Technology Feed Lab

technology site

Posts Tagged ‘Security’

One-Time Passwords a great security feature from Facebook

Posted by TechGeek on October 24, 2011

Facebook a popular social networking site offers a variety of security features to protect your account from hackers or attackers. They introduced multiple options for security and privacy of Facebook users.  One of the important and best security features is their “One-Time Passwords”. This article will shortly explain why this feature is required and how it should be used. In order to use this security feature, you will need to add you mobile number in your account.

One-Time Passwords

One-Time Passwords

One-Time Passwords are temporary passwords created and can be used only once to access the Facebook account. Rather than using your standard Facebook password, Facebook can send you a one-time password on your mobile. It is safer to use one-time passwords if you are accessing your Facebook account from public or unsecured places like cyber café or airports.

Currently, this feature is only applicable to U.S. To get password, text “otp” to 32665 on your mobile phone and you will receive a password that expires in 20 minutes. This password can be only used once to access the account. There is no risk of stealing password, as this password automatically expires in 20 minutes.

This security feature definitely provides a secure way to access your account using mobile phones as Facebook will text you a one-time password on your mobile which will be with you every time.

Posted in Facebook, Information | Tagged: , , , , , , | Leave a Comment »

Protect your data using BitLocker Drive encryption in Windows 7

Posted by TechGeek on August 8, 2011

Are your worried about your data loss, theft or hackers? Windows 7 can help you to protect data on your PC and portable storage devices against loss or theft with BitLocker. BitLocker a new feature of Windows 7 helps keep everything from documents to passwords safer by encrypting the entire drive where your data resides. You can use BitLocker Drive Encryption to help protect all files stored on the drive where Windows is installed and on fixed data drives (such as internal hard drives). You can even protect all files stored on removable data drives such as external hard drives or USB flash drives.

If you encrypt the operating system drive, BitLocker checks your computer during startup for any conditions that could represent a security risk. If it detects potential security risk, BitLocker will lock the operating system drive and require a special BitLocker recovery key (which you can create when you turn on BitLocker for the first time) to unlock it. Unlike file system encryption which enables you to encrypt individual files, BitLocker encrypts the entire drive. This means even if you hard drive is stolen; nobody can access the data inside the drive.

BitLocker is only available in the Ultimate and Enterprise editions of Windows 7. To setup,

1)      Open BitLocker Drive Encryption by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Security and then clicking BitLocker Drive Encryption.

2)      Click Turn On BitLocker. This opens the BitLocker setup wizard. Administrator permission required If you’re prompted for an administrator password or confirmation, type the password or provide confirmation.

3)      Follow the instructions in the wizard.

Posted in Windows | Tagged: , , , , , , | Leave a Comment »

Vulnerable WordPress plugin leads to website hack

Posted by TechGeek on August 4, 2011

On August 2nd, 2011 Mark posted detailed blog mentioning technical details and scripts of WordPress hack plugin called “TimThumb”. TimThumb plugin is a simple, flexible, PHP script that resizes images for your blogs. It is a small PHP script for cropping, zooming and resizing web images like jpg, png, gif etc. As discovered my Mark, TimThumb plugin has a File upload vulnerability. An attacker can upload any file on the server to execute it.

This plugin is used by many people on their WordPress blogs and also it is bundled with many other different WordPress themes and plugin. If you have vulnerable version of this plugin, you should change the code to fix the issue as per workaround provided by Mark. File uploading vulnerabilities are not new but they are constantly used to compromise or hack the websites. There are already thousands of WordPress themes and plugin available over the Internet and new ones are coming every day. You should not blindly install each and every plugin. Do some homework before using any theme or plugin.

Security is really important for your websites. You take a lot of efforts to write on your websites and one vulnerability in any theme or plugin can provide massive damage to your website and your business. The above one is great example of this. Mark’s website got hacked due to this vulnerability and attacker injected some advertising code into his webpage’s. Attacker could have done more damage to his website since he/she can have the access to his server. You should immediately check your themes and plugin for any vulnerability.

To find, if your theme or plugin has vulnerability or not is to use Google search engine. Use theme name or plugin name along with name “vulnerability” in search string. For example, to search for TimThumb bug, search “TimThumb vulnerability” in the Google,

If you look at image above, you will news related this plugin. The second link also reveals that “Elegant Themes” are also uses this plugin inside the theme and they are too vulnerable to this attack.

Are you using vulnerable theme or plugin?

Posted in Security, Web, WordPress | Tagged: , , , , , , , | 1 Comment »