It’s something that no blogger ever wants to see: A message from a reader, telling you that something is wrong with your site. Hackers can do any number of things to your blog if they gain access to it, from installing malware to completely replacing your existing content with something else (usually offensive), to causing redirects to other harmful sites, or even locking you out entirely to make it difficult to reclaim your work. Not only does getting hacked mean several hours — or even days — of work to recreate your blog, but it can also damage your reputation if you don’t handle the recovery right. [Read more…]
Although it’s pretty much unlikely that any high profile hacktivists are going to be targeting your website via a Distributed Denial of Service (DDoS) attack anytime soon, that’s not necessarily grounds for sitting back relaxed and complacent without a backup / protection plan. DDoS attacks are becoming more prevalent and much easier to execute thanks improvement in technology, bandwidth and accessibility to tools and information on how to do it. We continue to see big brands like Sony get brought down momentarily by these attacks, and even the CIA’s website suffered this pain in 2012. It’s a serious threat.
For clarification, DDoS attacks happen through an overpowering of numerous computers, usually through the use of bots, that continuously send traffic to an IP address or website. As simple as this might seem, the effects can be brutal to a website. What’s worse is that the typical common security protocols that are set up to defend against hacking and intrusion just don’t work against DDoS attacks and taking matters into your own hands, whether it’s through WordPress security plugins or code tweaks and improvements are not sufficient. [Read more…]
WordPress blogs are one of many targets for hackers, and with so many people making simple mistakes, it becomes clear why. There are many ways of protecting your blog, and we’ve outlined five mistakes you might be making. While using a stronger password or keeping your plugins and theme updated tend to be common advice, you can take additional measures. In fact, you can ensure that absolutely no one, even if they were to get your password, will ever be able to access your blog.
Two-factor authentication is a wonderful thing, and was first used in the workplace to protect sensitive data. Nowadays, companies like Google or Microsoft offer the functionality, and all that’s required is a mobile phone. How it works is when you go to login someplace, and have two-factor authentication enabled, you are required to enter a special pin. For example, Google has its “Authenticator” app which you fire up to see the special pin, or you can opt to receive a text message or phone call instead. A special pin isn’t always required, and Twitter recently implemented its own solution which involves approving a trusted device. [Read more…]
It doesn’t matter if you write about Teletubbies, or are even relatively unknown. Hackers will go after anyone, often injecting malware or adding links to suspicious websites. This can put a sour taste in reader’s mouths, making them wary of visiting your blog again. While WordPress has gotten better over the years, and blog security has improved, there are still multiple factors that make your site an easy target, mistakes that can easily be avoided… [Read more…]
Since some days a rather nasty hack has been going round in the WordPress community. I actually noticed it myself not that long when I googled for ‘Chris Pearson‘ and what I saw in the results was… shall we say ‘interesting’?
Prozac, Levitra, Lexapro? Had Chris sold the ‘Best Damn Blog on the Planet’, AKA Pearsonified? I went to check out Chris’ blog but no. No Prozac, Levitra or anything else of suspicious nature to be found there. Just your regular well-tuned Pearson content. I even looked in the source code and a quick search for known brands ended empty. I left again, having long forgotten already why I googled Chris in the first place.
Now it seems though that this hack is making the rounds and becoming more and more popular. Leland Fiegel from Themelab first reported about it on first reported about it on the Themelab blog, more than a month ago already. Afterwards the issue was covered over at the WP Tavern forums but no solution has been found so far. Even the WordPress Lead Developer, Mark Jaquith, is left clueless and hopes to solve the issue ASAP. [Read more…]
Over the past few months, I’ve been writing a lot about cyber crime and security vulnerabilities, especially as it impacts social media and blogs. The April 1, 2009, expansion of the Conficker/Downadup Worm Infection worried many as the 1 in 16 ratio of infected computers increased dramatically around the globe and attacks were aimed at social media services like MySpace, Facebook, and Twitter.
In “The Outing of a Blogger: Social Transparency or Violation?” and “The Outing of a Blogger: Is it Legal to Reveal a Blogger?” I’ve covered some of the issues around the outing of an Alaskan blogger by a local politician and the legality of such actions.
There have been a variety of blogger outings lately, some with positive outcomes. Fake Steve Jobs Blogger, Daniel Lyons, admitted that he was stunned that it took so long to be uncovered, enjoying the attention. For Lyons, his blatant lampooning of Steve Jobs turned into a career booster. Lyons expected to be found out. Most anonymous bloggers worry they will be.
One of the greatest things about blogging is the freedom and ability to have your say, no matter what it is. One of the greatest fears is being found out.
Many bloggers live in fear of being found out, some at the risk of their lives. Others fear that their right to express themselves without persecution, even of the social kind, will be taken away by exposure. For those who blog anonymously, the law is one issue, but the social stigma is a bigger one. [Read more…]
In “The Outing of a Blogger: Social Transparency or Violation?” I started this short series on the outing of a popular Alaska personal blogger, Mudflats (aka AKMuckraker or AKM), unveiled by a state politician.
The question I want to tackle in this article is the issue of the legality of blogger anonymity and what protects bloggers and not. This is a huge topic, so I’m only going to scratch the surface.
In many countries, there are no laws protecting freedom of speech nor journalists or bloggers. There may be protections for journalists, but none for bloggers. In countries where you would expect there to be such laws…it’s amazing how few there are and how flexible those laws can be.
Does a blogger have the right to privacy and anonymity? What rights do others have to expose them and why? [Read more…]
According to Investor’s Business Daily, evil is sweeping social networks, moving beyond email and blogs to where you like to virtually hang out and congregate:
Security experts last week warned that a new strain of the Koobface virus is hitting Facebook, MySpace and other social networking sites. It looks for links and passwords to other social networking sites.
Social networking site owners work actively to put a lid on nefarious activity. On Tuesday, a federal judge in northern California issued a temporary restraining order against three people accused of widespread spamming and phishing attacks on Facebook. It comes three months after Facebook won a suit that prevents another group of spammers from using or accessing Facebook data and applications.
Virus creators are increasingly targeting social networking sites and other Web 2.0 technologies such as the micro-blogging site Twitter and instant messaging services from Google, AOL and others. Virus writers are also creating fake profiles of celebrities, real friends or business associates hoping people will link with them. Users can be tricked into linking to the fake profile, which can be loaded with various forms of malicious software.
The article by Brian Deagon showcased Facebook users who responded to an email from a “friend on Facebook” to visit a link that initiated a program that “rifled through his hard drive, installed malicious software and sent the same e-mail to all of Daradics’ friends on his Facebook profile.” [Read more…]
While this could be seen as another day-in-the-life update, the warning came with an interesting twist:
Do note that while we are recommending users move away from Adobe Reader, we are not recommending any particular replacement.
…Instead, we recommend users to find their own Adobe Reader replacement.
This way we get more heterogeneous userbase, which is a good idea security-wise. Nobody wants to repeat what happened with the great IE —> Firefox switch. As 40% of users switched to Firefox, about 40% of the attacks switched to target Firefox.
Monocultures are bad.
In the new world of online social, more and more people using the same tools, putting us all at risk as hackers and attackers move towards the natural migration of popularity. Monocultures are bad as they open the door to mass risks. [Read more…]