Comments on: Wardens of the Web

With the ever-growing world of Web 2.0 comes new security challenges. In CNET News.com's four-day series, we peek behind the curtain at online giants Yahoo, Google and Microsoft, and the elite corps charged with securing Web applications.

[qwerty75]

Want to increase online security?

1. Ban Windows-The biggest security threat to the internet

2. Ban ActiveX-Redundant because of #1, but it still needs to be said.

3. Ban PHP-Security is job none at Zend

4. Don't let amateurs create dynamic pages, or use scripting languages.

5. Force any website or web service to pass at least a basic security evaluation. Yes, it will add 3 or 4 figures to the cost of developing a site, but will save far more then that in the long run.

6. Require a basic security certification to connect to the internet.

7. Teach business people without a clue that security features is not the same thing is a secure feature.

Yes, some of these are draconian, but it will significantly help online security.

Network security depends on the weakest link. That is why it fails time and time again.

How many people on the job fall for social engineering tricks? It doesn't matter how much money you throw into security when 1 employee can unwittingly invalidate it all.

How many people actually know what a SSL certificate is, much less know when to accept or reject a certificate? The SSL protocol is entirely dependent on people who don't know enough to intelligently use it.

In short, people need education and to stop using inherently unsecure software like Windows and PHP.

[n3td3v]

security teams at Google, Yahoo, Microsoft

i can tell you that half of them are blackhats but play the role of whitehat during the day, but the same people are seen in underground hacker channels at night openly planning cyber attacks.

if you want the real story behind all three security teams then approach me and i'll give you the employee names and evidence to back everything up.

n3td3v

[n3td3v]

Its the enemy from within thats the real threat

These people are talking to Cnet about outside hackers doing something, but its the enemy from within thats the biggest threat to all three brand names.

What these people do in office and what they do and who they speak to out of office are completely different things.

While these teams play the good guys at work, they are the actual elite skilled users that the government are keeping an eye on outside of their corporate cubes!!!

I have spoken to many people from these companies and they are two faced in so many ways, and they are more than whitehat, they where multi colored hats!!!

The brand name doesn't know whats going on, but there are elements who know whats going on, but are too scared to speak up because of job and career insecurites, so they jsut shut up and turn a blind eye.

If employees weren't scared to speak out against known rogue employees, the brand name would be far more secure from security breaches.