Need help with your business technology?

p: (415) 409-9557 e: adria@butyoureagirl.com

Category: Security

WordPress Security: How To Fix Your Hacked WordPress Site – East Bay WordPress Meetup

Posted on December 20, 2011

Image for WordPress Security: How To Fix Your Hacked WordPress Site – East Bay WordPress Meetup

Yesterday I presented to the Security Revisited event put on by the East Bay WordPress Meetup group on how to get your WordPress website back on it’s feet after it’s been hacked or infected with malware.

Last year I helped Patrice who runs Afrobella.com recover from a seriously nasty malware hack to her blog after Google told her she had been blacklisted.  It was frustrating for Patrice, her fans and advertisers but I got the site cleaned up and hack free.  Back in June I saw there was a call for WordPress security topics so I jumped in and said I’d share my experience as a case study for the group.

I covered:

  • How to tell if your WordPress site was hacked
  • Why people hack WordPress sites (popularity, infect other computers, steal data)
  • First steps to start investigating the problem
  • How to backup your WordPress files and database
  • How to scan your WordPress files for infection using Avira
  • How to scan your WordPress site using Sucuri
  • Tools and plugins to use to monitor your site for changes
  • How I recovered the site of a popular blogger using this system
  • and much more!

Here’s the presentation from the meetup:

People asked several questions during the presentation and I’m listing the resources I mentioned here as well as the recorded WordPress training at Udemy I’m teaching and the San Francisco WordPress workshop in February at Parisoma:

What hosting company do you recommend and why?

Rochenhost (affiliate link) – They do backups twice a day, respond to support tickets in 8 – 14 minutes, have Red Hat certified technicians and proactively monitor their shared hosting servers.  Fast, responsive and solid.

What WordPress theme provider do you recommend and why?

Woothemes (affiliate link) - They keep all their themes up to date on a regular basis, they have great support and and active community of users, their framework supports patching security issues in their themes and they have a wide variety of flexible themes to fit nearly any WordPress site

What are the security / protection plugins you named?

What was the link to the blog post you did last year on hacked WordPress sites?

http://freshworkshops.com/2010/12/20-ways-to-find-your-wordpress-hacking-problem/

Where can I read more about the TimThumb vulnerability?

http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/

Where can I get WordPress training online?

You can head over to Udemy which is now hosting my Build Your Own WordPress Website training for just $29.  You get 8 hours of solid, step-by-step training on how to set up your very own WordPress website.  Remember, the best part about using WordPress is that it is SEO optimized out of the box!

I just received a really nice quote from a previous client I setup on WordPress in 2008 because I asked him to share his story with a new prospective client who is still riding the fence on WordPress:

“I know that WordPress has been the best thing.  Many changes I do myself which keeps the site fresh. It also keeps me interested in routinely updating since I instantly see the changes.”

Joseph L. Rapacki, Rapacki & Co Accounting (yes, that’s a WordPress site)

Where can I get WordPress training in person?

Glad you asked!  I’m teaching a four week WordPress workshop in San Francisco this February at Parisoma called, Becoming A WordPress Master, and it’s going to cover all the essentials of WordPress.  Great for people just getting started with WordPress as well as people who want to better understand how to leverage SEO, themes and plugins.  We’ll cover new features in WordPress 3.3 like the HTML 5 drag and drop image upload option.

The cost is $120 for all four sessions and you can register here.

  • WordPress Setup 101: Wed, Feb 1
  • WordPress Tour: Wed, Feb 8
  • WordPress Themes and Plugins: Wed, Feb 15
  • WordPress Content Strategy and SEO: Wed, Feb 22

Thank you to Sallie Goetsch for asking me to speak at the meetup event and thank you to Anca of Techliminal for hosting the meetup!  It was great to meet everyone and hear people’s questions about WordPress security!

4 Comments - Posted in blogging, Cover Your Butt, How I Work, Security, Wordpress, Wordpress Training

Leaving Facebook: Step #2 Deactivate Account

Posted on May 24, 2010

Following Jason Calacanis’ call to action, I am deactivating my Facebook account tonight (with plans to delete it later on).

So far:

  • I’ve made most of my information private, including photos
  • I’ve run a backup using backupify
  • I have just visited to deactivate my Facebook account facebook.com/deactivate.php Deactivate puts your account into a dormant state but your data isn’t erased.


Facebook | Deactivate Account

I am pasting part of Jason’s post below. You can read the entire thing at
calacanis.com/2010/05/21/im-deleting-my-facebook-page-today/

Read More…

0 Comments - Posted in Privacy Issues, Security, You Vote, Your Data

iPhone Jailbreak Software Could Steal Your Passwords

Posted on September 19, 2009

Want that shiny new iPhone software update on your iPhone?

Would you be willing to give all your passwords away to get it?
Extraverage | iPhone Wallpapers
Read More…

0 Comments - Posted in iPhone, Jailbreak, Protect Your Computer, Security, Your Data

How Neighbors Punk Your Open WiFi

Posted on August 13, 2009

My client had the unpleasant surprise to understand that her wireless connection had been open, for 2 years!

Insecure Wireless Network with 7 "Visitors" Read More…

1 Comment - Posted in Adventures in Consulting, Protect Your Computer, Really Bad Ideas, Security, Wireless Security, Your Data

Network Solutions Screws 573,000 Credit Card Customers On Ecommerce Security

Posted on August 4, 2009

Folks, I am happy to announce the first guest post on ButYoureAGirl.com!
@lhgreene
Twitter @lhgreene Read More…

0 Comments - Posted in Online Payments, Security, Your Data

Will TSA Snatch My Electric Toothbrush?

Posted on June 5, 2009

R1069262
Creative Commons License photo credit: yoppy

I’m heading to WordCamp Chicago today and mentioned on Twitter that I wasn’t bringing my electric toothbrush.  I didn’t want the hassle of TSA making up “rules” on the spot and then telling me I’d have to toss my toothbrush.  @swirlspice suggested I try and get it through TSA so today I will attempt to bring my toothbrush with me as carry-on.

I found some interesting experiences on the internet:

Let’s design a basic, compact, TSA-compliant carry-on “survival kit”

In light of the continuing drama-rama that is the TSA (see this thread), I propose a project: let’s design a basic carry-on kit that complies with TSA rules while granting the bearer the most comprehensive array of essentials possible in the event of an emergency (delayed/lost luggage, etc).  The more compact the “core” essentials, the more space is left over for items you don’t want to check (read: “donate,” provided they’re legal to carry onto the plane).

Confessions of a Baggage Screener

So far I had seen the machines flag plenty of deodorant sticks, toothpaste tubes, and shoe heels, which showed up on the screen outlined in red. I had handled sex toys, machetes, and pistols (legal in checked bags). But the closest thing I had seen to a bomb were manufactured images on the screen created by the Threat Image Projection System, a software package developed by the government to make sure we were paying attention. Every once in a while, I learned, police let drug dogs find contraband so they don’t grow discouraged. I didn’t much care for the implied comparison.

The ticking was real enough, though, and I couldn’t let the suitcase through until I’d figured out the origin of the sound. A US Airways supervisor was hovering nearby, and jittery fliers were peeking at us through the breaks in the partitions. I took everything out, stacking clothes on the table. I felt around the lining. I turned the suitcase over once more, noted that the ticking stopped, and saw a bulge in a tiny pocket tucked between the rods for the extendable handle. It was an electric toothbrush that turned on when it pressed against the table but was packed too tight to vibrate.

Common Items, Extraordinary Threat (TSA Blog)

Authorities overseas also found an electric toothbrush, similar to one the TSA showed ABC News, which was actually re-engineered to detonate a plastic explosive that could be hidden in the lining of a briefcase.

3 Comments - Posted in Security, travel Tagged with:

Where Do We Go From Here Norm?

Posted on March 29, 2009

st pauls & millenium bridgeI’ve decided to write a summary to give you my perspective two months after putting up the Norm Coleman database blog post.

I created the Norm Coleman blog post to answer the questions I began to receive the night this all happened. I started ButYoureAGirl.com to help people understand technology.

I like to document things (my Inner Nerd at work). You can see a similar example regarding Avira antivirus.

What happened next regarding Wikileaks and going on national television never crossed my mind as a possible outcome of following my geeky curiosity and documenting screenshots.

Photo Credit: Daveybot

Summary

Political Views
What I didn’t know at the time was how this issue was snowballing between the Democrats and Republicans. I don’t own a television and don’t follow politics. I sold my TV on Craigslist in 2006 as a part of “the great experiment” I was reading about on Steve Palina’s blog. I never really was a big fan of commercials anyway. I use David Allen’s Getting Things done (GTD) method of productivity to turn my dreams into reality. Every reporter asked me if I was “partisan”. I actually had to ask the what that was but figured it had to do with being strongly associated to a political party. Now don’t get me wrong, I have beliefs on things like education, the environment, the death penalty, the legal system, oil dependency, health care and taxes. It’s just that none of that had to do with this.

The Media
I started to see traffic spikes on my humble blog March 10th, 2009. By March 11th, more than 1,000 people had stopped by! My average number of daily visitors before then was about 40. Then the calls started. Reporters were calling and asking me to tell them what happened. Being a techie, I thought I was helping them; I now realize many were looking to sensationalize the story and twist my words to make things sound more exciting. I’m now wiser about the media and their “angles”. For those of you who work in technology, you know it can be a challenge to keep someone’s attention as you explain the benefits of data backups that utilize incremental, off-site and image based options. We find it fascinating but non technical people start to “glaze over”.

Where Do We Go From Here?
I want to share that I’m working on something exciting! I’ve been meeting and talking with security consultants around the US. I’ve also talked with people in the data privacy field. I’m working to put together a resource that will bring security and business people together in a way that makes sense. I myself am not a security consultant; rather an IT consultant who values security. I would like to utilize this event to help people connect on this issue and access accurate information on what they need to do to secure their data, networks and websites.

Thank You For Your Support
I appreciate all the words of encouragement, support, suggestions, personal stories from people on the list, research efforts and most importantly, technical folks speaking up to this. The first question I received from a reporter was, “Do you want to go the record about this?”. That reminded me that many people working in the IT field would have not feel comfortable talking about something like this for fear of the backlash. As an independent consultant, I understand I have more flexibility that those working full-time for someone. I also understand that what I do outside of my work does reflect on my work. My clients have been supportive about this issue and I thank them as well; Democrat and Republicans alike. After appearing on The Rachel Maddow Show, I really saw an increase in mentions about me across the Internet (I use Google Alerts to track this). My Technorati rank for this blog doubled. Some blogs were even referring to me as “Dr. Adria Richards”! Doh! I stopped by many sites and left comments to help answer people’s questions and to indicate I did not hold a doctorate degree.

The Haters
There have been people who voiced their opinions on what I did, how I did it, why I did it and so on. I can’t change what I did (looking into the Coleman fake website crash, taking screenshots, writing a blog post about it). I am a person who takes action. Some people are just angry people looking for targets. Some people feel they know what other people should do with their lives. I decided that I wasn’t going to feed the trolls.

How You Can Help
That said, if you are interested in helping with this upcoming project to bridge the gap between unsafe data storage in the business world and best practice data security audits, training and education, contact me.

Stay tuned…

3 Comments - Posted in How I Work, Politics, Reflections, Security, The Big Picture, The Environment, The Gas Crisis, Your Data Tagged with:

Interview on Rachel Maddow Show for Norm Coleman Database

Posted on March 14, 2009

3/13/2009 MSNBC Interview with Rachel Maddow Friday evening!
[youtube width="550" height="420"]http://www.youtube.com/watch?v=DC-xqVeFMwY[/youtube]

This is tied to my original post about Norm Coleman’s website being insecure.

Read More…

16 Comments - Posted in Media Coverage, Online Payments, Politics, Security, Television, Your Data, YouTube Tagged with: ,

Hey Bob, I’ve Got Something For You…Re: Norm Coleman Database

Posted on March 13, 2009

Image for Hey Bob, I’ve Got Something For You…Re: Norm Coleman Database

This is a reading of a comment left on my blog post about Norm Coleman’s Website Database Leak.

[youtube width="650" height="520"]http://www.youtube.com/watch?v=cdvlBbLII6w[/youtube]
Update 1: Enelson has posted an article expanding on this comment:
Norm Coleman and Identity Theft Gate: Is Your Online Donation to Norm Coleman Safe?

Update 2: Edited a bit of grammar at request of poster (homonyms, commas, spelling, semicolon, spacing, referring to Adria as a generalized type of person vs an individual

E NelsonNo Gravatar
March 12th, 2009

Okay, I couldn’t take it anymore after reading all the ignorant comments attacking Adria. I am a fellow IT consultant and I deal with security issues every day. I see hackers scanning my clients sites EVERY day looking for potential openings and exploits. These hackers are using untraceable zombie networks from all over the world. Chinese hackers; Romanian hackers; and yes many pre-teen US hackers.

Just because Bob and the rest of the computer illiterate posters here have no clue about technology, it does not mean that anyone else should remain as clueless as they are. The fact of the matter is, as an IT consultant responsible for my client’s web technology and any sensitive information associated with their websites, I ABSOLUTELY want “an Adria” to point this out as quickly as possible so that I can act on it rather than have multiple GIGANTIC security holes remain exposed for weeks, with hundreds of untraceable IP connections downloading the information. All of these security breaches can be easily found AUTOMATICALLY with internet scanners very similar to what Google uses to index the entire internet. I hate to break this to you, Bob, but I can almost guarantee you that there are Chinese and Eastern European hackers that have had this information well before Adria found it. And if you think they are going to call up Norm and let him know, I have some oceanfront property in Iowa to sell you.

The fact of the matter is that Norm Coleman and the people working for him are either completely incompetent or blatantly negligent. Adria was not the first person to alert the Norm Coleman campaign to the potential problems and yet they continued to ignore their duties to A) FIX THE PROBLEM B) Alert the donors of their mistake and C) TAKE THE DAMN SITE DOWN. It takes 2 minutes to do this until you can figure out what the problem is. Instead, the Coleman campaign claimed their site was hacked for political purposes, claimed they contacted the Secret Service to investigate and who then unbelievably and incorrectly said that no sensitive information had leaked out.

So the question should be, Bob, as a donor, would you not want Norm or someone else to alert you to the fact that your credit card information has most assuredly fallen into the hands of international hackers?

Enelson, thank for taking the time to write such a detailed comment from your perspective on this. I was so moved that I wanted to give a voice to your words.

5 Comments - Posted in Passwords, Security, Tech Tasty, Your Data, YouTube Tagged with: ,

Who is Searching Google for Norm Coleman's Database?

Posted on March 11, 2009

I had a few hundred visitors by 10am so I decided to create a list of the vistors to my blog post on the Norm Coleman Database Leak. For my own safety and to show how EASY it is to track visitors so if my little blog can handle 1,000 visitors in 24 hours, Norm’s office should cough up the numbers that crushed their website server.

Norm Coleman Website Crash Exposes Database and Email Lists

So far, we’ve got the Mayo Foundation, Hennepin County, First Bank, Wells Fargo, Best Buy…

Are these companies where people who donated to Norm Coleman and checking the site from work?

Are they needing to cut up their credit cards?

I will be adding it throughout the day

University of Alabama
College of St. Catherine
Minnesota Public Radio (You never know)
National Institute of Health
American Medical Response
US Department of State
City of New York
Ecolab
West Publishing Corporation
American Medical Response
National Institute of Health
University of Alabama
Massachusetts Institute of Art (very awesome MIT would stop by)
University of California
University of Illinois
University of Minnesota
St. Olaf College
Datacard Corporation
U.S. Senate Sergent At
Medical College of Wisconsin
University of Wisconsin
Fingerhut Direct Marketing (Why are you stopping by my blog?)
Western Illinois University
Faegre & Benson LLP (Lawyers? uh oh)
Dorsey & Whitney (Why is it so popular with lawyers to name law firms like this?)
Cargill
Valley Office Partners
Marvin Windows and Doors
TCF Financial Corporation
Research Triangle Institute (Interesting)
Target Corporation
U.S. House of Representatives
Knight Ridder <- Media company (Thanks redwing!)
IBM
Star Tribune Newspaper
Harland Financial
Academy of Art University
Renolds and Renolds
Mc Miller Company
American Civil Liberties Union (sweet! Hello there!)
General Mills
Amazon.com
Trw Space and Defense
De Castro, West, Chodorow (lawyers again?)
Edina Reality

Who is searching for Norm Coleman's Database?

These website visitor traffic stats are being collected with Clicky.
It's like Google Analytics but you don't have to wait 24 hours.

8 Comments - Posted in Politics, Security Tagged with: , ,

Norm Coleman Website Crash Exposes Database and Email Lists

Posted on January 28, 2009

Post Updated: 3/29/2009

First off, I would like to thank to everyone.

I’ve decided to write a summary to give you my perspective two months after putting up this blog post. I have continued to add to it in hopes of making the big picture more clear for people who want to understand what happened.

I talk about why I put up the post, the political power struggle I didn’t want to be a part of, how the media took what I said and turned it into what they wanted and what I’m working on to bring about actual change so personal and financial data will be safer in the future.

Continue reading the summary

How ironic is this?  I was on Lifehacker today looking for the article about Eraser (program that securely wipes out files) and saw that January 28th is Data Privacy Day!  What are the chances of a security breach regarding data privacy being discovered on the very day that has been selected to raise awareness of data privacy?  Geeze!

Did interview with PJTV, conservative focused online media site (PajamasTV)

Article at ChannelWeb, Serious Security Flaw Discovered In Less Than 2 Minutes On U.S. Senator’s Web Site

Excerpt from resume of website developer who created Colemanforsenate.com website:

ColemanForSenate.com
* Developed a custom content management system from the ground up in PHP

New Video is up! Live: Coleman Question and Answer after The Rachel Maddow Show 3/14/2009 12:45am CST

Interview with Rachel Maddow Friday evening 3/13/2009 MSNBC
[youtube width="550" height="420"]http://www.youtube.com/watch?v=DC-xqVeFMwY[/youtube]

Interview with MPR Coleman warns donors after data breach (audio of me from the radio)

Blog Post MN Independent Coleman donors express ‘extreme anger,’ fear, worry after breach

YouTube video: How I Found Norm Coleman’s Website Database in 2 Minutes

Best quote to me on the phone: “I just hung on the secret service to talk to you” — unnamed reporter

Lifestream video : I explain what went wrong and answer questions about the Norm Coleman’s website

Interview with MN Independent Coleman’s site wasn’t ‘hacked,’ says IT pro who discovered donor breach

Blog Post at MN Independent Breaking: Coleman’s unsecured donor database revealed on Wikileaks

Blog Post Here Who is Searching Google for Norm Coleman’s Database?

So, it sounds like Wikileaks.org is putting Norm Coleman’s business out on the Internet.

What’s worse than losing a Minnesota Senate race?

Losing your website’s entire database, that’s what.  As if claiming your website was brought down by too much traffic wasn’t bad enough, Norm Coleman’s website received a second round of criticism when I found a database file sitting in a directory that anyone could download…

I first picked up this story from @Chuckumentary on Twitter about Norm Coleman’s office saying their website had been “inundated by tens of thousands of hits today – temporarily crashing the website.” Of course that got me curious as an IT consultant and I went to check it out.  Aaron Landry broke this story because previous website traffic reports and the location of the domain name didn’t match up.  Paul Schmelzer at the Minnesota Independent picked up the story which is where I first saw it.

Norm Coleman’s website crash revealing a database full of supporters is now known as Crashgate.

Curious, I wanted to see where the domain was currently pointing.  I used OpenDNS.com’s cache check to identify the current ip address of 208.42.168.251 and then loaded that address into my web browser.

Screenshot of opendns.com information for colemanforsenate.com

I had to see what all the fuss was about.  Was there really an attempt to bring down the website due to political unrest with these ballots in my state?  Were the allegations of a poorly coded website true?

What I got instead was a plain text listing of directories…

The Database of Norm Coleman

Wowza.  As I was tooling around in the directories, I saw a database file.  I thought, “That’s not right.”  I began taking screenshots and uploading them to Flickr.  I didn’t know what the database contained but hoped there wasn’t financial information in that database.  I figured it was a list of email addresses for Norm Coleman supporters and staff but I did not download it find out.  Did you download the database?

[youtube width="550" height="410"]http://www.youtube.com/watch?v=9qknKAz9LUU[/youtube]

There is a term known as “Google Hacking” where you can actually search for files that people have on sites and ftp areas that have names like “passwords.txt”, “backup.tar.gz”.  Eeek!  Backups should be stored above the “root” folder that is shared out to the internet.  This is showing up because the server located at http://208.42.168.251 was not told to restrict directories from the web.

All photos are licensed under Creative Commons.
Norm Coleman database photos on Flickr

I wonder how much user information is in this database at colemanforsenate.com?

I began posting links to the photos on the blogs of the Minnesota Independent and Minpublius to bring awareness to what I had found.  Would I have done the same if this were a democrat?  Probably.  For me, it’s about computer security and data privacy, not about political affliation.

You can become Norm Coleman’s Website Admin

I will give them the benefit of the doubt and assume I was only able to get here because the website is not functioning.  Below you can see that I could enter an email address, name and password and if this site was working, it would create an administrator in the database.  I found similar files to edit and delete records as well.  Being able to write to the database like this from a form should require an authenticated and active session but I can’t see the code so I don’t know.

wow, is it this easy to create an admin account at colemanforsenate.com?

Indexing of directories is turned on

This is a security risk.  I would hope they have .htaccess files in place to restrict access to the admin directory and that index listings are turned off for the current site.

directory of colemanforsenate.com at ip address 208.42.168.251

Website errors show you configuration file locations

You see errors like this a lot on Joomla websites when there is a problem connecting to the database, there is a permissions issue on a file or when files are missing.

Incorrectly configured Linux server to blame? colemanforsenate.com

Missing log files

This directory is empty.  It doesn’t mean there are no log files (deleted?)

why is this directory for log files empty on the colemanforsenate.com website?

Site is down again

So, the site is being reported by OpenDNS.com as down again and I am getting the same info at DNSStuff.com too.

colemanforsenate.com is back down again accordin to OpenDNS.com

The moral of the story is that you should hire computer and website professionals who understand technology.  You should plan and develop a strategy for downtime and problems.  Don’t put all your eggs into one basket with one website programmer.  If he or she is hit by a truck (or something goes wrong on the website and they have no recourse to help you.

Resources to protect your data

Minnesota Law on Data Security Breach Notification, Statute 325E.61 – This describes what needs to be lost for a company to notify you and how they must go about doing it. Unfortunately, it seems a company can lose your full name, address, income, number of children and previous purchases BUT not be required to tell you. (Disclaimer: I am not a lawyer)

Data Security Breaches in the US 2005, 2006, 2007, 2008, 2009 – Check to see if a school you attended, a doctor you saw, an employer, your local Veterans office, your bank, your utility company, your library or even a hotel you stayed at is listed here.

Resources for website security

The Importance of Web Application Scanning – Acunetix makes an application that can scan websites for vulnerabilities.  There is a free version that will check for XSS (Think back to when Barack Obama’s website redirected to Hillary Clinton’s).

3 Common Website Security Problems – This article from Georgetown University  summarizes how issues on Norm Coleman’s site could have been addressed before “Crashgate”, especially this one on unsecured files and databases:

Unsecured files and databases

When setting up your web site or application, make sure that any files that contain data that is not intended to be public (such as information about people) are not located in public web folders. Do not place such files in folders with the belief that because you are not linking to them, a user cannot find them.

  • Files (such as Access databases) that are datasources for your application must be located in a non-web-accessible folder (the web_datasources folder in your hosting account).
  • Other files that contain data used by the application should also be located in a non-web-accessible folder.
  • Other files that contain non-public information should be placed in a folder that is access restricted using a .htaccess file or other web server access restriction.

Update 12:12am 1/29/2009

Folks, the directory listing for colemanforsenator.com has been replaced with a login box.  But…we know what’s behind the curtain now.

Login box replaces 205mb database on colemanforsenate.com

Update 5:40pm 1/29/2009

Stay tuned for video posting from the 1/29/2009 lifestream:

“Norm Coleman’s Database”

  • why the database was available
  • what it contained
  • how website developers and companies can work to prevent this from happening
  • and take questions from viewers

Update 11:11pm 1/29/2009

Number of hits to the post 54

Photo stats for the post
I wonder how much user information is in this database at colemanforsenate.com? 1,458 views
You can become Norm Coleman’s Website Administrator at colemanforsenate.com 290 views

Current rumors
The database contains social security numbers
The database contains credit card information (POST data)

Update 6:54pm 1/30/2009

Number of hits to the post 610
In-Progress Video of “Norm Coleman’s Database: What Happened and Why”

Post picked up on:
Politics in Minnesota – Epic recount website fail: One Dot One Dot One Dot One

Thanks to Ben for picking out the incorrect use of “then” when I should have used “than” in the header “What’s worse than losing a Minnesota Sentate race?”

FYI: If you enter a fake looking email address with your comment, I will probably not approve it. If you want to share something with me offline, use the contact page. Thanks!

Question from Dennis
What does “Awaiting Moderation Mean? Where’s my comment?

Answer
I did not publish your comment because there was NOTHING technical in it. I have published comments that:

    * indicate how they feel about the info being released
    * indicate how they feel about what I did as an IT person doing this
    * ask questions related to the technology aspect of the Norm Coleman database
    * share personal stories on how this affected them
    * thank me for my efforts
    * support me for taking initiative
    * judge, criticize and blame me for making the wrong choice

If you just want to harp on Democrats vs Republicans and Norm Coleman vs Al Franken, you should go to a political blog and do that.

93 Comments - Posted in Cover Your Butt, Politics, Security, Tech Tasty, Troubleshooting, YouTube Tagged with: ,

3 Ways to Easily Generate Secure Passwords

Posted on September 14, 2008

1. Online

GRC’s Ultra High Security Password Generator is a good choice when you’re out at a client site and need something random and secure. There is also a specific area for generating secure WPA passwords. You may recognized the domain as it’s the brainchild of Steve Gibson who is well known for his hard drive recovery product Spinrite and weekly co-hosted computer security podcast, “Security Now!

Secure password generation - GRC's Ultra High Security Password Generator

2. On your computer

Use Keepass which also securely stores and manages your passwords. I highly recommend this tool. Watch my video screencast featuring Keepass’ Auto-Type feature which saves you from entering passwords in manually each time. Very nice piece of software.

Secure password generation - Keepass

3. In your browser

With this Firefox Extension, Password Hasher. I haven’t used this extension in a long time since I use the first two in tandem but Lifehacker reviewed it last year and gave it a thumbs up. It could be a great solution for you if you were running a portable version of Firefox and didn’t have access to the internet.
(Supports FF versions 1.5 – 3.0, updated September 1st, 2008).

Secure password generation - Firefox Extension Password hasher

0 Comments - Posted in Cover Your Butt, Passwords, Security Tagged with: , ,

Cut Down on Memorizing Your Passwords with Keepass Autotype [Video]

Posted on May 19, 2008

Password management that is portable, cross platform, secure and free!
I’ve been using Keepass since June of 2006 and it’s makes my job as a technology consulting much easier. This project is under active development and there are frequent releases. I can’t say enough good things about this software as it’s been a lifesaver to enter passwords on my primary desktop, sync to my Windows Mobile PDA and be able to pull up passwords at a client site securely.

Watch in this video how you can save time when you login to your Google or Google Apps account.

[kml_flashembed movie="http://content.screencast.com/media/f491b5f5-87be-4fe8-97b7-9639d12b6b84_82756c19-78f5-4b81-8bfc-cd9c58dfbbef_static_0_0_keepass%20autotype^1.swf" height="400" width="500" /]

Mac and Linux users, don’t despair! There’s a version of Linux and MacOSX called Keepassx for you as well on the website.

What if I need a password while I’m out and about?
No worries. Not only is there a portable USB flash drive distro but there are several ported versions for your PocketPC Windows Mobile and Smartphones, Blackberry, Symbian, U3 Flash drive menu and PortableApps.com suite

Why you need Keepass

  • Portable – Take your passwords with you
  • Cross Platform – Windows, Mac OSX, Linux and PDA mobile devices
  • Security – AES and TwoFish encryption
  • Import/Export to csv, txt, html and xml
  • Share a single database across a network
  • Secure clipboard management
  • and the list of features goes on

2 Comments - Posted in Passwords, Protect Your Computer, Security, Tools I Use, Videos I made, Your Data Tagged with: , ,

Favorite Quotes

Live as if you were to die tomorrow. Learn as if you were to live forever.— Mahatma Ghandi