Important - Update your LinkedIn Passwords

More than 6 million LinkedIn passwords stolenlinkedin-logo32

You might be hearing this in the news yesterday or today, or you might be seeing posts on Facebook or Google+ about LinkedIn having passwords stolen. 

Before reading anymore, PLEASE, change your password at LinkedIn.(www.linkedin.com) I'll explain, but only after you change it. [Though my link is safe, it's always best, security-wise, to type the address yourself.]

Read more: Important - Update your LinkedIn Passwords

SOPA Protest Blackout

sopa12 hpWhy is the blackout happening?

Why? SOPA and PIPA are badly drafted legislation that won't be effective at their stated goal (to stop copyright infringement), and will cause serious damage to the free and open Internet. They put the burden on website owners to police user-contributed material and call for the unnecessary blocking of entire sites. Small sites won't have sufficient resources to defend themselves. Big media companies may seek to cut off funding sources for their foreign competitors, even if copyright isn't being infringed. Foreign sites will be blacklisted, which means they won't show up in major search engines. And, SOPA and PIPA build a framework for future restrictions and suppression.

oops... I snatched that paragraph from Wikipedia. That means that someone could take down this website without warning or due process, IF this law is allowed to go through.

Read more: SOPA Protest Blackout

Script updates vital for server security

securephp phpsecureinfoI know: "Brian sounds like a broken record here, doesn't he?  Blah blah security blah blah updates. Either he's paranoid, or he's vigilant."

OK, I'm not going to say I overly vigilant. But I am cautious when it comes to web server security. And even with my monitoring of installed scripts on the servers (automated and manual), some slip past.

And, when I don't find the exploit, the hackers/spammers will. Like last week.

Read more: Script updates vital for server security

Halloween Snow storm seems to mess with the phones

Looks like this Connecticut power outage did something to the phone lines. Luckily, I have power and web access (unlike many in CT), but I have noticed the phone service is intermittent. So, if you are having any issues calling, please try email, or the contact form on this site.

Importance of Active Security Watch

A website is not just 'build' and go, as many designers do. Newer websites use scripts, and basically any active program on a web server has potential to 'go bad'.  But too many designers quickly build with tools 'that work' for them, and move on.

Then the headlines read:

Zero-day Vulnerability Threatens Many WordPress Sites

Attackers are exploiting a widely used extension for the WordPress publishing platform to take control of vulnerable websites, one of the victims has warned.

The vulnerability affects virtually all websites that have an image-resizing utility called TimThumb running with WordPress, Mark Maunder, CEO of Seattle-based Feedjit, wrote in a post published Monday. The extension is “inherently insecure” because it makes it easy for hackers to execute malicious code on websites that use it. At least two websites have already been compromised, he reported.

Read more: Importance of Active Security Watch

Inaccuracies on the web

scattered_online_profilesOne of the best reasons to have a website for your business (or even yourself) is to ensure any info out there is accurate. Whether you like it or not, your name/business is out there in multiple directories on the web. And you have no control over that.

Occasionally we Google/Bing our names to see if we have popped up anywhere, and try to keep a list of the sites with profiles for Seven Sages Website Management.  And sometimes we find one that is incredibly inaccurate...

This morning, while double-checking online profiles for a client (Divorce Attorney Profiles) I decided to do a quick search for SevenSages.com to see if I had most of the links posted. And I found one that was way way out of touch.

Read more: Inaccuracies on the web

Large attack may be related to out-dated scripts.

As being reported more today, there is a large virus attack spreading across the internet. Unfortunately, the reporting appears to be on April Fool's Day, however it is not a joke.  The reports actually started earlier in the week.WebSenseSecLabsLogo

Websense Security Labs has updated its Tuesday alert concerning a malicious mass-injection scareware campaign it has dubbed LizaMoon -- an SQL injection attack that adds a line of JavaScript code to web pages that redirects users to a bogus web page that rotates on a periodic basis. Based on Google search results Thursday, more than 500,000 URLs had a script link to lizamoon.com, which has since been changed, Websense said.

"We have also been able to identify several other URLs that are injected in the exact same way, so the attack is even bigger than we originally thought," Websense security analysts wrote in a blog Thursday. "All in all, a Google search reveals over 1,500,000 URLs that have a link with the same URL structure as the initial attack."   --- reported on newsfactor.com -LizaMoon Pay-Up Scareware Spreads To 500,000 Sites - By Mark Long

The important thing to learn from this is that it is vital to update and patch your systems.

Outdated CMS and Blog systems?

Read more: Large attack may be related to out-dated scripts.

New Wave Of Spam Seems Personal

mailscanner-logo-75I know, you bore of all this spam news. I do too. But, volume has increased yet again and I'm not just seeing it on my own servers, but also with Google App's and Postini.

Following the wave last month using the familiar looking 'Delivery Status Notification' (DSN) faking a bounced message, the spammers new technique appears to be using more familiar messages like Amazon order confirmations that look a lot like real Amazon orders. But it's getting a little scarier...

Read more: New Wave Of Spam Seems Personal

Nothing is more expensive than trying to save a buck.