It seems that nobody is safe from email hacking lately. An unknown hacker has gained access to CIA Director John Brennan’s personal AOL email address. The Secret Service and FBI are investigating Brennan’s email breach.
Because WordPress is the most popular CMS platforms on the Internet today, many hackers have consolidated their efforts toward only hacking or spamming WordPress websites. As a result, millions of WordPress blogs and websites are hacked each day, leading to lost work, irreparable damage to search engine ranks, and putting visitors and users in danger of having their own information hacked as well.
Below are five plug-ins that can be used to increase WordPress security for your blog. If you also want to check out anti-spam plugin, check out the post: Top 5 WordPress Plugins to Kill Spam
The Twitter denial of service attack is still keeping some users from posting tweets, although most of the people I’ve spoken to seem to have no issues. The official blog has some more information on the subject, and the Status Blog is of course a bit more technical. So in other words, don’t freak out if you can’t send your breakfast tweets or whatever, it’s just some nasty person trying to bring Twitter down.
Gawker Media has been struggling to serve their oh so necessary pageviews, and the culprit turned out to be none other than the Consumerist. The site is hosted by Gawker Media as part of the deal with the Consumers Union, who acquired it late last year. As the clever already deducted, the Consumerist site was attacked by hackers, which caused the technical difficulties. All sites are back up, although the Consumerist isn’t behaving perfectly well yet.
A hacker got his way into Daniel Brusilovsky’s blog network Teens in Tech and shared some details with Net News Daily. Among those is the actual numbers on the network, and it puts Brusilovsky’s previous numbers in questionable doubt. This is what he said in an interview from the BlogHer conference, also found via the Net News Daily story, when talking about the size of Teens in Tech network: “About 10,000 regular subscribers”.
Problem is, the hacker found something else. Net News Daily says it is “a base 400-odd people, 150 of which, we can reveal, are spam accounts”, according to the hacker.
Brusilovsky clarified the situation in a blog post, and also commented on the numbers:
I also wanted to personally clarify some of the numbers quoted in the reports, which suggest I have overstated our current position. We are in the early phase of our network. We are proud of what we have accomplished so far, and have aggressive growth plans. At this time, we have more than 400 active users, and 600 over our network sites. These sites see more than 10,000 individual accesses monthly, and are expanding.
So “about 10,000 regular subscribers” is pushing it a bit, but maybe he meant unique visitors, or the total amount of RSS subscribers. Hard to tell, but it isn’t hard to draw the conclusion that the previous numbers might be a bit bloated.
As a quick update from the information in Downadup Worm Infection: Cyber Attacks on the Rise in 2009 and Security and Hacking: Protect Thyself and Thy WordPress Blog concerning the still spreading Downadup worm, ComputerWorld and others are reporting that the Downadup worm now infects 1 in every 16 PCs for an estimated current total of over 9 million infections.
It now has its own Wikipedia page called Conficker as the worm is also known as Downup, Downadup, Conficker, and Kido.
According to the Wikipedia article, the computer work first appeared in October 2008 but spread fast after the first of the year. It specifically targets Microsoft Windows and Windows Server services using Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008. It has infected a few governments and hospitals, but mostly corporate computer networks.
On October 15, 2008 Microsoft released a patch to fix the bug. Heise Online estimated that it had infected 2.5 million PCs by January 15, 2009, while The Guardian estimated 3.5 million infected PCs. By January 16, 2009, an antivirus software vendor reported that Conficker had infected almost 9 million PCs making it one of the most widespread infections in recent times. Conficker is reported to be one of the largest botnets created because 30 percent of Windows computers do not have a Microsoft Windows patch released in October 2008.
The virus can spread through websites and USB drives, like flash drives, cameras, portable hard drives, and other USB connecting devices that trigger AutoRun, so Microsoft is recommending people upgrade their Windows programs and turn off AutoRun. [Read more…]
The front page of CERT/CC, the Carnegie Mellon Software Engineering Institute and cyber security experts, looks back at 2008 as the 20th anniversary of the Morris worm, sometimes called the “Great Worm,” which crippled the Internet in 1988. Created by Robert Morris, now an associate professor at MIT, it was one of the first computer worms to infect the brand new Internet, exploiting known vulnerabilities and causing millions in damages. It also was the first conviction in the United States as part of the 1986 Computer Fraud and Abuse Act.
Years ago, a friend of mine worked for Boeing IT and taught many company workshops and training programs that began with an amusing lecture on “Safe Computer Sex.” She taught fellow employees to take care when flipping floppies to avoid transferring computer program infections across the network. How far we have come from those days.
As our dependence upon the web increased with email communication, spammers, hackers and attackers spread evil through your email inbox. Now, they are attacking our websites, social media tools, and web browsers.
Microsoft announced recently security issues with the Internet Explorer web browser and the dangers of visiting websites that could exploit that security vulnerability. Many warned to not use Internet Explorer until it was patched and updated.
Google created the Browser Security Handbook to help people and developers understand the security issues facing web browsers and the steps to take to protect individuals and web applications.
As mentioned in the last article in this series on web and blog security and hacking, Security and Hacking: The State of WordPress Blogs, WordPress, Movable Type, and other popular web services are not immune from security hacks or vulnerabilities. [Read more…]