You are currently browsing the tag archive for Security

August 6, 2012

LinkedIn To Spend Big On Security Following Breach

Filed as News with no comments

6.5 million users watched as their personal LinkedIn account information was hacked in June 2012 and now the company has promised to counter future network breaches by spending big network security.

LinkedIn reported another strong and profitable Q2 2012 and LinkedIn CEO Jeff Weiner told investors this week at the company’s earnings call that the cost of security would effect the bottom line by upwards of $2 million to $3 million.

According to Weiner:

“In June, we reported the theft of six-and-a-half million LinkedIn member passwords that were published on an unauthorized website. Though no member login information was published, we disabled the passwords of the accounts that we deemed to be at risk. Since then, we have redoubled our efforts to ensure the safety of member accounts on LinkedIn by further improving password-strengthening measures and enhancing the security of our infrastructure and data. The health of our network, as measured by member growth and engagement, is as strong as it was prior to the incident.”

Weiner’s sentiments were echoed by LInkedIn SVP and CFO Steve Sordello who told investors the company has already spent upwards of $1 million handling the breach. read more

Tags: , ,

November 17, 2011

Facebook Vs. Google – Privacy and Security Infographic

Filed as News with 6 comments

 

 

With Google attempting to play catch up in the social networking space many issues have arisen over who has the better Privacy and Security protocols in place when compared to Facebook.

What the Veracode designed infographic below shows is that regardless of what system you use they tend to operate in the same type of privacy and security space, both offering virtually identical protocol options with only a few small changes to their platform.

One glaring problem with Google’s system; they store data for 18 months after you delete your account however unlike Facebook they also offer HTTPS (Secured connections) as a default option rather than a Facebook opt-in request (not all Apps on Facebook work in HTTPS mode).

Here’s the Infographic so you can judge which network is better for privacy and security: read more

Tags: , , ,

May 10, 2011

Facebook To Developers: It’s Time We Had The OAuth, HTTPS Talk

Filed as News with 6 comments

Despite the success of Facebook’s secure logging feature, many developers have yet to embrace the way of HTTPS (as one can easily notice by the lack of support from many popular apps).

In order to prevent a scenario where users have to choose between fun and security, Facebook is giving developers a deadline to embrace HTTPS (as well as OAuth 2.0).

Over the past few weeks, we determined that OAuth is now a mature standard with broad participation across the industry. In addition, we have been working with Symantec to identity issues in our authentication flow to ensure that they are more secure. This has led us to conclude that migrating to OAuth & HTTPs now is in the best interest of our users and developers.

Today, we are announcing an update to our Developer Roadmap that outlines a plan requiring all sites and apps to migrate to OAuth 2.0, process the signed_request parameter, and obtain an SSL certificate by October 1. (Facebook Developers Blog)

While forcing developers to embrace OAuth 2.0 and HTTPS will cause a few developers to whine, doing so will help Facebook cut down on the number of accounts hacked (especially around unsecured hot spots).

Smaller social networks like Twitter have already embraced OAuth 2.0 (not to mention secure logging as well), and Facebook’s adoption will hopefully inspire other social networks with large developer communities to adopt these standards as well.

Tags: ,

April 19, 2011

Facebook Making Itself Hacker, Bully Unfriendly

Filed as News with no comments

Facebook is once again making it harder for hackers to steal users passwords as the social giant is in the process of rolling out a second way for users to keep their accounts secure. read more

Tags: ,

February 18, 2011

Three Awesome Tools To Help You Better Understand WordPress

WordPress is a widely used content management system that is typically associated with Blogs but can power any kind of setup from a portfolio to an e-commerce site. Whether you’re a Blogger, novice developer or avid web designer, understanding WordPress can greatly benefit your work. Here’s 3 tools to get a grip on WordPress.

Smashing Magazine

I was first turned on to Smashing Magazine by a teacher and have pored through every nook and cranny of the site and its network since. Smashing Magazine, its collection of Blogs and well-written books are a tremendous source of knowledge and inspiration. The tutorials, collection of WordPress themes and books on development and design will help you master WordPress.

read more

Tags: , , ,

January 26, 2011

Logging Into Facebook Is Now Secure

Filed as News with 2 comments

Facebook has just announced two additional levels of security that should compliment their remote logout feature (which they launched in September of 2010).

Starting today we’ll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the “Account Security” section of the Account Settings page. (Official Facebook Blog)

While activating the HTTPS feature does have its advantages (especially for those of us who frequent WiFi hotspots), Facebook did mention that enabling encrypted pages will increase loading times, so you may have to be patient when logging in. read more

Tags: ,

3 WordPress Habits That Make Hackers Happy

Filed as News with no comments

Despite rumors proclaiming the contrary, WordPress is actually a very secure CMS platform utilized by millions of users around the world.

Unfortunately its immense popularity makes the software a prime target for hackers, similar to how Facebook and Twitter are prime targets since “everyone” is using them.

While there are more advanced measures that users should take when securing your WordPress site, here are the 3 most common habits I see practiced by some WordPress users that may set ones blog up to be hacked. read more

Tags: , ,

January 5, 2011

WordPress Blog Claims WordPress Is The Riskiest Web Software?

While it’s not surprising to hear about WordPress being insecure from users of rival platforms (as a few of my Movable Type friends will tell me), it’s odd to hear the statement from a company using it to power their blog.

Trend Micro (an anti-virus company) put out a list of risky software or sites which included Mac OS X, Facebook, Google and yes, even WordPress.

The riskiest software used by websites in 2010 was the popular blogging platform WordPress. Tens of thousands of unpatched WordPress blogs were used by cybercriminals for various schemes, primarily as part of redirection chains that led to various malware attacks or other blackhat search engine optimization (SEO)-related schemes. (Trend Micro Blog)

Note: Emphasis in bold is mine. read more

Tags: ,

December 29, 2010

WordPress: Put Down The Eggnog And Update Your Blog Right Now

Filed as News with no comments

For those of you who choose to self host your WordPress blogs, you probably have been noticing security updates for your blog (or CMS site) asking you to update your blog to version 3.0.x over the past few weeks.

While many users usually ignore these warnings (for a variety of reasons), the WordPress founder (Matt Mullenweg) is asking users to update their blogs to version 3.0.4 in order to avoid your blog succumbing to the hands of hackers.

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well. (WordPress News)

For those of you blogging upon WordPress only hosting sites like Page.ly, PressHarbor and WPEngine, your sites should automatically be updated to the latest version (note: VaultPress Premium users should also be safe, but it’s always a good idea to update your blogs anyways).

However if you are unable to access your blog it might be a good idea to contact your host (or a trusted friend) to see if they will update your blog on your behalf.

Security guru’s can take a look at the changes over here, although all self hosting WordPress users should update their blogs as soon as possible, as the last thing you want to see in 2011 is your blog compromised by a nefarious hacker.

Image Credit: Norebbo

Tags: ,

September 9, 2009

For The Case of WordPress, Against Self-Indulgent Promoters Who Were Hacked

Last weekend was filled with controversy and the reason for this was a worm hitting many self-hosted WordPress blogs. We warned and urged everyone to upgrade, although the most recent version of WordPress, 2.8.4, was released almost 3 weeks earlier. WordPress 2.8.4 was the second security update for the 2.8 branch in less than 2 weeks. This update was released only 2 days after the vulnerability was discovered, proving how hard the WordPress community has worked to improve and secure the platform.

Ever since WordPress 2.3, which was released almost exactly 2 years ago, every WordPress blogger receives an update notification whenever a new version available is. The majority of new releases are bug fixes and security updates.
Personally, whenever I see that yellow new release notification I can not hit update now fast enough. If it weren’t for the security aspect then it is for the ugliness of the notification.

Nevertheless, in these days some people are given a megaphone online and can not resist the need to be vocal, even though they were the only ones who were to blame. One of these people last weekend was Robert Scoble. His post I don’t feel safe with WordPress, Hackers broke in and took things quickly went viral Robert received support but also bashing. Gruber even went as far to say that Movable Type safer is. read more

Tags: , , ,