WordPress Site Owners – Update Now

WordPresslogoJust a quick note to my WordPress pals – the latest update, WordPress 4.2.3, has an import fix for a cross site scripting (XSS) vulnerability that leaves your site vulnerable to attack.  According to Sophos:

“The flaw allows WordPress users who have Contributor or Author roles to add javascript to a site (something normally reserved for Editors and Administrators) using specially crafted shortcodes.

Attackers ...

Continue Reading →
0

Using LastPass

lp-956I recently accepted the position of Secretary in the Twins Cities chapter of the International Information Systems Security Certification Consortium (ISC)2-TC, and in order to send me the passwords for certain online chapter assets, it was requested that I sigh up for the password management product, LastPass.  I have written previously about LastPass, KeePass, and RoboForm as recently as June 16. ...

Continue Reading →
0

PC Trial-ware Is a Security Risk

So you bought yourself a new computer.  It has everything, a touch screen, built in WiFi and Bluetooth, anything you could want.  And a whole bunch of stuff you didn’t want, in the form of pre-installed software programs, trial-ware, and other bloat-ware and crap-ware that causes an unrelenting stream of pop-ups asking you to purchase and activate these mostly worthless programs.

crapware2

As ...

Continue Reading →
0

How Secure Is Your Accountant’s Network?

This is the year that false tax return filing really made the news in a big way.  First, there was the exfiltration of return data from the IRS Get Transcript website, where many American taxpayers lost personally identifying information.  Now there is news of an attack by a Bulgarian cyber-criminal against the networks of four unidentified accounting firms, and the theft of the tax and personal information of around 1000 clients.  This crook has been extradited ...

Continue Reading →
0

Backup For Your WordPress Site

WordPresslogoOne of the most important and easily implemented security protections is data backup.  That’s right, backup is a part of a well crafted security program.  Because whatever the disaster, whether cyber-attack, theft, data corruption, hardware failure, fire, flood, or bad weather, having a good backup program means that you can recover from disaster and continue operations.

And one of the most important things to ...

Continue Reading →
0

Should I Be Encrypted?

penetration_testWith all the personal data that has been stolen over last couple of years making headlines, prime time news stories, and an endless barrage of hacker-themed TV programs (Scorpion, Person of Interest, Mr Robot, etc.), cybersecurity has become a mainstream topic of interest.  Everyone wants to know how to protect themselves and their data from attack.  Encryption is beginning to look ...

Continue Reading →
0

Data and Goliath by Bruce Schneier – A Review

I finished Bruce Schneier’s latest contribution to the realm of corporate and governmental surveillance. This book is a great read if you want to understand just who IS spying on you. Turns out it is not just the NSA, but big corporations are collecting all data they can on customers and potential customers, and this information is sold and exchanged. Then there is the unholy alliance between corporate American and Big Government surveillance.

At the end, he recommended solutions in the ...

Continue Reading →
0

Google My Account Helps Control Your Privacy

As ironic as it may seem, since Google knows more about us than even the NSA, Google has stepped up with a new tool called My Account to help people control their online privacy.  If you have been lamenting the loss of personal privacy in the Internet age, here at last is something you can do about it.  It may not address all your concerns, but here is a start.

You will be able to control Sign-in and Security, Personal ...

Continue Reading →
0
Page 37 of 41 «...1020303536373839...»