Download pdf - Fight Spam and Hackers!

Fight Spam and Hackers!

BlogHer ’10Geek LabLiz Henry

[email protected]://liz-henry.blogspot.com

Monday, August 9, 2010

http://blogher.com

http://blogher.com

Look at me

✤ Now look at your blog.

✤ Now back to me.

✤ Now type your password.

✤ Your password is awful!

✤ Best defense against being hacked is thinking like a hacker.

✤ Your blog can think like me!


Surveys of the room

What blog platform:Blogger? (About a third)

Typepad? (A few)WordPress? (Most)

Others? (scattered few)

Social media sites: Facebook Myspace

Twitter (All but 3)Tumblr

PosterousOthers?

Blog Hacked?Big spam problem?Credit card stolen?

Complicated Identity Theft?



Freedom!!

✤ I believe strongly that as women we need free access to unfiltered information

✤ We must defend our right to speak in public, unfiltered

✤ Just like we can go outside into the world in public. A political right.

✤ Be cautious of being “protected”. What if your words or image are what others “need” to be protected from?


OMG Hackers

✤ No one really knows what they’re doing

✤ Pretty much anything can be hacked

✤ Because no one really knows what they’re doing, including security experts who revel in discovering each other’s silly mistakes. So don’t worry.

✤ You are more “at risk” from a piece of carbon paper from using your credit card in a store, or dumpster divers, than from being hacked.

Security advice constantly changes!


Where is the risk?

✤ On your computer. Keyloggers.

✤ Network traffic. Wireless.

✤ Web passwords to services.

✤ Widgets, pdfs, images, other people’s code on your blog.

✤ SQL injection.

✤ Your web host getting owned.


Shoulder surfing

✤ It’s pretty easy to watch someone type their password.

✤ Teach your kids password manners.


What do you risk?

✤ Bank accounts, credit card numbers. Other personal data.

✤ Losing your data - blog entries vandalized or deleted.

✤ Embarrassing vandalism - someone posting as you.

✤ Triggering security alerts on other people’s computers, getting blocked from search engines.

✤ Denial of Service attacks for malicious or political reasons.


Bad Passwords

✤ Your $%&#@! kitten’s name

✤ Your child’s name plus their birth year. Oh, please!

✤ Your favorite animal, sports team, pop star, or deity +123.

✤ Google for your password. Do you find it?

✤ Did you find it on a list of The 500,000 Most Popular Passwords?


Crackers!

✤ Educate yourself about how to crack a password!

✤ Google “how to crack passwords”.

✤ Google “choosing secure passwords”.

✤ Now you know how to make a much better password.


Password managers?

✤ 1password, keepass, other programs to track your passwords and keep them secure. Anyone use them? Kind of a pain.

✤ High security PWs: Don’t use them multiple places. Change more often. Longer. email. banks. money.

✤ Low security pw: have a few and use them for web apps, social media.

✤ Think about how to generate good passwords over your lifetime. You need a system - not one password.


Good password!

✤ Now your password is made of diamonds!

✤ Have a different password for email than for everything else. Email pw can compromise all your others.

✤ Wallet, file cabinet. All your other secure info is there anyway.


Make backups!

✤ Back up your blog entries and comments!

✤ If you get hacked, or DoSed, you have a backup.

✤ Your web host may have backups for you too.


Malware

✤ Antivirus software for your computer, especially for Windows

✤ Get to know the security settings on your browser

✤ Keep your OS, browser, other software up to date


Check your site

✤ Google Webmaster Tools

✤ Set up alert on site:http://yoursite.com casino + viagra + (whatever other common spam terms show up)

✤ http://www.unmaskparasites.com/ is currently kind of nice

✤ More good advice: www.stopbadware.org


http://yoursite.com

http://yoursite.com

http://www.unmaskparasites.com

http://www.unmaskparasites.com

http://www.stopbadware.org

http://www.stopbadware.org

Encryption

✤ https is awesome

✤ ssl (secure socket layer) encryption

✤ https://www.eff.org/https-everywhere is nice for Firefox


https://www.eff.org/https-everywhere




WordPress security tips

✤ Keep it updated!!

✤ Keep it backed up

✤ Keep the plugins updated

✤ Install some security scan plugins from wordpress.org

✤ Exploit Scanner, WP Security Scan


Harden WordPress

✤ http://codex.wordpress.org/Hardening_WordPress

✤ This is the best advice!

✤ HighTechDadBlog has decent advice too


http://codex.wordpress.org/Hardening_WordPress




Hack party

✤ Have a hack date

✤ Try to crack each others’ passwords

✤ I’m totally serious!!!!

✤ No really!


“I can’t believe you guessed my password was “MrDarcyishot69”!”

Guess their passwords


Be a white hat hacker

✤ Warn your friends if you notice their security vulnerabilities.


Who has your data?

The companies you’re giving your data to may do something with it you don’t like. Read their privacy policy/ToS.http://www.tosback.org/ tracks changes in companies’ terms of service.


http://www.tosback.org

http://www.tosback.org

Your Privacy

✤ If you want to browse, IM, and use the net without family members or others on same computer having access to your info,

✤ Put Torbrowser on a USB stick, and use that. Very secure.

✤ https://www.torproject.org/torbrowser/

Medical issues.Visiting your in-laws.

Reading pages your husband might not be comfortable with.IM and email you don’t want your kid reading.

End of relationship, or domestic violence situations.


https://www.torproject.org/torbrowser/




I’m on a horseWell, not in this

photo, but at some point in life I was.Unfortunately in

this photo I’m giving a lap dance

to a giant fiberglass

lumberjack rabbit and his enormous

carrot water fountain.


When you get hackedGet some help and adviceDo a little researchYou are now a computer forensics investigator! Congratulations!Don’t panicRemember, you have backups!
