same problem.

This most recent request to test a consumer device for security issues brought me back the story I just recounted above. But this time things are different. The company isn't just sending their device through a 3rd party security audit to meet a compliance checklist -- they are serious about protecting the IP on that device and are aware of the connectivity the device provides (and all the risk that comes with it.) This company is to be applauded for their proactive security stance -- they are one of the few who view security as an investment to be justified and cost-minimized, as opposed to an integral part of their business plan to be executed with precision, dilligence, and excellence. This is a company who now realizes that security is a business enabler (or disabler if mis-treated during product design and development.)




Topics: security awareness

Most Recent

What's Trending

Featured Resource