Posted by TechGeek on October 24, 2011
Facebook a popular social networking site offers a variety of security features to protect your account from hackers or attackers. They introduced multiple options for security and privacy of Facebook users. One of the important and best security features is their “One-Time Passwords”. This article will shortly explain why this feature is required and how it should be used. In order to use this security feature, you will need to add you mobile number in your account.
One-Time Passwords are temporary passwords created and can be used only once to access the Facebook account. Rather than using your standard Facebook password, Facebook can send you a one-time password on your mobile. It is safer to use one-time passwords if you are accessing your Facebook account from public or unsecured places like cyber café or airports.
Currently, this feature is only applicable to U.S. To get password, text “otp” to 32665 on your mobile phone and you will receive a password that expires in 20 minutes. This password can be only used once to access the account. There is no risk of stealing password, as this password automatically expires in 20 minutes.
This security feature definitely provides a secure way to access your account using mobile phones as Facebook will text you a one-time password on your mobile which will be with you every time.
Posted in Facebook, Information | Tagged: Advanced Security, Facebook, Features, Mobile password, One-Time Passwords, Security, Text | Leave a Comment »
Posted by TechGeek on September 9, 2011
Millions of users use Google’s Gmail as their favorite email. If you want to secure your Gmail account, you can complete Gmail security checklist to make sure your mail security measures are up to date. This is an important checklist to maintain your account security. You can find this security checklist here. Most of the time your account gets stolen due to viruses or Trojan which may take advantages of vulnerable applications or operating systems.
Gmail has provided 20 security items under 5 different sections. Here are the more details,
1) Your Computer:
- Check for viruses and malware.
- Make sure your operating system is up to date.
- Make sure to perform regular software updates.
2) Your Browser:
- Make sure your browser is up to date.
- Check your browser for plug-ins, extensions, and third-party programs/tools that require access to your Google Account credentials.
3) Your Google account:
- Change your password.
- Update your account recovery options.
- Turn on 2-step verification.
- Check the list of websites that are authorized to access your Google Account data.
4) Your Gmail settings:
- Use a secure connection to sign in.
- Check for any strange recent activity on your account.
- Confirm the accuracy of your mail settings to ensure that your mail stays and goes where you want it to.
- Check your contacts for errors.
5) Some Reminders:
- Gmail has provided few reminders related to your passwords with some DOs and DON’Ts.
Gmail has provided all the help information related to each item on their checklist page. This is really a good exercise to not only keep your Gmail account secure but also to secure your computer against security threats.
Posted in Gmail, Security | Tagged: Account, Checklist, Gmail, Malware, Security, Settings, Virus | Leave a Comment »
Posted by TechGeek on August 8, 2011
Are your worried about your data loss, theft or hackers? Windows 7 can help you to protect data on your PC and portable storage devices against loss or theft with BitLocker. BitLocker a new feature of Windows 7 helps keep everything from documents to passwords safer by encrypting the entire drive where your data resides. You can use BitLocker Drive Encryption to help protect all files stored on the drive where Windows is installed and on fixed data drives (such as internal hard drives). You can even protect all files stored on removable data drives such as external hard drives or USB flash drives.
If you encrypt the operating system drive, BitLocker checks your computer during startup for any conditions that could represent a security risk. If it detects potential security risk, BitLocker will lock the operating system drive and require a special BitLocker recovery key (which you can create when you turn on BitLocker for the first time) to unlock it. Unlike file system encryption which enables you to encrypt individual files, BitLocker encrypts the entire drive. This means even if you hard drive is stolen; nobody can access the data inside the drive.
BitLocker is only available in the Ultimate and Enterprise editions of Windows 7. To setup,
1) Open BitLocker Drive Encryption by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Security and then clicking BitLocker Drive Encryption.
2) Click Turn On BitLocker. This opens the BitLocker setup wizard. Administrator permission required If you’re prompted for an administrator password or confirmation, type the password or provide confirmation.
3) Follow the instructions in the wizard.
Posted in Windows | Tagged: BitLocker, Data, Encryption, How-To, Security, Storage, Windows7 | Leave a Comment »
Posted by TechGeek on August 4, 2011
On August 2nd, 2011 Mark posted detailed blog mentioning technical details and scripts of WordPress hack plugin called “TimThumb”. TimThumb plugin is a simple, flexible, PHP script that resizes images for your blogs. It is a small PHP script for cropping, zooming and resizing web images like jpg, png, gif etc. As discovered my Mark, TimThumb plugin has a File upload vulnerability. An attacker can upload any file on the server to execute it.
This plugin is used by many people on their WordPress blogs and also it is bundled with many other different WordPress themes and plugin. If you have vulnerable version of this plugin, you should change the code to fix the issue as per workaround provided by Mark. File uploading vulnerabilities are not new but they are constantly used to compromise or hack the websites. There are already thousands of WordPress themes and plugin available over the Internet and new ones are coming every day. You should not blindly install each and every plugin. Do some homework before using any theme or plugin.
Security is really important for your websites. You take a lot of efforts to write on your websites and one vulnerability in any theme or plugin can provide massive damage to your website and your business. The above one is great example of this. Mark’s website got hacked due to this vulnerability and attacker injected some advertising code into his webpage’s. Attacker could have done more damage to his website since he/she can have the access to his server. You should immediately check your themes and plugin for any vulnerability.
To find, if your theme or plugin has vulnerability or not is to use Google search engine. Use theme name or plugin name along with name “vulnerability” in search string. For example, to search for TimThumb bug, search “TimThumb vulnerability” in the Google,
If you look at image above, you will news related this plugin. The second link also reveals that “Elegant Themes” are also uses this plugin inside the theme and they are too vulnerable to this attack.
Are you using vulnerable theme or plugin?
Posted in Security, Web, WordPress | Tagged: Compromise, Hacker, Image, Plugin, Security, Theme, TimThumb, WordPress | Leave a Comment »