W3 Total Cache

I’m trying out a new caching plugin for WordPress called W3 Total Cache and so far I am very impressed.  PC Sympathy is now running it and using Amazon Cloudfront as the CDN.  I see a tremendous improvement over the other caching plugins.  Here’s some bullet points for W3 Total Cache from their website:

Benefits:

• At least 10x improvement in site performance (when fully configured: Grade A in YSlow or great Google Page Speed Improvements)
• “Instant” second page views (browser caching after first page view)
• Reduced page load time: increased visitor time on site (visitors view more pages)
• Optimized progressive render (pages appear to load instantly)
• Improved web server performance (easily sustain high traffic spikes)
• Up to 80% Bandwidth savings via Minify and HTTP compression of HTML, CSS, JavaScript and RSS feeds

Features:

• Compatible with shared hosting, virtual private servers and dedicated servers / clusters
• Transparent content delivery network (CDN) integration with Media Library, theme files and WordPress itself
• Caching of (minified and compressed) pages and posts in memory or on disk
• Caching of (minified and compressed) CSS and JavaScript in memory, on disk or on CDN
• Caching of RSS (comments, page and site) feeds in memory or on disk
• Caching of search results pages (i.e. URIs with query string variables) in memory or on disk
• Caching of database objects in memory
• Minification of posts and pages and RSS feeds
• Minification (combine and remove comments / white space) of inline, embedded or 3rd party JavaScript (with automated updates)
• Minification (combine and remove comments / white space) of inline, embedded or 3rd party CSS (with automated updates)
• Browser caching of CSS, JavaScript and HTML using future expire headers and entity tags (ETag)
• JavaScript grouping by template (home page, post page etc) with embed location management
• Non-blocking JavaScript embedding
• Import post attachments directly into the Media Library (and CDN)

Again, so far so good.  But I would like to give it a full month and then check some server stats.

Posted in General BS | 1 Comment

Secure DNS server launched

Secure64, which specializes in products designed to support the domain name system (DNS), has released the product to help prevent a condition in which the server’s local list of domain name mappings is corrupted. Attackers create this condition by pretending to be another DNS server responding to a DNS query.

One of the best defenses against DNS cache poisoning is speed. The more queries that a DNS server can process, the less chance there is of an attacker swamping the system with spoofed queries and having a strained DNS server accept one of them. Secure64 DNS Cache can cope with 125 000 queries per second, the company said.

The product also sports other cache poisoning countermeasures, including an operating system called SourceT running on HP Integrity servers. The DNS server uses a completely different implementation to the standard BIND mechanism. It features SNMP traps, and logs abnormal conditions. It also includes a moving statistics feature to provide rolling updates of attack conditions.

“Under attack, the system can provide details to help administrators set upstream router filters to protect bandwidth,” Secure64 said.

Source:
http://www.infosecurity-us.com/view/6023/secure-dns-server-launched/

Posted in Hardware, Internet, Networking, Security | No Comments

Hackers target unpatched Adobe Reader, Acrobat flaw

Adobe Systems Inc. said Monday it is investigating reports that attackers are exploiting a previously unidentified security hole in its Acrobat and PDF Reader software to break into vulnerable computers.

The acknowledgment coincided with an alert published by the Shadowserver Foundation, a nonprofit group that tracks the spread of malicious programs that criminals use to control infected systems remotely. Shadowserver member Steven Adair said the flaw is present in the most recent versions of Adobe Acrobat and Reader.

Adair warned that security experts have observed cyber crooks using the vulnerability in targeted attacks since at least Dec. 11, but that more widespread attacks are likely to emerge over the next few weeks. In addition, few anti-virus vendors currently detect malicious PDF files harboring this exploit.

At the moment, there is no patch available for this flaw, and Adobe’s brief advisory offers little in the way of mitigation advice.

Source:
http://voices.washingtonpost.com/securityfix/2009/12/hackers_target_unpatched_adobe.html

Posted in Internet, Security | No Comments

Mozilla exec urges Firefox users ditch Google for Bing

Asa Dotzler, Mozilla’s director of community development, used his personal blog to urge Firefox users away from Google and to use Microsoft’s search engine Bing, instead. Dotzler cited privacy concerns, specifically pointing to comments recently made by Google CEO Eric Schmidt.

“I think judgment matters,” said Schmidt. “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” Dotzler then links to the Bing add-on for Firefox, stating that Bing’s privacy policy is better than Google’s (and notably fails to mention Yahoo at all).

Schmidt was talking about laws in the US, but the way he worded his beliefs did not sit well with privacy advocates—and a whole lot of other folks—including Dotzler. Microsoft has to respect the Patriot Act and other laws just as Google does, but after seeing Schmidt’s comments, Dotzler decided that Firefox users need to be reminded of Bing’s existence.

Google’s philosophy is that the more open information is, the better it is for everyone, especially the search giant, which makes money by organizing said information and then displaying as relevant as possible ads beside it. Microsoft, on the other hand, while still a business that like, any other, wants to make money, has a long history of dealing with privacy concerns and regulations, so it’s eager to avoid potential issues if possible. Dotzler, a 10-year-veteran at Mozilla, is saying that if you care about your privacy, remember that Bing is better than Google, at least in that department.

Source:
http://arstechnica.com/microsoft/news/2009/12/mozilla-exec-urges-firefox-users-ditch-google-for-bing.ars

Posted in Internet, Privacy | No Comments

Phishing campaign targets cPanel users

Trusteer warned the customers of website hosting companies, including yahoo.com, against a new phishing attack aimed at stealing their content management system log-in credentials. The e-mails appear to be from a website hosting firm and ask website owners to confirm their cPanel/FTP account information. Using this information, criminals are uploading look-a-like bank website pages to steal funds.

cPanel is a popular CMS (Content Management System), used by many leading hosting providers, including Yahoo. It is used to perform website operations, including FTP account control and setup, which can be used to upload content to the cPanel-managed web site. Over the past few days, a phishing email campaign targeting owners of cPanel-based sites at various hosting providers has surfaced.

The attack is designed to harvest the FTP credentials of site owners, using cPanel-oriented messaging.

Source:
http://www.net-security.org/secworld.php?id=8583

Posted in Internet, Privacy, Security | No Comments