Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573
IMG_20140204_105908

Security Issues on this site.


Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

January has been hopping around these parts. We’ve released software, addressed security concerns, revamped the website, and more. I want to take a minute to talk about a few things and give thanks where it’s due.

Site Security
Cybersecurity is a huge issue here. Should this site be compromised, bad things could happen to our users. We take this threat very seriously and while discussing it one day CyanogenMod developer, Pen Tester, and all-around nice guy, Ryan Scott (aka ChiefzReloaded) offered his services to help secure the site. It took him nearly a week to finish up testing. He went above and beyond, signing up for various accounts on CASUAL-Dev, testing both planned and already implemented features. ChiefzReloade’s testing was thorough, and at the end of the day we can say we’ve addressed just about every potential security concern thanks to him.

Java Security
Security can only go so far from our end. Our site relies heavily upon Java. And in 2013, Java was the leading entry point for explicit malware on all computers. As of Java 7u51 (released two weeks ago), Java is no longer much of a security concern. Most existing malware will no longer run, and that which does can be kill-switched remotely after being reported. I know most users are running Java 7u21, have skipped 7u45, and haven’t yet updated to 7u51. So, I encourage you to click here and update. The latest release of Java requires that a trusted certificate authority verify an individual and issue him or her a signing certificate. This certificate is verified against OCSP and CRLs each time the application is launched. If it is determined that the individual who signed the application is a malware author, the signature can be revoked and the application will refuse to run on your computer.

While the latest Java update causes developers like us to have to jump through many hoops while addressing security concerns, I’d say the end result is worth it. CASUAL is 100% conformant with the latest update’s “High Security” settings. The updates to Java7u51 will not only invalidate most malware, they also cause malware authors to think twice about signing off on the malicious software in the first place and allow for remote kill-switching when any is discovered.

Something to think about
An issue was identified by security researcher Justin Case: We are training users that it is acceptable to allow a web application to ask for root permissions. I’d like to point out that this is 100% true. We use administrative access to install drivers for software that is used by CASUAL and Jodin3. We do this in the name of being user friendly and we’ve “earned” the permissions due to proper procedures and code signing of our applications. However, what can we do to address user training? Should we make a mandatory training class, or offer one? A video? A class? A test? Sound off below with your ideas.

Share on Google+2Share on Facebook0Tweet about this on TwitterShare on Reddit0

Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

Notice: force_ssl_login is deprecated since version 4.4! Use force_ssl_admin() instead. in /var/www/vhosts/casual-dev.com/httpdocs/wp-includes/functions.php on line 3573

Leave a Reply

Your email address will not be published. Required fields are marked *