The Espionage

When we first get acquainted with web hosting we have plenty of questions.  Many years ago I remember being on the phone asking web hosting tech support how do I edit the files for my website.  I certainly didn’t have the slightest idea how to edit the files securely.  So I thought maybe I would cover this topic in more detail.  It can be confusing and some web hosts aren’t quick to shed light on the subject.

Whenever you sign up for a hosting package your web host will likely provide you with a control panel environment to modify files and settings.  I recommend looking for web hosting that supports cpanel instead of their own custom control panel.  Why?  A lot of web hosting providers support cpanel, so if you are not satisfied with your web hosting you can migrate everything over to another web host easily.

Lets explore the security of the control panel first.   Once you have a web hosting account running cpanel you can access the control panel in the web browser with something like this  “http://www.orangewidgets.com:2082/”.  That will bring up the control panel login screen.  Unfortunately this is not the secure version.  Instead lets try “https://www.orangewidgets.com:2083/”.  That is the secure version (notice the https).  Much better.  Most web hosts don’t really explain this too well.  If your not using the secure version someone else can steal your username and password and hijack your account.  Maybe they should tell you that!

Lets move on to actually editing the files on your website.  You can edit your files in the control panel environment.  It can be done securely (as long as you see the https on the edit page in your browser its secure).  Unfortunately this gets old in a hurry.  All of your code is in black and white.  Its hard to read.  Sometimes you will submit a change but the website will freeze.  Its just not an ideal solution.  There is a better way.  Its called FTP (file transfer protocol).

We aren’t out of the woods yet with just FTP.  FTP is not secure by itself!  Once again that means someone can monitor your website and hijack your username and password.  How to escape this nightmare?  We need to take it one step further.  We need Secure FTP (SFTP).  Secure FTP will encrypt your username and password and all files transmitted.  Perfect.  So how do we set this up?  Well, your going to need a web hosting account that allows secure shell access (ssh access).  It is not provided in many basic web hosting packages.  Fortunately Midphase provides ssh access in their unlimited web hosting package.  You may want to consider Host Monster or Host Gator as well.  They use cpanel and they feature ssh access at low cost (but I have not used either of these two web hosts just yet).  In our SFTP Tutorial I’ll explain how to download a free SFTP client and set it up properly with your web hosting account.  Then we will set up a free text editor that will work with the secure ftp client to make your life easy breezy.

Share It!

I know what your thinking. Your thinking “you know, soon we won’t need passwords. We will just scan a fingerprint or something.”  I am here to tell you that this is most likely naive.  I don’t want to rain on anyone’s parade but there are some big problems combining biometrics and the internet. Big problems. I’m not talking about the current finger scanner solution found on your state-of-the-art laptop. That is a locally stored biometric secret used to manage your identity on your laptop. That is not so bad.  I am talking about large, centralized databases of biometric secrets.  I am talking about a system where I can use your finger scanner to access my files over the internet.

If a biometric identifier is a value computed strictly from physical trait(s) then THAT VALUE IS STATIC. Fingerprint, palm, footprint, retina, dna. It doesn’t matter. Any one of them. Any two of them. All of them combined. They all add up to one large string of characters that never changes. All you need to know is this. If your biometric value is obtained by some stranger AND that stranger can feed your value into the authorization channel then guess what… Your identity is compromised for the life of the system. It is not my intention to slight biometric efforts. But think about what the current solution would be. The internet is currently susceptible to spyware. Slap a biometric device on the front. The internet is still susceptible to spyware. Only now its worse. The internet becomes susceptible to biometric spyware.

I know there is research being done on something called irrevocable biometrics. This is the study of biometric secrets that can change value. IBM is currently conducting research on irrevocable biometrics. The IBM paper is a complicated read. Good luck to those gentlemen. I am unable to follow the math. But I do follow the logic in their charts. I still see vulnerability with spyware immediately after the biometric feature has been scanned.

Which brings us back full circle to the password. Biometrics are derivations of the body. Passwords are derivations of the mind.  One of them can be changed easily. I suggest using both to best emulate identity.

Share It!