Tag: security

How to Protect Yourself from the Weakest Links in The Internet of Things

How to Protect Yourself from the Weakest Links in The Internet of Things
Image via image via dsa66503. Image choice is not meant to suggest that Nest is an insecure brand.

So many things are connected to the Internet now. Your thermostat, your refrigerator, your baby monitor, your light switches, your health tracker. Did you know there are web sites designed to find all the Internet connected devices and potentially allow them to be hacked?

You don’t need to be a computer genius to hack into someone’s security system, door locks or cars. Using the username admin with the same password often yields access to such devices with no trouble at all.

Having access to one of the Internet connected devices in your home could be the weak link that allows someone to hack into other devices in your home, such as your computer.

The most important step you can take to protect yourself is to change default usernames and passwords on all your Internet connected devices. Boston University has a great post on how to create a secure password.

If possible, make the device accessible only from your private home network (which has a secure password, right?) You can then log in to your own network away from home, but others won’t be able to.

Protect your data. Be safe out there.

4 Tips for Safeguarding Your WordPress Install

4 tips for safeguarding your wordpress install

The increasing popularity of WordPress – now the most prolific content management system used for websites, stimulates interest among hackers, who’d love to exploit such a widely used platform.  Millions of users, however, count on WordPress security to get their messages out, so a great deal of attention is paid keeping WordPress resources protected.

If you are not an IT professional, unsure of exactly where to start protecting your WordPress install, lean on basic, proven approaches to stay safe.  Dialing your security efforts back to square-one lays the groundwork for continued success, reinforcing barriers against hacker intrusions.  Use these tips to keep your WordPress install out of harm’s way.

Secure Logins and Passwords Furnish First Line of Defense

Login information is a primary barrier against attacks, so maintaining reasonable password and login values is essential for ongoing security.  Pre-loaded words, like Admin, for your administrator account should be changed immediately, since they make obvious targets for hackers looking to infiltrate your website.

Secure passwords consist of multiple characters – at least eight, and should be made-up of a variety of different types of icons.  Both lower and upper case letters should be integrated into your password for the highest levels of safety, as well as numbers and symbols which interrupt identifiable patterns recognized by hackers.

Each person requiring WordPress access should be set-up as an individual user, so there is never a need to share your login information with others.

Updates Keep you Protected

Essential to combating emerging threats, updates should be routine parts of your WordPress management strategy.  WordPress versions should be updated themselves, as well as plugins and themes you use with your install.

In addition to CMS updates, designers add new features periodically and install fixes against the latest hacker attacks. If you are not up-to-date, it becomes easier to breach the security of your outdated version of WordPress.  Updating is simple; just follow instructions given in WordPress, taking care to back-up your files before you proceed.

In case you are not sure whether or not you are current, WordPress clues you in with a yellow banner across the top of your installation, reminding you to update soon.

Use Secure Connections to Access WordPress

Wi-Fi connections leave you vulnerable to hacker attacks, which can glean login data and other sensitive information.  To keep your WordPress safe, connect only from wired sources and trusted home connections with data encryption.

As a periodic safety check, look at the IP addresses of logged-in users to your WordPress site. Unfamiliar entries tip you off to unauthorized activity, requiring immediate password changes.  As an additional measure, hide the version of WordPress installed on your site from users, giving hackers as little information as possible to use against you.

Security Plugins and Backups

Plugins furnish added security against attacks, targeting spam comments and other exploits. Askimet is one free example, preloaded to WordPress installations.  To activate, visit this site to get a WordPress key, which launches basic coverage.  Additional paid services are available upon request.

Regular backups provide assurances your vital website data will not be lost, even when problems do occur.  For the best results, store backups remotely, so they are not caught-up when server difficulties arise.

Safeguarding WordPress starts with basic precautions like using secure passwords, and stays on track with frequent updates and security plugins.

Guest blogger Sarah Brooks is from Freepeoplesearch.org. She is a Houston based freelance writer and blogger. Questions and comments can be sent to brooks.sarah23 @ gmail.com.

LinkedIn and eHarmony Hacked

In case you missed it, LinkedIn was hacked and password information was taken. The linked article explains what LinkedIn is doing.

What you should do is change your password. I changed mine early this morning when this news first came out, even before LinkedIn had confirmed it to be true. My old password was too short, too simple, and several years old. It was in need of a change even if nothing had happened. Now I have a much better one.

I was inspired to change a few other passwords around the web, too. They were holdovers from past years when password security was much less in need of rigor. Make this a day to beef up your passwords everywhere, too.

Update 6/7/2012. Late last night it was announced that the LinkedIn hacker also leaked passwords from eHarmony. Again, change your password.

6 Best Plugins For Securing Your WordPress Based Website From Hackers

Master lock, "r00t" password
Photo by Schill via Flickr

Most everyone that has a WordPress website or blog does so out of the necessity to be creative and to generally express the thoughts that are screaming to dome out of your head onto paper (or in this case the screen). That effort to be me is where I get most of my fuel to carry on even on the worst days of cyber-attacks. A favorite quote comes from henry Ward Beecher, – In himself is a man’s true state of riches and power.

As most of you know WordPress is the very popular software that allows each of us to be who we perceive ourselves to be. With its ease of use and versatile approach to fulfilling each individual’s needs WordPress opens the doors to the virtual universe.

Thesis WordPress themes are responsible for that seamless creative time that you spend when setting up your site. But users beware! As great as this software is for the majority of people who are not techies, WordPress offers a wide open opportunity for hackers.

Thesis WordPress themes are great software products and it is an absolute necessity that you spend the little extra time that it requires to secure your blog or website against invasion by the cyber scum that inhabits our planet! With its vast library of plugins users can seamlessly manage their website without the added expense of a webmaster.

My Top 6 Selections for 2012 Best WordPress Security Plugins

1.  Akismet is a program that checks comments left on your blog or website to see if they appear to be spam and then allows you to review the spam it does catch through the blog “Comments” admin screen. Akismet comes pre-installed with Thesis WordPress themes, and once you apply for and install your API key you will find the controls for it in your options panel in your Dashboard.

2.  Website Defender WordPress Security plug-in is a free and comprehensive security tool that helps you secure your Thesis WordPress themes installation and offers suggestions for strengthening your passwords, securing your database, and lots more.

3.  BackWPUp is a plugin that backs up your Thesis WordPress themes files and database and store them wherever you decide.  You can schedule automatic backups and pick out which folders and tables you want to backup.

4.  WP Security Scan raises the level of the security for your Thesis WordPress themes installation. It does this by scanning your site for security issues then suggests the methods you can use to fix them.

5.  WP Secure plug-in provides security for your Thesis WordPress themes installation by hiding your plug-in directory and WP version from hackers and others. This is important to do because the cyber scum that inhabits our virtual world use the version and the list of plugins to locate one that they have hacked before to hack their way into your blog!  Add this plug-in to protect your website or blog.

6.  WP-MalWatch is designed to alert you when hackers have invaded your blog. When hackers do get into your Thesis WordPress themes blog site, they infest your site or blog with links to their sites. When you know they have invaded you can take the necessary actions to remove them from your world.

It is very advisable that you only use the plugins that are approved by the WordPress folks. They always test each plugin prior to posting it as available on their website. This is in no way speaking ill of the third party plugins that abound on the internet. It does suggest that you must do your own investigation of third party products so that you get a feeling of trust from the vendor.

Worrying about the safety of your site is not nearly as productive as installing the proper plugins to ensure that safety. Spend the time that it takes you to install the plugins that will protect your site!  Like William Plomer once said, – The power to connect the seemingly unconnected lied within creativity.

Guest Author Bio: As a freelance writer and research hound Jason Monroe is a young (mid 20’s) single man adding content for clients from within the WordPress Dashboard.  Jason has been online since 2003 and has been a huge fan of WordPress and the StudioPress themes since their inception. When he’s not writing premium WordPress Genesis themes reviews you might find him spending quality time with nature by walking the nearby mountain trails.

Password Security Issues Raised when Twitter Hacked

The New York Times reported in Twitter Hack Raises Flags on Security that a hacker had broken into confidential information about Twitter by breaking into a Twitter employee’s email account.

Once in the email account, the hacker gained access to the employees Google Docs information, where much of the confidential data about Twitter is stored. Then the hacker sent the confidential information to Michael Arrington at Tech Crunch. Tech Crunch published some of the documents. A controversy arose over whether Tech Crunch was right to publish stolen documents, but I’m going to leave that topic alone for now.

Instead, I want to focus on what you can do to protect yourself from password hackers.

When a whole business can be exposed based on the vulnerability of one employee’s password, it’s time to think about making your passwords more secure. As SEO Techniques and Tips explains in Twitter Hacked! More online security concerns crop up,

The techniques used by the attackers are just a small part of a broader trend promoted by different technology companies toward storing more data online, instead of computers under your control.

The shift toward doing more over the Web – a practice known as “cloud computing” – means that mistakes employees make in their private lives can do serious damage to their employers, because a single e-mail account can tie the two worlds together.

You’re probably a blogger, or on Twitter. You’re revealing your name, your city, your kid’s names, your dog’s name, your birthday. All that is now public information. So the first rule of safe password building is don’t use anything obvious and personal like your kid’s name.

You have to come up with something unique and not related to your personal information.

When Megan Smith asked BlogHers what they do to keep track of passwords, one suggestion from TW was to use song lyrics.

Solution: Song lyrics. For example baa baa black sheep have you any wool? becomes Bbbshyaw00l?

This is a great idea for random character generation for passwords, particularly if you replace some of the letters with numbers and use a mix of upper and lower case as TW’s example shows.

Now that you have a random password you can remember, you can use it everywhere, right? Nope. Wrong. Do not use the same password everywhere. Particularly with important sites like banks, Google Docs or other storage in the cloud, PayPal, and your credit card company. You need a strong and unique password for each important site you visit.

What constitutes a secure password? In this article on Passwords at Time Goes By, I suggested 7 characters. My programmer friend Taylor came along and responded that you need at least 8 characters.

The first thing is password length. Be sure your passwords are at least 8 characters not 7 as the article suggests. The difference between 7 and 8 is significant. Given a character set is roughly 52 alpha characters (upper/lower) + 10 digits + ~12 symbols or 74 characters total:

7 char password gives 12,151,280,273,024

8 char password gives 899,194,740,203,776

What that means is it will take a good deal longer for someone to try to brute force crack the 8 char password.

If the site is important (eg. banking) and supports more than 8 characters then use the extra characters. Many banks support up to 16 now days.

If you’re like me, you are running into memory issues about now. Unique passwords of 8 characters or more that are random sets of characters for all your important sites—how do you track all that?

Software is the answer for many people. Taylor suggested the free choice GnuPG. Miraz at MacTips suggests 1Password. In Share files easily with Dropbox, Miraz says,

I use the fabulous 1Password to store all my passwords.

1Password is available as an iPhone app. To get into it on your phone, you need a PIN and a master password. Make sure both of these are secure.

Some people write all their passwords down in a notebook and store the notebook in a secure location like a safe or a bank safety deposit box. This is a good practice if your relatives know where the notebook is, because they may need to access the accounts in the event of your death. A secure location for the notebook is not in the same carrying case that you use to lug your computer through the airport, or under the keyboard of your computer.

Tell that one trusted relative with a need to know how to find your passwords in the case of an emergency.

Cross-posted at BlogHer.

Useful Links

How magic might finally fix your computer, an article by Bob Sullivan at the Red Tape Chronicles, describes the issues that plague us in regard to computer security, and explains why folks like The Amazing Randi might be able to help us.

Then and Now in Standards: What’s Different at Burningbird’s Real Tech talks about standards, Microsoft’s decision to implement the non-standards Silverlight technology, and SVG.

SynthaSite, a free drag and drop web building tool that that I reviewed previously on Web Teacher and also on eHow, announced that they have improved their interface and promise better usabilility and simplified menu systems. I’ll have to find the time to take a look and see if they really have improved things. Stay tuned.