Increased Security

Posted: Sat 13 April, 2013 | Author: | Filed under: D4D™, Geeky, Getting Organised, People, Security, WordPress | 1 Comment »

At the moment, there is a huge attack going on against blogs using WordPress.

It’s primarily attacking the blogs who’ve kept a lot of the default settings – particularly keeping the primary user as “admin” with weak/known passwords – but still, it’s better to make sure that things are secure.

D4D™ has always been on an altered install of WordPress – mainly because I’m really bad at leaving things alone – so I’m less concerned about it, but all the same, I’ve added in a couple of security plugins just to reinforce things.  I’m also making use of Cloudflare to add another level of security.

It’s going to make things interesting for a lot of Blog Owners on the WordPress platform, though.  Basically, if you’re on WP you need to :

  1. Make sure you’re not relying on the “admin” user
    1. Add a new user to WP , give it admin rights (and a strong password)
    2. Set “admin” to have the lowest possible permissions (contributor), or delete it completely.
  2. If possible, make sure your database isn’t using the wp_ prefix for all wordpress tables.
  3. Use Cloudflare or similar
  4. Install the Limit Logins plugin
  5. If you know what you’re doing, also install the Extend WP Security plugin
  6. Take backups!

There’s other stuff along the way, but those really are the key points.

Google Web History

Posted: Thu 23 February, 2012 | Author: | Filed under: 1BEM, Geeky, Legal, Privacy, Security, Technology | 3 Comments »

On March 1st, Google’s privacy policy is changing.

If you don’t want your web history (among other things) stored past that date, you need to delete it in the next week. If you leave it ’til 1st March, it will be too late – you need to have done it by the end of 29th Feb.

The EFF has a useful page here about how to delete your Google web history.

Honest Intent

Posted: Fri 5 November, 2010 | Author: | Filed under: 1BEM, Domestic, People, Politics, Security, Thoughts | Leave a comment »

On this particular day, remember that Guy Fawkes is still the last person to enter the Houses of Parliament with honest intentions.

The Gunpowder Plot is a healthy reminder that terrorism really is nothing new.  Mind you, if the risk of terrorism now were to involve being hung, drawn and quartered, I wonder how many would still think it such a cool thing ?

It’s not about religion

Posted: Sat 14 August, 2010 | Author: | Filed under: News, Security, Thoughts | 8 Comments »

In today’s news there’s been a big thing about Barack Obama defending the right to build a mosque near the Ground Zero site in New York.

The best bit of it all though was the quoted parts of the speech…

We must all recognise and respect the sensitivities surrounding the development of lower Manhattan, Ground Zero is, indeed, hallowed ground. But let me be clear, as a citizen, and as president, I believe that Muslims have the same right to practise their religion as anyone else in this country.”That includes the right to build a place of worship and a community centre on private property in lower Manhattan, in accordance with local laws and ordinances. This is America, and our commitment to religious freedom must be unshakeable. The principle that people of all faiths are welcome in this country, and will not be treated differently by their government, is essential to who we are.”

He told the group of US Congressmen, government officials and foreign dignitaries that America’s tradition of religious tolerance distinguishes it from “our enemies”.

“Al-Qaeda’s cause is not Islam,” he said, “it is a gross distortion of Islam”.

And that’s the primary point for me – Al-Qaeda is not an Islamic cause, the current phase of “islamic terrorism” isn’t about islam at all, it’s just about terror. Anyone who thinks that these terrorist episodes are about religion really is a bloody moron – religion is (as always) the convenient talking-point to support the ’cause’.

New Scam/Phishing Email

Posted: Thu 22 July, 2010 | Author: | Filed under: 1BEM, Advertising, Geeky, People, Security, Stupidity | Leave a comment »

Yesterday I noticed a new spam / scam / phishing email that seems to have appeared.

It purports to come from Amazon, and tells you that your order has been despatched, along with some links that are clickable.  The links actually go off to a russian site, but I’ve no idea what that does, and have no intention of finding out.

The biggest clue that it’s a spam/scam are

  • the prices are all in dollars (which is a bit of a giveaway for us in the UK)
  • you haven’t ordered anything from Amazon
  • it’s got a link to “see the ordered items”, rather than just listing them in the mail
  • the email address it’s been sent to isn’t the one you’ve got listed with Amazon

But all told it’s one of the better spam/scam/phishing-type emails of the moment.  Best to publicise it and be aware of it.

Security Reading

Posted: Thu 15 July, 2010 | Author: | Filed under: Cynicism, Geeky, Security, Work-related | Leave a comment »

All quiet round here at the moment, as my brain is utterly failing to process stuff.

I’m stuck with reading a metric butt-load of security stuff (as written about at the tail end of last week) which is about as interesting as you’d expect.

Check out this – it’s the first paragraph of the documentation, which (as I understand it) is meant to make you want to read more…

CLASP — Comprehensive, Lightweight Application Security Process — is an activity-driven, role-based set of process components whose core contains formalized best practices for building security into your existing or new-start software development lifecycles in a structured, repeatable, and measurable way.

In any game of Buzzword Bingo, that paragraph/sentence will get you “House!”

There’s 600+ pages of this shit to wade through, so posts here might be a bit slow

Documentation

Posted: Thu 4 February, 2010 | Author: | Filed under: D4D™, Domestic, Security, Web Development, Work-related, Writing | 3 Comments »

In the run-up to the Festering Season, I had one hell of a lot of work coming in with some documentation that needed doing in order to get us what’s known as PCI-DSS accreditation. PCI-DSS stands for “Payment Card Industry Data Security Standard”, and it’s a total fucking nightmare.

Anyway, one of the big steps in attaining this PCI-DSS standard is to have somewhere around a metric shit-ton of paperwork. No kidding. There’s some 230-odd points in the PCI-DSS standard, and each one of the bloody things needs documenting. It’s a serious bit of work just getting all the paperwork done.

With the other stuff I also had to do in order to get everything in place, the documentation took a back-seat, and we ended up getting it done by me speaking into a dictaphone, and then getting an audio-typist to type it all up. It was supposed to save me a stuff-load of time. And it worked – I’d got all the dictation done in two and a half days, and the typist did everything in time for mid-January.

Or so we thought.

It turned out that the audio-typist was a tossbag, and didn’t actually do all that much in the day they were in – at the end of which they said they’d done it all.

Cunty fucking bugger.

It’s taken me the intervening three fucking weeks to get things back to where I thought I was in mid-January. Three weeks of doing this sodding documentation, three weeks of making sure it’s right, and that it all makes sense. Oh, and still doing all my normal insane workload as well.

This goes some way to explaining why I haven’t been writing much on D4D in that time – I’m utterly damn sick of typing, and didn’t have the time or headspace to do much here.

I’ve just now finished the documentation for PCI-DSS. We’ll review it tomorrow and next week, so I’m sure there’ll be some edits. But that’s just fiddly crap – the most important thing is that I’ve broken the back of it. I’m done.

I’m also utterly fucked. But that’s beside the point. I’m done with the documentation.  Happy, happy day.

← Older Entries
Newer Entries →