2013|10|11|12|
2014|01|02|03|04|05|06|07|08|09|10|11|12|
2015|01|02|03|04|05|06|07|08|09|10|11|12|
2016|01|02|03|04|05|06|07|08|09|10|11|12|
2017|01|02|03|04|05|06|07|08|09|10|11|12|
2018|01|02|03|04|05|06|07|08|09|10|11|12|
2019|01|02|03|04|05|06|07|08|09|10|11|12|
2020|01|02|03|04|05|06|07|08|09|10|11|12|
2021|01|02|03|04|05|06|07|08|09|10|11|12|
2022|01|02|03|04|05|06|07|08|09|10|11|12|
2023|01|02|03|04|05|06|07|08|09|10|11|12|
2024|01|02|03|04|05|

2021-04-20 "Eighteen different cyber attacks are possible on my site" [長年日記]

If I don't change the password of your company's business system every three months, I will not be able to access the system. Therefore, I have to do it.

I also change the passwords of all my private systems at the same time, and the number of passwords is 16 (as of now).

It takes at least two hours to make all the changes, so I try to make sure I have enough time for this.

I have made a memo of all the procedures so that I can shorten my work time, but some systems changes the specifications on its own within three months, which is quite annoying.

In addition, we are also taking a full backup of our website to coincide with this occasion.

If not handled with great care, it could accidentally destroy the system, so it is done with a great deal of caution.

-----

Recently, I've been reading AWS Inspector, a report that AWS gives me to check my cloud environment.

That's what the report is about, in a nutshell, included the information of

"Eighteen different cyber attacks are possible on my site"

I could barely understand it, but I did understand the methods of the communication API, albeit vaguely -- to be honest, I was a little pale.

-----

Changing passwords is the most basic of security measures, but it is very effective.

The company is holding the business system hostage and forcing employees to change their passwords, which is, well, good ways.

Amazon and Google should also take this "hostage strategy" -- I think.

However, when I think about the mountain of complaints that will come from customers due to the expiration of passwords, I can understand why they would not want to do that.