security
WordPress: Story of a Hack with WSO
WordPress is great, but the more people that use it, the more “criminals” out there that will target it’s vulnerabilities.
Alex has a detailed write up covering his site being hacked, in My website was hacked – yours could be too! You won’t know until it’s too late.
From the article (read the whole thing):
Yesterday I found out that my website had been hacked. Not only that, but it had been hacked months ago, and I hadn’t even noticed. How did this happen?
I only found out about it because somebody was kind enough to email me to let me know that they saw this on Google
Even the best of us get hacked when we use any “standardized” platform (Windows, OS X, WordPress, Drupal, etc.).
What is WSO? It’s an environment hackers can upload to your server when they find a vulnerability, and use it to access everything on your site. When you’ve been hacked, this is the payload that a hacker wants delivered. It could site dormant for months before being activated. Ever hear about those “Zombie Computers”? WSO is like a bite from a zombie, it can transform your website into anything they want at any time, all they have to do is wake it up.
Did Alex make any mistakes? Maybe … he should have been aware of the TimThumb vulnerability, as most WordPress developers were. Is it his fault? Not really.
11 Hard Truths about HTML5
Read an excellent article by Peter Wayner over at InfoWorld, 11 hard truths about HTML5.
Some points made in the article:
- Security is a nightmare
- Local data storage is limited
- Local data can be manipulated
- Offline apps are a nightmare to sync
- The cloud owes you nothing
- Forced Upgrades aren’t for everyone
- Web Workers offer no prioritization
- Format incompatibilities abound
- Implementations are browser-dependent
- Hardware idiosyncrasies bring new challenges
- Politics as usual
The point of most of the article is just about fundamental problems building web “applications” … or just web sites that do things normally reserved for desktop applications, not necessarily problems introduced by HTML5.
How web developers protect PHP sites from SQL injection attacks
Web developers are responsible for writing websites that work today, but also years or even decades from now (though I would argue the average website shouldn’t be left alone for a decade).
It can be difficult to protect a website against all future attacks. There is one big one we all have to be prepared for (because it is just so easy to fix)… SQL Injection attacks.
NETTUTS: 5 Helpful Tips for Creating Secure PHP Applications
NETTUTS posted an article, 5 Helpful Tips for Creating Secure PHP Applications.
Frequently PHP sites have security issues, as some things make sense but are just not fully thought out.
When doing web development, it’s nice to program for the ideal input, but we also have to assume all other possible input.
Here’s the list of 5 tips that are explained in detail in the article:
- Use Proper Error Reporting
- Disable PHP’s “Bad Features”
- Validate Input
- Watch for Cross Site Scripting (XSS) Attacks in User Input
- Protecting against SQL Injection
OpenDNS – Free powerful DNS service
You may have noticed the Entrecard advertisement on the side of this blog, it’s a site that links bloggers together.
Entrecard helps you get the word out about your blog, and hopefully find more people that you want to follow, as well as readers for your own blog.
One of the habits Entrecard creates is looking through a lot of blogs in the beginning of the day. You can see a list of blogs that are members of Entrecard and have looked at your site. It’s nice to see a list of people who are interested in your subject matter. Unfortunately, that list of blogs can reach into the hundreds on a daily basis.
I found myself queuing up about 40-50 tabs in Chrome (still using and loving it) and looking through everyones blogs.
This brings me to OpenDNS.
Before using OpenDNS servers, I would normally be able to only load up a page or two before pages started to fail. I know I have a fast computer, and that the links were valid, the hosts were not going down, it was merely a problem with my internet connection. Seeing as the problem was mostly binary — either pages loaded or had DNS issues, I figured the problem was DNS related.
OpenDNS has a great tutorial on how to setup OpenDNS on your network.
It was quick, easy, and drastically improved some browsing experiences (normal browsing is a bit faster, but not as noticable as when I load dozens of pages at a time).
One bonus is that you have a dashboard that can be used to control your networks usage. You can easily filter sites, monitor usage, and create shortcuts for any machine in your network (home points to www.google.com, mail could point to mail.google.com/a/domain.com, etc).
Below are some recent articles about OpenDNS:
- Lose your Time Warner internet connection (again)? You could try Open DNS
- 20,000 K-12 Schools Adopt Free Web Security Tool
- OpenDNS – a blogger writes about DNS security issues, and why OpenDNS helps
Please share, it makes me happy:
Subscribe to Email Alerts
Make a Donation
Popular Posts
Follow Me
Recent Posts
Archives
Tags
Blogroll
- 456 Berea St
- ActionScript 3 Design Patterns
- adactio – home of Jeremy Keith
- ajaxian
- Boxes and Arrows
- Chris Brogan
- CSS Globe
- InsideRIA
- Jarrod Michael Studios
- Johan Brook: Designer and Developer
- Mad Vertices
- NETTUTS
- Portsmouth Community Calendar
- Roomware Blog
- Signal vs. Noise
- Six Revisions
- Snook
- Style Grind
- Tiago’s Weblog
- Viget Extend
- Vitamin
- Whats the latest
- Woork
- zupko.info