You are currently browsing the tag archive for Security

October 7, 2008

Blog Scams: How Do You Know If The Hype is a Scam?

With the line between a legit blog and scam blog getting harder to detect, how do you really know when the blog you are reading is a scam blog? As part of this ongoing series on blog scams, we’ve covered how blog scams are growing and the impact on the economy and job market for stay-at-home workers. Learning to tell the difference between a legit blog and a scam blog is becoming more and more important as the work force moves online looking for jobs.

You begin the process of detection of a scam blog by checking the facts. I covered a lot of information previously on how to check the facts in:

Some of the sites I recommend you use to check your facts when it comes to the hoaxes, scams, and snake oil claims some blogs can make include: read more

Tags: , , , , , , , , , , , , ,

September 9, 2008

WordPress 2.6.2 is Out Now

There’s a new version of WordPress out now, 2.6.2, which addresses a database issue as well as the weakness of mt_rand(). This is especially important if you accept registrations to your blog. Also, some bug fixes, but other than the MySQL/PHP issue mentioned, this is another one of those small security releases. Check out the release post for more, and download the new version as well.

Tags: , , , ,

August 27, 2008

Largest internet security hole revealed… or what is BGP?

Filed as Features with 1 comment

Wired has the story of the latest major security hole on the internet, the routing protocol BGP:

Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet’s core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness.

read more

Tags: , , , , , ,

April 14, 2008

Movable Type Monday: Considering Security and Beta Test Updates

The primary focus of activity this week was around the Movable Type Open Source (MTOS) 4.15 beta test and the release of the second beta release. Before we dive into that information however, I thought I’d address one of the hot topics of the last week.

Welcome to Movable Type Monday! read more

Tags: , ,

April 1, 2008

Would You Risk Your Life With a Blog Post?

A few days back Lorelle asked what one would not blog about. People had varied responses. Some would not write profanities. Some would not offend other people with their writing. And others would not blog about work. Generally, it’s about doing others no harm.

What if blogging can bring you harm? We do know that restrictive regimes have jailed or imprisoned bloggers, or at the very least blocking access to blog hosting providers. People have been fired for what they have written on their blogs. It can be worse. There are a handful of arguments against blogging.

Here’s one example of something I would rather not blog about. When I was new to the blogging world, someone close to me witnessed a murder in broad daylight. Standing in line at a fastfood counter, a man was shot in the head and died on the spot. There were dozens of other witnesses, but no one dared move for fear of being shot themselves.

At first I thought that it was blog-worthy, that it was a good case of citizen journalism. I had finished drafting the post and was almost at the point of publishing the entry. But then at the last minute I changed my mind. I thought that I would rather not endanger myself and that person with that potentially dangerous blog post. I have several reasons.

First, I don’t personally know the nature of the incident, and the background of the perpetrators. For all I know those people could be members of organized crime. And they could perhaps come after me and my family.

Secondly, I’m not sure I can trust our authorities here 100%. In my country, while there are perhaps a good number of honest civil servants, hoodlums in uniform are aplenty. And in these cases I would rather not be involved lest I become involved in a very complicated and potentially dangerous way.

Some things are best kept private. Or at least anonymous. In hindsight, perhaps I could have posted about the incident, but somewhere not directly attributable to me or my friend.

Put simply, I like the freedom that blogging gives me, in terms of expressing myself. Both in writing opinions and reporting observations and facts (even news, where applicable). I can even go to the extent of writing negatively about people and companies. But when my life and those of the people close to me are potentially at risk, then that’s when I’ll keep my mouth (and my blog) shut.

Tags: ,

January 29, 2008

The True Consequences of Blogging Anonymously

I’ve been in “secret talks” with a friend of mine for the past few months about blogging anonymously. She wants to be a whistle-blower, speaking out about the atrocities and abuse she sees within her industry. But she doesn’t want the consequences of being a “public” whistle-blower.

In other words, she wants to keep her job within that atrocious industry.

I’m so thrilled. I really respect people who want to work from within the industry to change it for the better. But our discussions have been really difficult because I believe you should speak out publicly, not hiding behind a blog. I understand her position, though, and the risk she is taking.
read more

Tags: , , ,

May 16, 2007

Blogging soldiers in Iraq face greater restrictions

Filed as News with 1 comment

According to recent reports, US Army soldiers stationed in Iraq are being further restricted as to the sites the can access and they’re allowed online activities.

The reasoning for these restrictions, which see sites such as YouTube, MySpace, PhotoBucket, MTV, Hi5, and Live365 being blocked, is that of security and technological limitations.

Many relatives of servicemen and women, though, see it as a form of censorship, put in place to cover up a war that’s going badly.

read more

Tags: , , ,

May 8, 2007

Protect Your Blog With a Solid Password

I’m not going to name names, but I heard recently of some WordPress bloggers who had their blog’s “broken into” not because of a vulnerability in the WordPress code, but because their passwords were easily guessed and used.

Is yours?

I vaguely remember a television court drama from a few years ago against a gun safe company, won because a locked gun safe was easily broken into by a child. The combination was very simple like a phone number, 123456 or 654321. For one of these bloggers, their password was their name spelled backwards. The other used the password “wordpress”. Is the password on your blog just as simple?

The most common passwords are:

  • Middle names
  • Names spelled backwards
  • Phone numbers
  • The word “password”
  • Birthdays
  • Single or combination uses of love, god, sex, and money, such as lovemoney or sexgod
  • qwerty
  • abc123
  • password1
  • asdf
  • car license
  • letmein
  • yourname1
  • default

According to Wikipedia’s explanation of Password Cracking, “Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs.”

read more

Tags: ,

April 23, 2007

Four out of five blogs are offensive or dangerous, scaremongering survey claims

Filed as News with 4 comments

I love surveys and research that takes an entire section of the Internet and makes some grand, and potentially scaremongering, claim about how dangerous it is.

Research carried out by ScanSafe (yes, conveniently they do make Internet security software) claims that four out of every five blogs contain potentially offensive content, such as pornography or adult language, whilst about one in twenty contain potentially catastrophic computer viruses, spyware, and other harmful software.

However, it transpires that the biggest culprits are YouTube (which I thought was a video sharing site, not a collection of blogs), and MySpace.

read more

Tags: , ,

March 21, 2007

Data And Identity Theft Getting More Professional

Filed as News with Comments Off

Symantec’s latest Internet Security Threat Report, as reported by Mercury News, warns that identity and data theft has moved away from the fly-by-night model, and has increasingly become professionalized. read more

Tags: ,