At my place of employment, I have been charged with physically securing our two servers. The decision has been made to bolt them to the concrete floor in a cage. I don't know how to shop for a server rack. We have an old one that they're on now, but it's an open rack, without sides or locks. I need one that's more of a cage, to keep people without the key out. It'll have to fit at least 8U worth of servers, and also accommodate a midsized tower somehow, and be 1000mm deep minimum.
How do I shop for this? I can't find any information on whether any of the racks I'm looking at are bolt downable.
posted by TrueVox
on Jul 19, 2013 -
I read online that the director did a lot of research and consulted with military experts on how an actual terrorist siege on the white house could work. Of course, he also said that white house security experts have already planned for such an attack.
I'm curious what would have been done differently in real life by the white house and DC security?
posted by Wanderer7
on Jun 28, 2013 -
I'm subletting my room in a Capitol Hill, Washington DC rowhouse for 1 month. I pay $1250 for rent, and I'm thinking about charging $1050 in rent for a subletter to make sure I get someone for July. My security deposit with the landlord is about $1000. The landlord knows I'm subletting it and is totally OK with it, as long as I'm responsible for any potential damage. So would it be unreasonable to require a $1000 security deposit for a 1-month sublet? How about $750? $500? [more inside]
posted by catquas
on Jun 27, 2013 -
I'm thinking about replacing my current mobile phone with an Android device and I'm having a hard time understanding how the Android update / security patch infrastructure for the core system is supposed to work. [more inside]
posted by mirage pine
on Jun 26, 2013 -
I recently took a job for a new company and received a company laptop. However, I'll be a remote employee working from home and travelling. The company is a small independent subsidiary of a large Japanese company who hires out their IT functions to an independent contractor. I won't be googling any super-weird stuff, but hey, it gets boring in hotels sometimes.
How can I know if my company can monitor any web usage remotely? [more inside]
posted by anonymous
on Jun 25, 2013 -
My small town post office is offering a new feature I'd never heard of, street address deliveries to it, so you don't have to have anything delivered at home anymore. Given that the mailbox of the house I've been renting a room in is extremely insecure, this seems desirable. But given that every action I've taken in the last 10 months has gotten turned to the worst possible outcome, I want to know what the downsides are. Would it affect my credit rating? Would it make me look suspicious? What would be the downsides of using it as a residence address for my drivers license, which is up for renewal before I find a stable situation? [more inside]
posted by endurance
on Jun 24, 2013 -
I've been tasked with creating (well, refactoring and redesigning) a web app for managing a security company. It includes call logs, encounter reports, regions, locations, duties (patrols), various kinds of bulletins, and other things. If I were to search for existing software that covers the same purpose, what would I search for? What is this kind of thing called? [more inside]
posted by WasabiFlux
on Jun 14, 2013 -
Motivated by a combination of curiosity and laziness, I want to gain root privileges on an Ubuntu 10.04 machine (which belongs to me). I'm pretty sure I failed to apply any security updates, so hopefully there are some unpatched holes. I have an account which I can log in to, but I have forgotten my password so I can no longer sudo. It's not easy to physically access the machine, so I can't boot to single user mode. I have found sites which provide exploit code, but the exploits seem to be crippled in a highly responsible way. Where are the non-crippled versions?
posted by beniamino
on Jun 11, 2013 -
I'm interested in asserting a lot more control of my personal information and communications to prevent prying eyes of both governmental and criminal types. I'm interested in general best practices to secure my personal information, passwords, data and communication (including phones, texting and email). I am not an expert in software or anything of the kind. I use an iPhone and Apple computers. There's a few more specific requests inside. [more inside]
posted by anonymous
on Jun 9, 2013 -
Twice this week, I've fallen for spam emails. Have I compromised my security? Will I die? [more inside]
posted by popcassady
on Jun 7, 2013 -
I'm running the latest LTS version of Ubuntu on my hosting provider's cloud VPS service. I recently noticed a series of weird, spammy looking messages in my server's mail.log file. Tech support at my hosting provider says it does not appear to be compromised; are they wrong? [more inside]
posted by compartment
on Jun 6, 2013 -
How can I misuse this bank account information? No, wait, that came out wrong. I’m looking for help justifying data security measures (at my office) for banking info. [more inside]
posted by Signed Sealed Delivered
on May 29, 2013 -
I am moving into a medium-sized house soon and I need a decent security system. I'd love to avoid paying the big security corporations that force you to sign contracts and all that. Aside from a normal alarm system (I'm thinking Simplisafe), I also want to explore the option of security cameras (on the outside). Does anyone have experience with good consumer products in this space?
posted by malhouse
on May 25, 2013 -
How can I enforce a firewall -- built-in or 3rd-party -- in OS X, such that even someone with an admin account can't disable it? [more inside]
posted by mendel
on May 24, 2013 -
Is it possible to write a loan contract which effectively secures the debt against the borrower's property only
in the event of bankruptcy or death of the borrower? I.e., as long as the borrower is in control of his financial affairs the lender has no right to the secured assets even if the borrower defaults, but if the borrower dies or goes bankrupt the security kicks in, so that the debt has priority for any third-party trustees managing the estate? [more inside]
posted by Estragon
on May 17, 2013 -
Does anyone have a simple method of coming up with a excellent new passwords for every website that you can nevertheless easily remember? I'm thinking some combination of a master password combined with the website url or something like that, but the underlying rule should not be easily guessable by others even if they have a few examples in front of them. Any ideas?
posted by shivohum
on May 1, 2013 -
I'm out for a walk taking some pictures and he stops to chat me up. We exchanged email addresses and now I'm regretting it BIG time. [more inside]
posted by redindiaink
on Apr 20, 2013 -
I am looking into alternatives to Windows EFS to protect sensitive data on a Linux web server. I know practically nothing about EFS, but I get the impression that the files are effectively plain-text if you are logged into the Windows machine as the user who owns the files, so the same level of "encryption" exists in a Linux environment if the files have only read/write perms for file owner and no perms for anybody else. My colleague says "No, it is not the same level of security" but doesn't provide any further info regarding how/why it's different. What am I missing here? [more inside]
posted by 0
on Apr 1, 2013 -
Instead of the usual "username/password" challenge, some bank websites ask you for a username, and then for some letters from your password -- e.g. 'Type letters 1, 4 and 7 of your password'. I understand that the advantage of this is that you never enter your whole password, thereby making life difficult for keyloggers. But I don't see how it's possible to implement such a system without (effectively) storing the password in plain text on the server, which surely not a good idea. What is this practice called? Do security experts consider it good practice? Can you point me to a paper that explains how it is implemented securely?
posted by beniamino
on Mar 28, 2013 -
So. If you had a wordpress self-hosted website accessed through your name and an ok password and a gmail account associated with the wordpress admin login, what would you do to secure everything from fuckery? [more inside]
posted by Kerasia
on Mar 21, 2013 -
Please help me translate the phrase, "Something that you bought at another store has not been cleared. I can fix that for you. Thank you." [more inside]
posted by wintersonata9
on Mar 17, 2013 -
So, my debit card number has now been "compromised" twice in as many months. How am I supposed to approach security with cards nowadays? [more inside]
posted by selfnoise
on Mar 11, 2013 -
This has happened twice now, and it is freaky. Google chrome on the iMac I use in my office at work (at a university) will have usernames and passwords for people who have never been in my office ever. The first time it happened it was my father's email, and the second time it was my stepmother's. Why would chrome be filling in these odd emails when it doesn't even save my own login information after closing the browser window? [more inside]
posted by artychoke
on Mar 7, 2013 -
Strangers from adjoining neighborhoods have created a path on private land behind my house. What are some ways I can stop them? [more inside]
posted by Arbitrage1
on Mar 3, 2013 -
A former contractor for a small business I'm involved in has told an employee he plans to sabotage the business' 5 trucks, possibly pouring chemicals in the gas tanks. Advice on the best methods and devices to try to prevent this would be very appreciated. [more inside]
posted by jcfudgely
on Mar 1, 2013 -
What would be the best ways to secure multiple laptops, smartphones, cameras (physically, and also to catch thieves) in a "rustic" foreign country... keeping in mind I need to fit everything in luggage or fashion it out of raw materials in country. [more inside]
posted by DaftMythic
on Feb 28, 2013 -
Open source software is considered trustworthy because anyone can validate the source code and hold the developer accountable. Usually developers will also make compiled binaries available for convenience. How can we know that these binaries are compiled from the same
source code the developer published, and not a malicious variant of it? [more inside]
posted by The Winsome Parker Lewis
on Feb 26, 2013 -
Android apps seem to grab permissions that I have no desire to give them. My understanding is that the permissions per app are all bundled together: it's all or nothing. At least officially. Is there another way? Also, is there a privacy watchdog site that will help me find apps that actually respect my privacy and support/purchase them over those that do not? [more inside]
posted by jsturgill
on Feb 19, 2013 -
I want to only share my identity with the tax man when I write, and allow people to pay me online. How do I do this? [more inside]
posted by anonymous
on Feb 13, 2013 -
My department is being mandated to start using Google+ and some other Google apps. Please help me think through the security and privacy implications of what I am afraid might become a real mess. [more inside]
posted by jbickers
on Feb 4, 2013 -
I am new to this so this may be a very basic question. I am starting a mailing list of about 1000 people with 3-4 subgroups. I want to structure it so that people working for me can design and send out campaigns but I want to find a way by which they can't download the mailing list and share it with others or use it for purposes other than my campaigns. Is there a way to do this?
If not in MailChimp can I do it in another software?
posted by london302
on Feb 3, 2013 -
How do I prevent OCR on a document (typically a PDF but I could use another document format if necessary)? I know that when I scan it from a hard copy to a PDF I can disable/stop the OCR process, but Adobe allows it to happen on any PDF I scan in, whether OCR was eliminated at scanning or not, and I have to stop that (I have work product I'd like to distribute electronically, but my boss would like to make sure it's not searchable and it's as hard as I can make it to copy).
I can use any software or process within reason.
posted by mrs. taters
on Jan 25, 2013 -
Twice recently my Gmail acct. has been hijacked by someone who is sending spam emails to some, but not contacts --seems to be only recently emailed (by me) people. The spam is an ad, as seen on Fox News for Raspberry drops weight loss aid. How do the spammers access my Gmail account? Could it be through my brand new Android cell phone? I am unaware of any other problems on my (Macbook) home computer. I have a secure WiFi router at home. No evidence malware or virus. I've changed my Gmail password, FWIW. Any suggestions on how/where to find a way from this happening again?
posted by NorthCoastCafe
on Jan 15, 2013 -
My AV program found 'Exploit:Java/CVE-2012-4681' on my laptop. It's a primer that sets up my machine for future exploits, but I haven't found any further infections using AV or Housecall. What steps should I be taking to assure myself that the machine is clean, and what can I do to prevent this kind of problem in the future. [more inside]
posted by Urtylug
on Jan 12, 2013 -
With email and website passwords, are successful "brute force" attacks still common, where an automated bot tries thousands and thousands of passwords on the same user account until one works? [more inside]
posted by pete_22
on Jan 9, 2013 -
I need to retrieve the SSID of a wifi network that is not in range from either an iPhone or an old hard drive. [more inside]
posted by IanMorr
on Jan 2, 2013 -
What are good resources, online and offline, for information about the average experience in federal prison camps (minimum security prisons)? [more inside]
posted by anonymous
on Jan 1, 2013 -
Help me name my new product, which combines the functionality of popular existing apps, but is specialized with high-security features. [more inside]
posted by bfu
on Dec 26, 2012 -
Question for the hard-core commerce and security geeks: Always-on SSL, or AOSSL.
Last spring The Online Trust Alliance
, or OTA, started a PR campaign to convince folks who manage web sites to use SSL to secure the entirety of their web sites — not just forms and checkout pages. OTA points out that some large social sites (Twitter, Facebook, Google) — folks for whom the customer is the product — have implemented AOSSL, or are in the process of doing so.
Who I *don't* see coming on-board are large and highly trafficked e-commerce sites. By my survey, none of the top 100 eCommerce vendors (using Internet Retailer's list) have implemented AOSSL, and I'm wondering if there's a reason why... (more inside). [more inside]
posted by deCadmus
on Dec 13, 2012 -
How can I setup a website accessible by VPN but by multiple users at different locations? More details inside... [more inside]
posted by thorny
on Dec 6, 2012 -