You are currently browsing the tag archive for blog security

August 8, 2013

How to Keep WordPress Locked Down with Duo Security

Filed as Guides with no comments

Duo Security

WordPress blogs are one of many targets for hackers, and with so many people making simple mistakes, it becomes clear why. There are many ways of protecting your blog, and we’ve outlined five mistakes you might be making. While using a stronger password or keeping your plugins and theme updated tend to be common advice, you can take additional measures. In fact, you can ensure that absolutely no one, even if they were to get your password, will ever be able to access your blog.

Two-factor authentication is a wonderful thing, and was first used in the workplace to protect sensitive data. Nowadays, companies like Google or Microsoft offer the functionality, and all that’s required is a mobile phone. How it works is when you go to login someplace, and have two-factor authentication enabled, you are required to enter a special pin. For example, Google has its “Authenticator” app which you fire up to see the special pin, or you can opt to receive a text message or phone call instead. A special pin isn’t always required, and Twitter recently implemented its own solution which involves approving a trusted device. read more

Tags: , ,

July 3, 2013

Five Rookie Mistakes Killing Your Blog’s Security

Filed as Guides with 5 comments

Blog security

It doesn’t matter if you write about Teletubbies, or are even relatively unknown. Hackers will go after anyone, often injecting malware or adding links to suspicious websites. This can put a sour taste in reader’s mouths, making them wary of visiting your blog again. While WordPress has gotten better over the years, and blog security has improved, there are still multiple factors that make your site an easy target, mistakes that can easily be avoided… read more

Tags: , ,

April 6, 2010

Cloaking Hack Puts Spam In Your WordPress Search Engine Results

Since some days a rather nasty hack has been going round in the WordPress community. I actually noticed it myself not that long when I googled for ‘Chris Pearson‘ and what I saw in the results was… shall we say ‘interesting’?

Prozac, Levitra, Lexapro? Had Chris sold the ‘Best Damn Blog on the Planet’, AKA Pearsonified? I went to check out Chris’ blog but no. No Prozac, Levitra or anything else of suspicious nature to be found there. Just your regular well-tuned Pearson content. I even looked in the source code and a quick search for known brands ended empty. I left again, having long forgotten already why I googled Chris in the first place.

Now it seems though that this hack is making the rounds and becoming more and more popular. Leland Fiegel from Themelab first reported about it on first reported about it on the Themelab blog, more than a month ago already. Afterwards the issue was covered over at the WP Tavern forums but no solution has been found so far. Even the WordPress Lead Developer, Mark Jaquith, is left clueless and hopes to solve the issue ASAP. read more

Tags: , , , , ,

April 9, 2009

Security and Hacking: Reporting Cyber Crime

security-keyboard-handcuffsOver the past few months, I’ve been writing a lot about cyber crime and security vulnerabilities, especially as it impacts social media and blogs. The April 1, 2009, expansion of the Conficker/Downadup Worm Infection worried many as the 1 in 16 ratio of infected computers increased dramatically around the globe and attacks were aimed at social media services like MySpace, Facebook, and Twitter.

With the increase in cyber crime and security issues, and the growing profit found in cyber crimes, where do you go to report cyber crime if you find it or are a victim of it? read more

Tags: , , , , , , , , , , , , , , , , ,

March 30, 2009

The Outing of a Blogger: The Fear of Being Found Out

blog anonymous mask over word bloggerIn “The Outing of a Blogger: Social Transparency or Violation?” and “The Outing of a Blogger: Is it Legal to Reveal a Blogger?” I’ve covered some of the issues around the outing of an Alaskan blogger by a local politician and the legality of such actions.

There have been a variety of blogger outings lately, some with positive outcomes. Fake Steve Jobs Blogger, Daniel Lyons, admitted that he was stunned that it took so long to be uncovered, enjoying the attention. For Lyons, his blatant lampooning of Steve Jobs turned into a career booster. Lyons expected to be found out. Most anonymous bloggers worry they will be.

One of the greatest things about blogging is the freedom and ability to have your say, no matter what it is. One of the greatest fears is being found out.

Many bloggers live in fear of being found out, some at the risk of their lives. Others fear that their right to express themselves without persecution, even of the social kind, will be taken away by exposure. For those who blog anonymously, the law is one issue, but the social stigma is a bigger one. read more

Tags: , , , , ,

March 29, 2009

The Outing of a Blogger: Is it Legal to Reveal a Blogger?

blog anonymous mask over word bloggerIn “The Outing of a Blogger: Social Transparency or Violation?” I started this short series on the outing of a popular Alaska personal blogger, Mudflats (aka AKMuckraker or AKM), unveiled by a state politician.

The question I want to tackle in this article is the issue of the legality of blogger anonymity and what protects bloggers and not. This is a huge topic, so I’m only going to scratch the surface.

In many countries, there are no laws protecting freedom of speech nor journalists or bloggers. There may be protections for journalists, but none for bloggers. In countries where you would expect there to be such laws…it’s amazing how few there are and how flexible those laws can be.

Does a blogger have the right to privacy and anonymity? What rights do others have to expose them and why? read more

Tags: , , , , , , , , , , , , , , ,

March 26, 2009

Social Media Sites Risk Growing Threats and Attacks

Exploring Social Media article series badgeAccording to Investor’s Business Daily, evil is sweeping social networks, moving beyond email and blogs to where you like to virtually hang out and congregate:

Security experts last week warned that a new strain of the Koobface virus is hitting Facebook, MySpace and other social networking sites. It looks for links and passwords to other social networking sites.

Social networking site owners work actively to put a lid on nefarious activity. On Tuesday, a federal judge in northern California issued a temporary restraining order against three people accused of widespread spamming and phishing attacks on Facebook. It comes three months after Facebook won a suit that prevents another group of spammers from using or accessing Facebook data and applications.

Virus creators are increasingly targeting social networking sites and other Web 2.0 technologies such as the micro-blogging site Twitter and instant messaging services from Google, AOL and others. Virus writers are also creating fake profiles of celebrities, real friends or business associates hoping people will link with them. Users can be tricked into linking to the fake profile, which can be loaded with various forms of malicious software.

The article by Brian Deagon showcased Facebook users who responded to an email from a “friend on Facebook” to visit a link that initiated a program that “rifled through his hard drive, installed malicious software and sent the same e-mail to all of Daradics’ friends on his Facebook profile.” read more

Tags: , , , , , , , , , , , , , , , ,

March 12, 2009

Exploring Social Media: Security and Monocultures

Exploring Social Media article series badgeF-secure reports on security vulnerabilities with Adobe Reader and Foxit Reader for reading PDF files.

While this could be seen as another day-in-the-life update, the warning came with an interesting twist:

Do note that while we are recommending users move away from Adobe Reader, we are not recommending any particular replacement.

…Instead, we recommend users to find their own Adobe Reader replacement.

This way we get more heterogeneous userbase, which is a good idea security-wise. Nobody wants to repeat what happened with the great IE —> Firefox switch. As 40% of users switched to Firefox, about 40% of the attacks switched to target Firefox.

Monocultures are bad.

In the new world of online social, more and more people using the same tools, putting us all at risk as hackers and attackers move towards the natural migration of popularity. Monocultures are bad as they open the door to mass risks. read more

Tags: , , , , , , , , , , ,

February 23, 2009

The Year of Original Content: How to Fight Back Against Abusers

This blog has no brain - use your own - caution signI’ve declared this the Year of Original Content and I’m inviting you to help join the fight against those who abuse our content.

Scam, spam, splog, and scraper blogs are big business, taking in $3.2 billion dollars in 2007 just in the United States. Russia, China, Zimbabwe, and other countries are generating even more money with a variety of Internet scams. Many of these sites and blogs use our original content to generate that money, often from blogs that have no advertising nor direct income – making money from our hard work.

It’s time to fight back. It’s time to be proud that you are the unique voice in the wilderness. It’s time to honor your hard work and declare, “I decide who can and can’t take advantage of me!”

Here are some ways you can join the call to celebrate original content and fight back against those abusing our content without our permission. read more

Tags: , , , , , , , , ,

February 18, 2009

This is the Year of Original Content

This blog has no brain - use your own - caution signI’m working on my annual Things I Want Gone from the Web article and I’ve personally designated this “The Year of Original Content.” We’re done playing around with feed scraping and autoblogging.

The blog echo chamber effect of someone blockquoting and linking the same content as a recommendation, echoing through the web without original content, is a beginner’s mistake. Don’t do it. Always add your original voice and content to your recommendations, telling your readers why it is important to leave this blog and go to another, then come back for more.

Google took action to penalize duplicate content within a site and between sites, and added bonus points for original and unique, appropriate and relevant keywords around links, especially link lists, rewarding original content providers with nicer PageRank scores. Similar actions are being taken by other major search engines, directories, and legitimate content aggregators.

As a serious blogger, you’ve learned the lesson and stay focused on creating original content. You link to other people’s content appropriately, taking care to protect their copyrights and not confuse your reader’s, putting other people’s content in blockquotes with clearly indicated links and credits.

For scammers, scrapers, and plagiarists, other people’s content has turned into a major money-maker as they use other people’s content for financial gain and misdirection. read more

Tags: , , , , , , , , , , , , , , , , ,