Looking at today's article,
Someone Hacked PHP PEAR Site and Replaced the Official Package Manager
it has several appealing elements to those writing reports. Their style shows what the content is, how that appeals or affects people and their systems, and then provides sources for nearly everything. The majority of this article goes on to explain what PHP repositories are, why they are used, and how expansive the PHP PEAR site was for a global user base. The real beauty of their reports is that they provide a semi-technical way of bringing the reader up to speed on the technology before jumping into the security breach. In this article alone, there are five sources scattered throughout and they are not all centered around one specific section. This provides well-founded coverage.
To look closer at another article, DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains by Swati Khandelwal, it reviews an order by the Department of Homeland Security to strengthen the government's DNS standards and perform audits to validate those settings. Swait provided a link to DNS hijacking, and a good description of what that is and how it relates to this DHS directive. Swati also gave a link to the DHS directive site to provide legitimacy to the article which gives the reader the ability to follow up on everything. As a student, that provides me a means to find additional information and provided this is a direct source for a citation instead of just quoting the article. Additionally, the article covers several other related segments such as other sites that were recently hijacked because of poor DNS security and specific details for the audit requirements.
https://thehackernews.com/2019/01/dns-hijacking-cyber-attacks.html
https://thehackernews.com/2019/01/php-pear-hacked.html
No comments:
Post a Comment