Category Archives: Internet Security

T!m3 f0r n3w P4ssw0rd rul3s!

SSL padlockI’m sure most people have had the experience of needing to change a password frequently for security reasons, but do you really know why?

The origin of this practice can be traced back to a password primer written by a man named Bill Burr in 2003 when he was a manager at the National Institute of Standards and Technology (NIST). He’s the reason I’ve sometimes had passwords based on whatever was in my line of sight at the time of the change (like Stapl3r2015!) and sometimes had password themes like colors+date (like Red!20160310, Blue!20160608, Yellow!20160906). Continue reading

Fake WordPress API Malware Alert

WorePress logoAlthough WannaCry, the massive worldwide ransomeware attack, is the biggest story these days when it comes to cyber crime, it’s definitely not the only issue causing problems for sites right now.

Last week, website security leader Sucuri identified code that appears to be WordPress API related, but is actually sending active cookie data to attackers. This is most problematic when the active user is a site admin because it gives someone the opportunity to create a new admin user which can be then used to do considerable damage to a site and/or gain access to user data.

Continue reading

Goodbye, Internet Privacy Rules

Mr. FlakeIt’s no surprise that we’re very interested in how our current administration is impacting topics like Net Neutrality and Internet Privacy. When Ajit Pai was appointed to be FCC chairman a couple months ago, we encouraged everyone to stay informed and keep an eye out for new issues. Well, this week the House voted to undo rules which prevented Internet Service Providers (ISPs) from selling user data to the highest bidder, just the latest roll back of protections that had been put in place by former President Obama. Although President Trump has not yet signed the roll back into effect, the White House has suggested that he will and the implications for Internet privacy concerns are pretty significant. (Update – As expected, President Trump did sign the bill in question on April 3rd, 2017, to repeal online privacy protections established under the previous administration.)

Continue reading

WordPress Security Breach

WorePress logoWe’re seeing reports this morning that a massive security breach associated with WordPress 4.7.0 and 4.7.1 has apparently led to the defacement of up to 1.9 million pages across almost 40,000 domains.

Upgrading to version 4.7.2 should fix the issue and WordPress urges anyone who hasn’t already updated to do so immediately. WordPress actually announced the security issue in a blog post at the beginning of February, but apparently there are still many sites that either weren’t aware or didn’t realize how serious the issue really is.

If you or anyone you know is running a WordPress site, please make sure it is updated to 4.7.2 as quickly as possible.

The Return of Lavabit

Lavabit logoThis past Friday, when most of the world was watching (or actively not-watching) the events in Washington, D.C., the formerly shuttered, Snowden-affiliated webmail service Lavabit announced it was re-launching with a new generation of email privacy and security.

If you’re unfamiliar with the history, here’s the gist: Lavabit formed in 2004, in part because of privacy concerns around email. They launched as an email service with significant protection and encryption capabilities and served a relatively small group of folk for almost a decade.

Continue reading

Day of Reckoning for the IoT?

IoT Dangers illustrationIn the wake of the October 21st cyberattack on Dyn – an event that caused websites including Amazon and Netflix to go offline for hours – there has been a real rise in fear as to the ramifications of the Internet of Things. The Dyn attack was accomplished with malicious code that got into innumerable “smart” devices, from webcams to baby monitors, bombarding Dyn with requests and bringing its services to a halt – thereby crashing popular websites and services. But what if the goal had been to shutdown a power plant? Or to sever vital emergency communication lines? Or to bring down an airplane?

Continue reading