Tag Archive: Security

Why everybody should be using HTTPS

Using HTTPS on a website has historically been a pain, and therefore reserved only for e-commerce sites. In order to use HTTPS you would need to first purchase certificates which had a cost associated; then you would need them installing, which your hosting provider would need to support. As a result adoption of HTTPS for ‘regular websites’ was low. Last week, I took the opportunity to secure this website. The best part was doing so cost nothing, and it took just 10 minutes! This led to the conclusion – there’s no excuse not to use HTTPS. What is HTTPS? When using…
Read more

Share

WordPress Security: Some useful tools

Look to the right of the page and you’ll see the effect that becoming a new dad has had on my free time. Couple that with needing to do a load of work on the house, and my capacity for looking after this website has become near zero. The problem is that administrative overhead didn’t go away – comments still needed to be moderated, and the number of failed login attempts was starting to become a worry. So one lunchtime at work I decided to look at some WordPress security tools. Ultimately I came up with two plugins and a…
Read more

Share

Physical Security: How to cause mayhem!

I have a number of rules I use in a professional and sometimes personal capacity. This is number 1: Always assume the worst about everything. You’ll rarely be disappointed. When you apply it in a security context, it means given a choice, users will always choose the stupid option. Take passwords, if you don’t mandate a certain password quality, then they’ll choose crap passwords (No, Pa55w0rd does not could as a good one!) If you make the password rules too difficult, well… With a little patience and technical expertise though, it is possible to secure your systems effectively. Password policies,…
Read more

Share

What the latest Java exploits teach us about security

I contributed earlier to a disucssion on an article in The Register (Link) on dealing with malware caused as a result of security vulnerabilities in Java. The article discusses how to go about cleaning up the various pieces of Malware downloaded and requires the use of multiple security tools covered in 12 steps. As I and others suggested at this point, given an infection of this magnitude, going for a clean-up should be the last resort. Virus removals are my least favourite computer repair job since it can be virtually impossible to totally rid a system of a virus, and…
Read more

Share

Fail: Telephone “Computer Virus” Scam

The other day I received a phone call from 01234 765093. If you get a call from them, unless you have experience with computers and you fancy wasting their time, then you should ignore them and under no circumstances do what they suggest. Failure to heed this advice is likely to lead to your computer being held ransom pending payment of a large amount of money. Others have reported this as being close to £200 GBP. First you will get a phone call, claiming to be from somebody like Microsoft, or another big company. Lets get one thing straight, they…
Read more

Share

HowTo: Secure a Cisco Router

With a normal Home / Small Office type router, once you have got it connected, you set a password to log into the web interface and that’s about it for security. But what about with a Cisco Router. This guide covers how to protect a router from unauthorised modification or access to the settings. What it does not cover is securing the connections, which is a topic for another guide. This guide assumes that you are running a fairly current router and IOS and that it supports encryption. On my desk, I have a little Netgear router that I got…
Read more

Share