Security

by -

We have our anti-virus software to protect out computers from malware – but no protection as such for our websites. While a person in the know may be able to harden his website’s security by tweaking a few settings and changing file permission, a layman would probably be at a loss! Recently all our websites were hacked, and that is when I started looking around for a good free service that would help me protect my websites in future. That’s when I can across WebsiteDefender!

Protect Websites

WebsiteDefender.com is an online security monitoring service, which helps you secure your website or blog against malware or any hacking activity. It actively and periodically patrols your website and reports any detected malware, hacker activity, and security vulnerabilities, including file permission — with clear instructions on how to fix each issue. This is important: Clear instructions on how to fix them – which even a layman will be able to follow!

Features that make Website Defender unique:

  1. It will notify you, as soon as one of your website’s file properties have changed and, will also highlight these changes.
  2. It notifies you immediately about any threats that target your website or blog
  3. It checks if your site is blacklisted by any Internet search engine, such as Google
  4. It continuously looks for new security weaknesses on your site
  5. It checks if there is any under the hood hacking activity on your website.

WebsiteDefender is also the only online website security service which provides specific security checks for WordPress, such as:

  1. Check if plug-ins are safe
  2. Check if the database is protected
  3. WP installation is secure.
  4. Fire permissions are secure, etc.

The service is free for one website or blog per user. If you have additional websites, you will be required to pay.

Secure WordPress Blog

For WordPress users, things become very easy! Simply download and install the WebsiteDefender WordPress Security plugin. This plugin was developed, after the company took over the two most popular WordPress security plugins: WP Security Scan and Secure WordPress, WebsiteDefender developed the WebsiteDefender WordPress Security plugin, which brings together the best features from the other two plugins into a new and more capable tool to help you secure your WordPress website or blog, with minimum effort.

If you use WordPress, you might want to have a look at some more Security Tips to protect WordPress blog.

If you are a blogger, I would strongly recommend that you consider using this free service or installing its WordPress plugin to secure your blogs.

I would be happy if it even included a TimThumb scanner, in its future versions. Currently we have separately installed the Timthumb Vulnerability scanner WordPress plugin which ensures that your Timthumb files are always up-to-date. The Timthumb files are often hacked to gain access to your WordPress installation. EDIT: I stand corrected. WebsiteDefender already checks for the TimThumb vulnerability. More on that here.

What methods do you follow to secure your WordPress blogs? We’d love it if you were to share your tips with us!

You may also check out Quttera Web Malware Scanner.

by -

If you get a list of all people using Internet, I bet you that this article is concerned with at least 75% of them. And 75% of them wouldn’t get a word about what this article is trying to convey!  Still for the rest of the 18.75% (If my calculations aren’t wrong ), I am writing this article!

It may appear to you that accessing Facebook, Google+ and other information is completely harmless but wait, you are wrong! Every Google Search that you do, every single status update that you post on Facebook or every Video that you watch is taking away your privacy. And for you if privacy matters, you might just be required to change your habits a bit.

What am I trying to say?

I’m sure that you all must be knowing what an IP Address means? For those who don’t, read this! Every device connected to the public Internet is assigned a unique number known as an Internet Protocol (IP) address. An IP addresses consist of four numbers separated by periods (also called a ‘dotted-quad’) and look something like 127.0.0.1. Since these numbers are usually assigned to Internet service providers within region-based blocks, they can often be used to identify the region or country from which a computer is connecting to the Internet. It sometimes can be used to show the user’s general location.

And if you’re that ‘someone’, then it may just mean a lot to you. Imagine any spying activity that may take place just because you logged in to Facebook from different locations!

And this just doesn’t stop on IP tracing. Do you just use the same account details for all your accounts:- Google, Facebook, Twitter, website XYZ? Definitely Google, Twitter and Facebook may not try to log in to your different accounts, but website XYZ can! Trust is a word that finds no application in the world of Internet, because there are hordes of cyber-criminals lurking around. God forbid, but you may be the next target.

So what’s on stake?

Just think if a guy gets access to your Google Accounts. He may see all your documents on Google Docs (In which confidential information might be saved!), use your account for illegal purposes and by chance if some one gets caught it wouldn’t be that guy but you!

So What Should You do?

  • Avoid creating accounts of websites which are not very popular.
  • Don’t keep any confidential information online.
  • If you’re concerned, browse anonymously. Learn How!
  • Common Sense is the key to happiness (We do exaggerate!).
  • Don’t click on malicious looking URLs.
  • Remember that your private information is yours. You get the choice of when, where and why you want to share it with someone.

Do share your opinions about this article! If you wish, we’ll cover security topics quite frequently

You may like to read about 5 Applications to Help You Surf Web Anonymously

 

 

by -

There are times when you want to surf  web anonymously because sometimes we just don’t want to conceal our identity. Reasons can be many. If you are a regular TGC visitor we don’t let you go disappointed. So, here are five applications to help you surf  Web anonymously.

5 Applications to help you surf Web Anonymously

HideMyAss - This site may provide the best way to hide your identity. With HideMyAss you can hide your IP and history.  It will also help you to protect your online identity. Just paste the URL of the website and let the fun begin.

Guardster - This is a fantastic online proxy tool helping users to protect their identity. It helps the user to connect to the website through Guardster servers making it an easier task to protect the online identity and IP. What adds to its points is that it comes with the support of javascript and cookies which lacks in HideMyAss. And if Guardster is able to satisfy you then you can also enjoy its paid version.

Tor - It is a perfect app for Windows that will help you to perk up your online uniqueness. With Tor, you can prevent website from tracking your IP and other private information. If you own a blog or website, then you can keep its identity secret too.Fsurf - Tired of “lets block websites” game played by your ISP or schools? This tool may suit you. You can unlock the website that are either blocked by your ISP or organizations.

TryCatchMe - It is another proxy to help you protect your online identity and IP. Like Fsurf, this too has the ability to unlock the blocked website in your schools and other organizations.

The above ways are to surf the web anonymously for a better cause rather spreading unruliness on the web and unlocking some “must blocked websites”. But a must go tools!

Any favorites we have missed?

by -

Everyone likes to stay protected and so does our Android phones. So, here is a list of top 5 security suits to keep you Android smartphone protected from spam and thefts.

Lookout Mobile security

This should be the first priority among available security apps. It is available in two flavors that is paid and premium. Free version lets you scan for malwares, backup and restore your data online and to locate your phone when it is lost or stolen. And it also has been in the gossip for locating a stolen phone.

You may have to shell out $3 per month for a premium version and get remote locking and wiping capabilities along with it. And the premium version also gives you information about the security level about the applications you use. If you want a real security thing, then you won’t regret shelling out some bucks.

AVG Antivirus

It is a Big name among the security tools. It scans all you apps, media and phone contents for any suspicious content and helps you to keep your phone malware free. And also freely available adds up to its points.  Ability to scan links attached with mails helped me a lot. If you want to keep your phone protected and malware free, then it is a must go for you.

Norton Mobile Security

We have a lot of information stored such as credit cards numbers, email etc. stored in our phone. So if your phone gets lost, then you need not to worry. A single text message would remotely lock your phone so that thief can’t enjoy Android Market on your money. You can also block you SIM card for frustrating the thief more as he would not be able to swap to another phone. It also scans for malware to keep your phone bugs free. If you want a free complete mobile security, then Norton is a superb choice.

Wave Secure Mobile Security

Though it seems to be sibling of Norton but you have to shell out $20 per year to enjoy it. Like Norton it gives you the ability to wipe down and lock your phone remotely but isn’t able to scan for Malware just like Norton. It backup your data and gives you the ability to restore it on any other device. It also has a nice security to track your phone when it is stolen. WaveSecure uninstall protection just adds gem to its security. It won’t let the mobile security app uninstall without typing a password, which makes it easy to track the lost phone.

NetQin Antivirus

It seems to focus more theft security. With NetQin you can lock your phone, erase its contents and block it from illegal use. Nice app to keep your Phone theft free.

Any favorites we have missed? Comment Section is below.

by -

Facebook users ought to be more careful about their online security after the birth of the Ramnit worm. For the unknown, Ramnit was first discovered in April 2010 when the Microsoft Malware Protection Center (MMPC) described Ramnit as “Win32/Ramnit is a family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files. Win32/Ramnit spreads to removable drives, steals sensitive information such as saved FTP credentials and browser cookies. The malware may also open a backdoor to await instructions from a remote attacker.” More than 17.3 % of malicious software infections trace their origin to the Ramnit worm, according to Symantec.

However, that was not all. The Ramnit worm was successful in stealing Facebook credentials of more than 45000 users, mostly from France and the U.K. These stolen credentials were later used to spread malicious links to the profile’s Facebook friends, thus magnifying the reach of the malware by leaps and bounds. The cybercriminals behind this whole motive must have done a thorough research about the behavioral characteristics of online users who tend to use the same password for multiple accounts and services and this helped them to creep into various other corporate networks.

Though all the stolen credentials found on the Ramnit servers have been sent back to Facebook, but it does raise a question on online security and Facebook’s privacy options. More than 800,000 machines are said to be infected with Ramnit from September 2011 to December 2011. In August 2011, hackers behind Ramnit merged several financial-fraud spreading capabilities and created a “Hybrid creature” which was empowered by both the scale of the Ramnit infection and the ZeuS financial data-sniffing capabilities. This enabled Ramnit to bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks.

How to stay safe on Facebook

  • Enable a firewall on your computer.
  • Get the latest computer updates for all your installed software.
  • Use up-to-date antivirus software.
  • Limit user privileges on the computer.
  • Use caution when opening attachments and accepting file transfers.
  • Use caution when clicking on links to web pages.
  • Avoid downloading pirated software.
  • Protect yourself against social engineering attacks.
  • Use strong passwords.

Go here if you need more Facebook Security Tips.

Stay active, stay safe!

by -

Quick Response code, or QR codes, are widely used all over the world. For the unknown, a QR code is a two-dimensional code that consists of black modules arranged in a square pattern on a white background (many companies use modified QR codes with non-black modules). A QR code can contain information ranging from numeric, alphanumeric, byte/binary etc. It contains encoded information that can be retrieved by scanning through a QR Reader which decodes the information.

First used in the automobile industry, a QR code is fast gaining acceptance all over the world and is in frequent use in Western countries. India still has to catch up on this but latest market trends favourably support it with many advertising/marketing campaigns of top notch companies displaying a QR code with their URL encoded in them. A QR code carries some great advantages:

  1. Secure: A QR code is very much secure with the encoded information safe inside. Save your passwords, important information upto 1400 characters in to QR code and it always  stays with you.
  2. Portable: You can carry all your confidential information in the form of a QR code as and when you wish and decode the  same as you please. You can access a QR reader from almost anywhere to decode your information.

However, the absense of a QR reader when in times of need may render you extremely helpless and the only option would be to solve the code using pen and paper.

The use of QR code is fast rising and the time is not far when it may become a standard for displaying short / important information. A few QR code generators are available at :
Kaywa QR Generator
GOQR
QR Stuff
QR code generator

While a QR code reader is available at almost every platform, be it Android, iOS, Desktop etc.
Kaywa QR reader
Desktop QR Reader

Why don’t you scan the below QR code and comment below, the information it contains ?

by -

These days we often hear that some terrorist organization or some person has sent hate email or email containing threats, to police or government officials. Whoever may be the culprit; most of the times innocent people end up suffering through police inquiry. This happens due to the lack of proper security measures, taken while accessing email account through Wi-Fi.

Although a traditional cable internet connection can also be hacked, Wi-Fi has become softer target due to people’s negligence towards securing their Wi-Fi areas. In this article, we will tell you how to secure your Wi-Fi connection effectively through some basic steps.

wifi-logo

The first and most important fact that should be known to everyone using a Wi-Fi connection is Wi-Fi signals are not blocked by wall and thus anyone, let it be your neighbor, person standing outside your home, can connect to internet using your bandwidth.

Therefore if your Wi-Fi connection is not secure enough you are likely to get less internet speed due to the sharing of bandwidth with other intruders; it will increase your bill if you are on pay-as-you-go plan and last but most important thing is you might become a false victim of such threatening mails cases.

Let us now see how to secure Wi-Fi connection in simple steps.

  1. Create unique password for your router:
    1. For that you will have to access your router’s settings. Usually this is done by typing your IP address into browser tab. Eg. 192.168.1.1
    2. This step may differ from brand to brand. You can find steps for accessing router’s setting in its manual.
    3. For your convenience, here are some famous companies’ web-sites which help you in any kind of query about your product: Linksys, Cisco, Netgear, Apple AirPort, D-Link, SMC, TP-Link, Belkin, 3Com.
    4. After reaching those settings, change the default password. This will prevent any unauthorized access to the router.
  2. Change your SSID: The next step is to change your network’s SSID (Name). All the Ad-hoc networks carry a pre-defined SSID which can be easily guessed. Thus change it to make everyone aware to which network they are connecting. This setting will enable you to connect to your network even though there are multiple networks streaming their signals simultaneously.
  3. Enable Network Encryption: Probably the most important step. It helps you to prevent unauthorized intruders accessing your signals. There are several encryption methods like WEP, WPA and WPA2. The latter is most secure network while the former is compatible with wide range of devices but not so secure. To do this, go to router’s setting page and open Wireless network page. Choose one method of your choice and then enter a password-phrase which should be hard to guess. It can be anything alphabets, combination of numbers and alphabets or special characters and so on.
  4. Filter out MAC addresses: Each and every device wishing to connect to internet has a hard-coded MAC address. Therfore it is possible to add another layer of security by enabling filtering MAC addresses that can access internet through your router. To do so, prepare a list of all MAC addresses of devices you are using and add them to router’s MAC address filtering feature. This feature can be found on router’s administrative page.
  5. Reduce range of signals: Try to reduce range of your signals so that signals do not get carries far away from your location. This can be done by changing mode of router to 802.11g or by using different channel.

On parting note, we advise you to use WPA2 connection as it is most secure. You can also use various software available in market for checking all the devices that are connected to your network. Keep on checking your vendor’s web site for firmware update.

If you implement all these steps, your Wi-Fi connection will be a lot safer. And please do not forget or hesitate to share or tell about this article and steps, to others for their safety.

by -

The World Wide Web is fast growing to meet its ever increasing number of user base and their demands. In similar lines as this, the numbers of websites that are housed on the World Wide Web are fast increasing and WordPress being one of the most sought after platform in the market today.

But whenever you install WordPress to start your own website or blog, several initial settings and customization need to be taken care of. Otherwise your site may loose the technological pace as well as can be easy target for hackers. Sites like Blogs must also have the efficiency and feature rich interaction along with great content. Hosting an open source software like WordPress, with easy user interface, does have a few tweaks to be taken care of.

These settings help get the most out of websites up on WP platform, other than choosing your blog’s name and tagline.

1. Update your Permalink Structure

http://yourdomain.com/p=221; is the basic permalink of a WordPress blog page or post. Short and simple, but not much good enough for SEO neither user friendly. Go to Settings > Permalinks and then select “Custom Structure” and update your link structure.

The proper enhancement is to change it to some form like –

/%postname%/

/%postname%.html/

/%post_id%/%postname%/

This makes the pages easily identifiable by search programs and helps drive in traffic.

2. Customize Admin users

The basic security tweak for WP accounts is to alter the username for admin account from the default WP account username. This ensures two-way security posing an unknown username as well as password for anyone trying to break in to the system. Add or edit your team of admins, editors, authors, subscribers, or contributors with proper access rights. This can easily be done from Users > All Users.

3. Limit User Registration

The process of allowing users to get memberships under their blogs is another feature that the platform offers, but is best turned off unless and until is of utmost importance. Go to Settings > General and uncheck the option for Anyone can register and make sure that the role of the new user is set as per your requirement.

4. Set WP Time Zone

Just below user registration, under general settings, the time zone can be set to one’s local time. This allows correct publishing of posts that have been scheduled for later on.

5. Enable Threaded Comment

Under Settings > Discussion the comments can be turned to go on threaded to make them look like a conversation so that the comments complement each other and go on and on.

6. Update Ping List

The words about a new post can be shared on the web with the ping service that the platform provides. But by default, WP pings only one service and this is best when multiple services are included in the ping list.

7. Customize WordPress Gravatar

Can be found under Settings > Discussions. The basic change in the Avatars is that one must enable the image to be shown to users who don’t have a Gravatar account. This helps in better communication to threads and comments.

Thus once began with WP, the basic tweaks helps one get the traffic easily and get the most out of the posts and the discussions and some basic security benefits.

by -

With the word spreading around fast, it no longer is a secret that WordPress today hosts more than 8.5% of independent website globally. The reason that there is a steep growth in the number of WordPress users is its policy of being an open source web development tool. That indicates that the source code for the webpage that are being built up by the software are available for free for developers to carry out tweaks and fixes to make the most out of the web.

But this also makes the platform an open source option for code breakers and hackers with intentions of hampering the websites and in most cases laundering money out of the websites. If you are relying on the WordPress platform then here the most important security tips for you to keep in mind.

WordPress Security Tips

1. Don’t Use “Admin” as Username

It is obviously more of a challenge to crack up both the username and the password of any portal; rather than having the username readily available. This is in regard to WordPress admin usernames that are set as admin. The best way to add security is to alter the username to anything other than conventional admin.

You can change the username of “admin” by executing the following script on your WordPress database from your phpMyAdmin:

UPDATE wp_users SET user_login = 'new_admin' WHERE user_login = 'admin';

– where “new_admin” will be your new username.

2. Restrict Admin Access by IP Address

Normally any user can visit your wp-login page and can do some trial and errors on your WordPress login. You can restrict only users with particular IP address to access those wp-admin and wp-login pages. You will just need to create an .htaccess file within your wp-admin directory, and put the following code in that file –

order deny,allow
deny from all
# allow first IP address
allow from XX.XX.XXX.XXX
# allow second IP address
allow from XX.XX.XXX.XXX

– where xx.xx.xxx.xxx is the IP address you want to give access to your wp-login.

3. Move wp-config.php

The file basically has all the database connection related info as well as other data that are related to our account. The best way to protect it is to move it out of the way for SSH or FTP intrusions. Found in the WordPress root folder, you can move wp-config.php file just in the directory which is one level up to the WP root directory, which doesn’t come under most FTP protocols. WordPress now automatically looks for the upper directory if it can’t find the file in the root directory.

4. Change Database Table Prefixes

You can change the names of the WordPress table prefixes by altering them in the wp-config.php file during the time of installation. This enables you to be secure about the table names that are related to the website.

5. Alter Secret Keys

The secret keys are the ones that allow the password protection to be strong and to act according to the system settings. But the default ones can be laundered by an experienced WordPress developer; to change the from default ones, you can open wp-config.php and replace the existing ones with the newer ones here.

6. Always Update to Latest WordPress

Another commonly utilized way to increase protection is to update and upgrade to the latest available WordPress software version as the newer releases are set to counter some of the most potent security threats that are seen in the market at that time.

7. Never Show Your WordPress Version

Always remember that spammers and hackers are very well aware of all the security leaks for every WordPress versions. Recently you might have heard of the timthumb.php hack which affected hundreds of blogs which were using the 1.33 version of it. Immediate solutions were provided and version 2.0 of timthumb.php was released. So never give hackers the opportunity to know what vulnerabilities are residing in your WordPress codes.

8. WordePress Security Plugins to Protect

Htaccess Password Protect – the plugin offers security features to safeguard the wp-admin directory along with the additional like the wp-content, etc. which don’t come in the bundled security package.

WordPress Login Lockdown – This plugin monitors all the failed intrusions into the account from an IP address. Once multiple failed intrusion attempts have been noted for a system, all the oncoming requests are than blocked. This, although is a separate plugin, but can be easily merged with your theme’s code.

Wassup – Monitors activities of each user on all the forms of your blog. It records any suspicious sql injection attempts of code inject trials done by any user.

Secure WordPress – Removes additional error information due to invalid login attempts, hides WordPress version and update notifications in admin panels for non-admins, removes versions from URLs, checks and remove any bad or invalid database queries.

9. Use Strong Passwords

Modern brute force attacks end up breaking through weak passwords with mere complications. And the best way to get rid of this shortcoming is to use a password which is strong in language of the computers; using password generators is one option, as the likes here.

10. Regular Backup

The most prescribed security-related tip is to keep in the habit of having regular back-ups up and running for the websites. This ensures that the site can be brought up to its previous forms if being hard hit by the hackers.

The basic ways to protect a WordPress account and website is to make the intrusions harder by using better and recommended security plugins and to make the critical files out of reach for transfer protocols to avoid having to meet up to dire consequences. So from now make your WordPress blogs or website more secure and away from the reach of hackers.

You might also want to check out WebsiteDefender and Quttera Web Malware Scanner.

by -

Apple finally got to know that, all of their products were open for potential attack and released the series of patches and updates to almost all of its products after recently released patch for iTunes. The product lines includes Safari Browser version 5.1.1, Apple TV Version 4.4, Numbers for iOS 1.5, Pages for iOS v1.5, iOS 5 and Mac OS X LION 10.7.2 has got the patches with some improvements in performance and security.

Apple Releases Vulnerability Patches To iOS 5, Lion OSX, Apple TV And Safari Browser

First of all, the previous version of Apple TV was affected of the rogue DigiNotar certificates, while man in-the-middle-attacks and protecting against malicious code execution. The previous version of iOS also had the problems in Data Security, CoreFoundation, CFNetwork, CalDev and Calendar.

Hackers could have access customer credentials easily because of the logs, which should not have existed, script injection problems and memory corruption in few areas. They could have reset any device and access the resources when the kernel failed to reclaim memory correctly from the incomplete TCP connectivity.

Mac OSX Lion Operating System was suffering from iChat server flaws, file system, Apache Server and Firewall flaws. This could have caused for many hacks into the system. Problem in IOGraphics also lead to access the system bypassing the screen lock.

The update to Apple Safari browser fixes 43 bugs, in those holes, few of them could have execute arbitrary Javascript which hides in the Safari extensions. Vulnerabilities related to SSL Certificate are fixed and document cross-origin error also patched, which could have led to attack via cross scripting.

Memory corruption problem via malicious Microsoft Word files are solved as the new Page editions fixes the problem. Malicious Excel sheets were the problem before, which also solved by introducing the updates and improvements for Numbers in iOS.

Be ready to update all your Apple devices to latest patches, which will increase the security of your devices. Stay tuned on The Geeks Club for more update on Apple and its devices. What is your opinion on the latest move by Apple? Will this keep iOS alive in front of Android Movement?

Source:  Apple.