Archive for the ‘Security’ category

Update the Slider Revolution Premium plugin to Avoid Security Vulnerability

September 3rd, 2014

The Slider Revolution Premium plugin, one of the most downloaded slider plugins from the WordPress plugin marketplace Code Canyon, has been reported for a serious vulnerability found in it. This vulnerability is a type of Local File Inclusion (LFI) attack which allows attacker to access, review, and download a local file on the server. In particular, the attacker can download any file from the server and steal the database credentials. Consequently, the attacker can compromise the website through the database. You can read more about this vulnerability by visiting this page.

Update the plugin ASAP if you are currently using this on your WordPress website. In fact, you should always keep your WordPress version and all plugins up-to-date in order to keep your sites secured. And of course, perform a full site backup before you do any updates.

Update your Custom Contact Forms Plugin Immediately to Avoid Security Vulnerabilities

August 8th, 2014

Sucuri, an online firm that offers website scanning, monitoring, and malware removal services, has recently found a serious security vulnerability in the Custom Contact Forms plugin. This plugin enables users to create customizable contact form on their WordPress websites and has a record of over 600,000 downloads. Therefore, the impact is pretty huge over the internet. The good news is that this vulnerability has been patched. If you run your WordPress website with this plugin, please update the plugin to 5.1.0.4 version ASAP.

What Exactly is the Problem?

The bug allows attackers to take control of the affected website without setting accounts beforehand. You can read the details about this security bug by visiting the Sucuri blog article.

Once again, update the plugin ASAP. In fact, you should always keep your WordPress version and all plugins up-to-date in order to keep your sites secured.

WordPress and Drupal Security Update Release

August 7th, 2014

WordPress and Drupal have both recently released their latest security updates. There were vulnerabilities found in these two platforms. The vulnerabilities are due to DoS (denial of service) on the PHP XML parser. This issue can cause sites’ database to reach the maximum number of open connections. Hence, the affected sites will experience temporarily downtime. For those of you who run your websites on either WordPress or Drupal, please perform a full site backup and update your sites ASAP. For more info, you can check out the updates here:

Happy (& Scam-free) Valentine’s Day

February 14th, 2014

valentines_day_2014

Happy Valentine’s Day everyone! This is the day to celebrate love in its various forms – joy, passion, and happiness. We express our love through flowers, balloons, chocolates, and the list goes on. With customized eCards, accessories and online florist booking services we can conveniently prepare our Valentine’s gifts online. And not surprisingly, internet scams reach their highest peak during this season of love. We’ve prepared this article to list out a few of the most common Valentine’s Day scams:

Suspicious eCards

eCards are extremely popular near Christmas time and Valentine’s Day. Your Significant Other, as well as popular retailers may choose to send you an eCard, and that’s totally fine. However, we want to bring to your attention that scammers often send out eCards with subject headers such as “Someone you know has made you an eCard”. The card may contain malicious links which may lead you to a virus or malware download. Our rule of thumb: if you don’t know the sender of the card, don’t click the links! Prevention is the first step to online safety.

Giveaway Scam

Flowers, rings, necklaces, and gift cards are the most popular Valentine’s gifts. Scammers often make use of social media platforms (you’ve probably seen those “Costco gift cards giveaway” links on Facebook, right?) to host giveaway contests. Most of these “giveaways” aim to attract you to click the link or like their Facebook page. In particular, stay away from malicious web links with minor mistakes (macy.com vs macys.comm).

Conclusion: always make use of your common sense to judge on the deals you’ve seen online. When it’s too good to be true, it probably is. If you have doubts on certain online advertisements and emails or if you would like to report online scams, visit the Federal Trade Commission’s website. Once again, happy Valentine’s Day!

Tips to Keep Your Digital Life Safe and Secured (Part 2)

October 7th, 2013

Is your password as secure as you think?

By now, we’ve all heard of tips and tricks to keep our online accounts secure. Passwords such as 12345 and QWERTY are obvious password choices to avoid. However, with the influx of hacker tools and algorithms, your current choice of password may not be as clever and impenetrable as you think.

The basics:

You’ve probably heard that your password should contain a combination of…

-letters (abcdABCD…)

-numbers (123456…)

-special characters (*^%@!$…)

Keeping these basics in mind can be a great way to start, but it may take a bit of extra creativity to keep your accounts safe.

Yes, you can use a pass phrase, but make it random.

While it can be tempting to use popular movies, songs, or TV shows for inspiration, pass phrases like: Apieceofcake, myheartwillgoon, are not going to fly.

Substituting letters for numbers (example: m1h3@rtw1llg00n instead of myheartwillgoon) will amp up the security level a little bit, but these tricks have been around for so long that hackers have often figured out algorithms to decipher popular pass phrases, despite these substitutions.

The best solution? Create an entirely random phrase that only you understand. There are a few ways to do this.

1) Think of a sentence that follows the pattern: Who, what, when where or how.

Example: I am eating 10 pounds of frosting at the central zoo.

Then, take the first letter from each word and put them together. The example would form: Iae1pofatcz.

Try mixing up the punctuation and throwing in some special characters to avoid grammar patterns.

2) Choose random, unrelated words.

Example: Car tissue cat.

Then, try putting the words together and substituting some numbers for letters, and shazam! Super secure.

The example could be: c@r7i55u3c@7!

3) Think of your own patterns for creating phrases.

The rule of thumb is this: if you’re using a password-forming template that you found online, chances are, it’s popular to many users. And chances are, hackers will be on to it!

Use a random password generator and manager.

Despite these tips, for those accounts that require top security, consider using a password generator and manager. Try out LastPass, KeePass or 1Password. These programs can help you create a completely random password and help you manage them in a secure way, so you won’t have to remember all your passwords.

If you want to go the old-school route, create your own long password by using a random combination of upper and lower case letters, special characters, numbers, and punctuation. Keep them stored on a piece of paper in a safe place that you’ll remember. Try to use shorthand or code words with your notes though: if your cheat sheet falls into the wrong hands, you’ll sorely regret spelling out “Blue Money Bank Account Password: sjr94A!54djb.”

Conclusion

While we don’t mean to be that paranoid neighbour on the block corner who spouts off about the dangers of the world, we believe that staying informed about hacker techniques and password pitfalls can be worth the trouble to keep your accounts secure. Using a little creativity and discretion should launch you well on your way to dodging those pesky hackers!