Lock Down Your Data

This is a great list of various things you can do to protect your data.  Here’s a quick summary:

10. Wipe that iPhone (or BlackBerry) before trading in.
9. Use virtual credit cards for iffy online buys.
8. Hide data inside files with steganography.
7. Plan for the worst.
6. Get smarter on security questions.
5. Boost your browsing and downloading privacy.
4. Theft-proof your laptop (and its files).
3. Secure your wireless network.
2. Encrypt your data whole or piecemeal.
1. Use KeePass. Love KeePass. Be secure.

The full details can be found here:

http://lifehacker.com/5113886/top-10-ways-to-lock-down-your-data

Posted in Internet, Privacy, Security | No Comments

Hackers find new crack in Windows

Microsoft Corp. rushed out an emergency patch Wednesday to fix a major security flaw in its Internet Explorer Web browser that has allowed hackers to infect millions of computers with viruses and steal personal information.

So far, the vulnerability has not led to the widespread infections common a few years ago. Even so, one Central Florida expert said it was the most serious computer-security threat in years.

The flaw, first discovered in China, enables hackers to infect a Windows user’s computer through certain Web sites. So far, more than 10,000 Web pages have been infected, with many of them devoted to pornography and gaming. According to news reports, about 2 million computers have been infected so far.

Unlike with past viruses, the user does not have to download or click on anything, and nothing pops on the screen to announce you’ve got it. But once the computer is infected, the hacker has total control and access to everything, including tax records, bank passwords and Social Security numbers.

Source:
http://www.orlandosentinel.com/orl-microsoft1808dec18,0,2763771.story

Posted in Internet, Privacy, Security, Windows | No Comments

Firefox Issues Eight Patches

Mozilla has issued eight patches for its Firefox Web browser, three of which fix problems classified as critical.

The patches come after security experts have recommended using a browser other than Microsoft’s Internet Explorer 7 and older versions of IE due to a dangerous vulnerability. Microsoft is due to release an emergency patch for that problem Wednesday.

Two of the critical Firefox problems could allow an attacker execute a cross-site scripting attack, in which scripts or commands from one Web application that shouldn’t run in another are successfully executed. The third problem relates to Firefox’s browser engine, and could make it crash or possibly allow someone to remotely execute code on a PC, Mozilla said in its advisory.

Mozilla defines a critical vulnerability as one that could allow an attacker to run code on a machine in the course of normal Web browsing.

The patches are for Firefox version numbers 3.04 and 2.0.0.18. Mozilla has said this round of patches will be the last for Firefox 2, which it will now stop supporting. The update also removes the phishing filter in Firefox 2 because the browser uses an outdated version of a protocol used to import a blocklist of phishing sites supplied by Google. Firefox 2 users are being promoted to upgrade to Firefox 3.

Source:
http://www.pcworld.com/article/155608/firefox_issues_eight_patches_for_web_browser.html?tk=rss_news

Posted in Internet, Security, Software | No Comments

WP-DB-Backup Leaves Your Data Exposed on the Internet

Older versions of the popular WordPress plugin WP-DP-Backup leaves the copy of your entire database in a public folder for all to see.  The databases were stored in wp-content/backup/ and a quick Google search today still returns many databases of sites, including some as recent as a few days ago:

http://www.google.com/search?num=100&hl=en&suggon=0&safe=off&q=intitle%3A%22index+of+%2Fwp-content%2Fbackup%22&btnG=Search

For those of you that still do not get the danger involved with this, this is the backup file for your entire website, in plaintext.  This gives people your Administrator username and the MD5 hash of the password.  This MD5 hash can easily be run through any cracker and can be revealed in a matter of seconds, minutes, days. etc.  This would allow somebody malicious to login to your site as the Admin account and have complete control over it.

According to the new developer of the plugin, the code has been fixed “about 3 years ago” and no longer uses a non-random directory to store them.  But….I think I’ll stick to my method of database backups and run the backup manually via phpMyAdmin and copy them down locally into an encrypted folder.  I’m not a big fan of leaving copies of my database lying around for all to find.  Even if they are now supposedly stored in harder to find places.

Note: This is for older versions of WordPress where the passwords were stored as a basic MD5 hash.  Newer versions are salted and are less crackable.  Just make sure that you update your WordPress-powered site regularly.  This goes for both the WordPress core files and all of your plugins.

Posted in Coding, Internet, Privacy, Security, Software | No Comments

All Internet Explorer Versions Have Hole

The unpatched bug in Internet Explorer 7 (IE7) that hackers are now exploiting also exists in older versions of the browser, including the still-widely-used IE6, Microsoft Corp. said.

Friday, a Danish security researcher added that Microsoft’s original countermeasure advice was insufficient, and recommended users take one of the new steps the company spelled out.

In a revised security advisory, Microsoft said research confirmed that the bug is within all its browsers, including those it currently supports — IE5.01, IE6 and IE7 — as well as IE8 Beta 2, a preview version the company doesn’t support through normal channels.

Users running any of those browsers on Windows 2000, XP, Vista, Server 2003 or Server 2008 are at risk, Microsoft said.

Even so, the company continued to downplay the severity of the threat. “At this time, we are aware only of limited attacks that attempt to use this vulnerability against Windows Internet Explorer 7,” said the advisory.

Microsoft also spelled out the root of the problem, saying that the bug is in IE’s data binding functionality, and not, contrary to earlier reports by independent security researchers, in the HTML rendering code.

Source:
http://www.pcworld.com/article/155475/ie_browser_flaw.html?tk=rss_news

Posted in Internet, Security, Windows | No Comments