Spammers to Your Blog

On 11.06.10, In blogging, Blogsite, Security, By Dan Calloway

by DAN CALLOWAY
Published 6 November 2010

WEAVERVILLE, NC – Do you have a blog? Most people nowadays have one for any number of reasons. Blogs are a good way of expressing one’s self to the world or simply a means of logging one’s thoughts or ideas on the Web. Besides, it’s called a Blog because the term means Web Log.

I like blogging. It gives me an opportunity to say what I want to say or to express my opinion about areas of interest to me and allows me to share that opinion or those ideas with the World. If someone has a concurring or dissenting opinion, they are welcome to comment on the posts I leave here. That’s perfectly fine. What isn’t fine, however, are those people who wish to attack my blog with HTML or script injection.

HTML or script injection is the intentional insertion of hypertext markup language or scripting language code into what appears to be a normal comment, but has the injected script or HTML hidden from view. The reason attackers perform the HTML or script injection is obvious. They want to advertise their business or their products on your blogsite.

The problem with this is two-fold. First, I haven’t given the HTML or script attacker to my blog the permission to advertise on my blog. Secondly, such attacks flood my blog’s server and slow down the site, making it difficult for those legitimate subscribers and anonymous guests to my blog to enjoy the site.

Well, I’ve decided to take a stand. I installed WP-Sentinel, a plugin for WordPress blogs that monitors and stop incoming HTML or script injection attacks against my blog. The plugin allows one to ban the attacker–identified by IP address–for 24 hours or for any number of hours if you manually ban someone. Well, I take it a step further. I don’t worry about temporary banning. If someone takes the time to launch an HTML or script attack against my blog, then I will ban them permanently–NO WARNING!

I take the IP address of the attacker that WP-Sentinel reveals in an email message that it sends to me and I update my .htaccess file in WordPress. This file is located in the root of your WordPress installation folder and controls access to your blog. The default access command in that file is: “allow from all.” However, you can insert a “Deny” statement on a separate line(s) below the “allow from all” statement, one for every IP address you intend to ban permanently from commenting on any of your blog posts. Thus if you were intending to ban IP addresses 78.113.23.54 and 98.223.14.33, for instance, the .htaccess statements would look like this:

allow from all

deny from 78.113.23.54

deny from 98.223.14.33

I keep a copy of my latest .htaccess file in a folder on my user folder in Linux. When I receive an attack notification, I log into my Dashboard in WordPress, navigate to my WP-Sentinel plugin, locate the IP address of the attacker, append the IP address deny statement to the last line of the file, and then upload and overwrite the existing file with the new one–banning the new user along with the others.

I take a hard line against those who wish to attack me. You should too.

Wikio
Wikio
Tagged with:
 
14 Comments
Please Leave A Response

Rebuilding a Network LAN — Lessons Learned

On 04.18.10, In cryptography, Data Backup, Security, Wireless Access, By dancalloway

by DAN CALLOWAY
Published 18 April 2010

WEAVERVILLE, NC – I have a wireless home Local Area Network (LAN) consisting of a ProLine 6100 DSL broadband modem/router, Cisco WRT54G 802.11B/G wired/wireless router (acting as the Broadband gateway and DHCP server) operating in the 2.4 GHz range on Channel 6, and connecting one Dell Inspiron B130 laptop wired for admin console purposes running Windows XP, one Dell Inspriron B130 laptop connected wirelessly running Ubuntu Linux 9.10, one Acer Netbook connected wirelessly running Ubuntu Linux Netbook Remix 9.10, and two MacBooks connected wirelessly running MacOS 10.6.3 (Snow Leopard).

I chose to configure my Home network LAN by bridging the ProLine 6100 Broadband modem so that I removed the router functionality of that device but retained the NAT layering of the resultant switch after bridging. The Cisco router was configured with no wireless security being applied but, instead, a MAC filter list was setup on the router with an access-list permission statement that allowed only those devices whose MAC addresses were in my MAC filter list to access the router and thus connect to my LAN. The MAC address is a layer-2 address that is hard-coded into every wired and wireless NIC (Network Interface Card) by the manufacturer and is unique. No two NICs have the same MAC address worldwide. With MAC filtering in place, if someone attempts to connect to the wireless LAN, if the MAC address of their wireless NIC is not resident in my router’s MAC filter list, they won’t be able to connect to it. This is certainly true unless someone is smart enough to spoof the MAC filter list. I always thought that it was too difficult to spoof the MAC address to access a wireless network but after yesterday, I’m convinced that someone with the right tools and skill set can do it fairly easily. So, what I thought was a secure network wasn’t really secure at all.

Yes, day-before-yesterday, an apparent attack on my home LAN resulted in our losing connectivity to our Broadband service. The network intruder was apparently able to reset my Broadband Proline modem/router (while bridged), and totally reconfigure my Cisco WRT54G router, eliminating the MAC filter list contents, which contained well over 20 entries for other devices in my home in addition to my PCs that access the network for communication purposes to other services. Fortunately, all our PCs run Linux or MacOSX 10.6.3 (Snow Leopard) and, so, the intruder was not able to breech security on those boxes.

It took me the better part of the morning yesterday to rebuild my home wireless LAN. I have bridged the ProLine 6100 once again, and rebuilt the configuration of my Cisco WRT54G router. I am back online but have learned some very important lessons as a result of the attack on my wireless LAN:

(1) Never underestimate the persistence of hackers or their abilities to breech a wireless home network. This includes your neighbors who might try to steal your wireless connection.

(2) MAC filtering on a wireless router to prevent access to the router is not as secure as WEP security for the network.

(3) Save your router’s configuration by backing up the Config.bin file and putting it in a location that you won’t forget so the router’s configuration can be easily restored from the backup in the event the configuration is destroyed. This will save tons of time in rebuilding your router’s configuration.

(4) Apply some form of network security, preferably WPA-PSK (Wireless Protected Access – Preshared Key) rather than WEP (Wired Equivalency Protocol) on your LAN to secure the network in addition to MAC filtering.

Wikio
Wikio
Tagged with:
 
4 Comments
Please Leave A Response

How Secure Is Your Password?

On 02.20.10, In Internet, Security, By dancalloway

by DAN CALLOWAY
Published 20 February 2010 @ 21:41 UTC

WORLDWIDE – When it comes to password security online, how does your password measure up?

How Secure is Your Password?

With most websites requiring you to create an account, do you find yourself in a bit of a pickle when it comes to inventing passwords? Many people use the same password for all their online accounts and often forget the password they came up with months ago. Hands up who doesn’t feel like banging your head against the wall trying to remember the password you created months ago?

Let’s face it – everyone has problems with creating and remembering secure passwords. These tips should be of some help.

Tips On How to Create and Remember Your Passwords

  • Use the first letters of a sentence that you will remember,e.g. “I have 3 cats: Fluffy, Furry and Shaggy” gives: Ih3c:FF&S, or “Bouncing tigers have every right to ice-cream” becomes: Bther2I-C.
  • Take the name of the website and then add your personal twist, like your height or your friend’s home address (e.g. “AmazonOceanRd6’2”). Avoid using your own contact details like your phone number or house number.
  • Remove the vowels from a word or phrase e.g. “I like eating pancakes” becomes: Ilktngpncks”.
  • Use a phrase from your favourite book and then add the page, paragraph or chapter number.


The Do’s and Dont’s of creating passwords

Do:

Mix letters, numbers and symbols, and use case sensitivity (upper and lower case letters)
The longer the better. Use passwords that are longer than 6 characters.
Change your passwords at least every 60 days, cycling the numeric values up or down makes the new password easy to remember.
Try copying and pasting at least some of the characters in your password that way keyloggers won’t be able to track your keystrokes.


Don’t:

Don’t use words or phrases or numbers that have personal significance. It is very easy for someone to guess or identify your personal details like date of birth.
Avoid writing your password down, use a reputable password manager to manage all your passwords.
Don’t use the same password for several logins, especially if they involve sensitive financial or other personal information.
Don’t tell anybody your password.
When registering on websites that ask for your email address, never use the same password as  your email account.
Wikio
Wikio
Tagged with:
 
0 Comments
Please Leave A Response

China Alarmed by Security Threat From the Internet

On 02.12.10, In Asia, Internet, Security, By dancalloway

By SHARON LaFRANIERE and JONATHAN ANSFIELD
Published February 11, 2010; NYTimes

BEIJING — Deep inside a Chinese military engineering institute in September 2008, a researcher took a break from his duties and decided — against official policy — to check his private e-mail messages. Among the new arrivals was an electronic holiday greeting card that purported to be from a state defense office.

The researcher clicked on the card to open it. Within minutes, secretly implanted computer code enabled an unnamed foreign intelligence agency to tap into the databases of the institute in the city of Luoyang in central China and spirit away top-secret information on Chinese submarines.

So reported Global Times, a Communist Party-backed newspaper with a nationalist bent, in a little-noticed December article. The paper described the episode as “a major security breach” and quoted one government official who complained that such attacks were “ubiquitous” in China.

The information could not be independently confirmed, and such leaks in the Chinese news media often serve the propaganda or lobbying goals of government officials.

Nonetheless, the story is one sign that while much of the rest of the world frets about Chinese cyberspying abroad, China is increasingly alarmed about the threat that the Internet poses to its security and political stability.

In the view of both political analysts and technology experts here and in the United States, China’s attempts to tighten its grip on Internet use are driven in part by the conviction that the West — and particularly the United States — is wielding communications innovations from malware to Twitter to weaken it militarily and to stir dissent internally.

“The United States has already done it, many times,” said Song Xiaojun, one of the authors of “Unhappy China,” a 2009 book advocating a muscular Chinese foreign policy, which the party’s propaganda department is said to promote. He cited the so-called color revolutions in Ukraine and Georgia as examples. “It is not really regime change, directly,” he said. “It is more like they use the Internet to sow chaos.”

State media have vented those concerns more vociferously since Secretary of State Hillary Rodham Clinton last month criticized China for censorship and called for an investigation of Google’s assertion that its databases had been the target of a sophisticated attack from China. “China wants to make clear that it too is under serious attack from spies on the Internet,” said Cheng Gang, author of the Global Times article. (more…)

Wikio
Wikio
Tagged with:
 
8 Comments
Please Leave A Response

FCC Chairman Spams Facebook Friends

On 12.31.09, In Security, Social Networking Links, By dancalloway

by DAN CALLOWAY
Published 01 January 2010 @ 00:13 UCT

From: Brad Stone:  New York Times

NEW YORK, NEW YORK - Facebook scam artists have closed out 2009 by snagging a prominent victim: Julius Genachowski, chairman of the Federal Communications Commission.

On Friday morning at around 10:30 a.m., Mr. Genachowski sent his Facebook friends this puzzling message: “Adam got me started making money with this.” It was followed by a link to a Web page that is no longer active. The message blitz indicated that Mr. Genachowski’s account had been taken over by a malicious program that was using it to send out spam.

As of Friday afternoon Mr. Genachowski’s Facebook profile was no longer visible on the site. A Facebook spokesman, Larry Yu, said the company learned of the problem this morning and suspended the account, as it routinely does in such cases. An F.C.C. spokeswoman declined to comment.

The chairman is by no means alone in getting inadvertently embroiled in social networking scams that can be embarrassing. I wrote about such scams earlier this month, noting that the humiliation sown by these attacks is usually just a byproduct of spammer efforts to get people to click on various links.

It’s not clear how Mr. Genachowski’s Facebook account was compromised; perhaps he or a family member clicked on a malicious link, allowing his account to be taken over.

The most important question: Who the heck is Adam?

Update: Facebook sent this statement, which indicates that if Mr. Genachowski wants to continue to use Facebook, he will have to get some education about the safe use of this particular form of communication.

We take security very seriously and have devoted significant resources towards helping our users protect their accounts.  We’ve developed complex automated systems that detect and flag Facebook accounts that are likely to be compromised (based on anomalous activity like lots of messages sent in a short period of time, or messages with links that are known to be bad).  Because Facebook is a closed system, we have a tremendous advantage over email.  That is, once we detect a phony message, we can delete that message in all inboxes across the site.

We also block malicious links from being shared and work with third parties to get phishing and malware sites added to browser blacklists or taken down completely.  Users whose accounts have been compromised are put through a remediation process, where they must take steps to re-secure their account and learn security best practices.  This is what happened with Chairman Genachowski’s account.

To combat these threats, however, we need users’ help too.  You can protect yourself by never clicking on strange links, even if they’ve been sent by friends, and by being wary of sites that ask you to download or upgrade software.

We educate people about online security through our Facebook Security Page, which has well over one million fans.  

Wikio
Wikio
Tagged with:
 
0 Comments
Please Leave A Response

« Previous Entries
Go To Top »
Get Adobe Flash player

SEO Powered by Platinum SEO from Techblissonline