How to Secure Your iPhone: Essential Steps

/in , /by

As smartphone theft grows, people need to do all they can to secure their devices. Read the essential steps you can take to secure your iphone and find just what else the industry is, and is not, doing.

According to the San Francisco police department, more than half of the robberies that occurred in the city in 2012 involved a smart phone. This could really happen to you at any time. And while you can go and buy a new phone, all of your personal information now sits in the hands of a criminal.

Preventing Data Theft and Casual Hacking on your iPhone

Lock Code

You can use either a 4-digit number or a longer “complex passcode” of case-sensitive letters, numbers, spaces, and characters. And if you prefer, you can activate a feature where entering a passcode incorrectly 10 times will wipe the phone. The iPhone 5S has the same passcode features, with an added Touch ID fingerprint scanner.

Lock Screen Features

This is critically important. iOS can give you access to some features without entering your lock code. Though sensitive personal information is not accessible, you can use some functions of Siri, such as placing a voice call or sending a text message, as well as reply to a missed call with a canned text message. Though you might find those shortcuts convenient, your handset will be more secure if you turn them off. Go to Settings > General > Passcode Lock.

Similarly, you’ll also need to turn off access to the Control Center and the Notification Center from your lock screen. To get there, go to Settings > Control Center, and Settings > Notification Center.

Tracking and Erasing the Data on Your Phone

Find my iPhone

This feature enables you to track, manage, and secure your phone once it’s missing. To use it, you’ll first need an iCloud account, though you do not need to sync any of your data, like e-mail and contacts, to the cloud. After you’re set up, then go to the iCloud page of your iPhone’s Settings and slide the Find My iPhone toggle to on.

After you sign into your iCloud account, click on the Find My iPhone option.

Once your phone has been stolen, the first step is to sign on to iCloud.com or use the free Find My iPhone app on another iOS device. Once in, you’ll be able to find your device on an Apple map, but only if it is connected to a cellular or public Wi-Fi network (both secure and not). If the phone is connected just to a hidden Wi-Fi network (that is, one that does not appear in your handset’s list of available networks), you may not be able to track it. Other restrictions also apply, but I’ll get to those later.

After locating your phone and clicking on the icon, you can do a number of things. The first is to make the phone make play a sound at full volume for two minutes (even if it’s in silent mode). As this step is more useful if you just happen to lose your phone in your sofa cushions, I’d advise not using it if you’re certain that your handset is stolen. It just won’t do a lot of good except annoy a thief. You also can erase your handset completely, but this step is rather premature. Instead, first try activating Lost Mode as soon as you as you can. Not only does it give you more options for controlling your phone, it also adds a stricter level of security.

Lost Mode

Lost Mode does a couple of things, the first of which is give you more features for controlling your device. To begin, if you haven’t yet secured your device with a passcode (and, really, there’s no reason why you shouldn’t), you’ll be able to select a four-digit simple passcode and lock the screen remotely. At the very least, that will prevent all but the most sophisticated thieves from accessing your personal information. Remember, though, that to make your phone as secure as possible, you should have already deactivated lock screen access to the features I mentioned previously.

The next step is to send a custom message to your handset’s lock screen that can’t be erased. You can write whatever you want, from your name or phone number, to a plea to contact you, to a more colorful message telling thieves what you really think of them. The latter, however, probably isn’t the wisest course of action.

Lost Mode also lets you see a history of your phone’s location over the last 24 hours with points displayed as pins on the aforementioned map. Finally, if all hope is gone, you can erase your device completely. Once you erase it, you’ll lose the ability to track it further, but your lock code and onscreen message will remain.

Activation Lock

Lost Mode also plays a role in Activation Lock, which is a few feature added in iOS 7. Built after Apple users rightfully complained that Find My iPhone wasn’t comprehensive enough, Activation Lock tries to close the loop by preventing a thief from reusing your device after you’ve accepted that it’s gone for good.

Running in the background from the moment you turn on Find My iPhone, Activation Lock pairs your Apple ID and password with the serial number of your handset in Apple’s servers. Your ID and password are then required before anyone can turn off Find My iPhone on your handset, attempt to erase any data (that’s assuming they aren’t stopped by your password), reactivate your phone under a different account, or claim a new phone under your warranty. Activation Lock also remains in place if a thief tries to swap out your SIM card. If you happen to get your phone back and can’t remember your password, you can retrieve it by calling Apple support and properly identifying yourself.

The Bottom Line

Don’t forget that Find My iPhone only works as long as your device is online through your carrier’s cellular network or WiFi. If a thief turns off your phone or manages to activate Airplane Mode you won’t be able to track it. You can send commands to lock the phone, erase the contents, etc., but those commands won’t be carried out until the phone reconnects. The bottom line, however, is that the iPhone has many built-in ways of protecting yourself in the increasingly likely (depending on which city you live in) chance your iPhone might be stolen.

WordFence Security Update

/in , /by

We are seeing exploits in the wild appear within the last week for the following WordPress themes and plugins. If you are running any of these themes or plugins, check if there is a recent security update and install the update, or remove the item from your system if there is no security update. If you’re unsure, contact the theme/plugin developer or vendor.

  • Cubed Themes version 1.0 to 1.2. Remote file upload vulnerability. Distributed by themeprofessor.com. Exploit released on 9 November 2013.
  • Army Knife Theme, unspecified version. CSRF File Upload vulnerability. Theme is distributed by freelancewp.com. Exploit released 9 November 2013.
  • Charcoal Theme. CSRF File upload vulnerability. Distributed by the official WordPress repository. The theme hasn’t been updated for several years, so we recommend deleting all files from your system.
  • WP Realty Plugin may contain an email sender vulnerability. Please contact vendor for clarification. We’re seeing exploits that claim to exploit this hole. Plugin is distributed by wprealty.org.
  • The following themes distributed by orange-themes.com appear to contain a remote file upload vulnerability and we’re seeing exploits appear in the wild, all published around November 12, 2013: Rockstar Theme, Reganto Theme, Ray of Light Theme, Radial Theme, Oxygen Theme, Bulteno Theme, Bordeaux Theme. Please contact the vendor to find out of your theme is applicable and what action to take.
  • Amplus Theme version 3.x.x contains a CSRF file upload vulnerability. We’re unclear who the vendor is, but it appears to be Themeforest.
  • Make a Statement Theme version 1.x.x (also known as MaS ) contains a CSRF file upload vulnerability. Exploit distributed November 17, 2013. Vendor is themes.mas.gambit.ph.
  • Dimension Theme, unspecified version, contains a CSRF file upload vulnerability. Theme is distributed by ThemeForest. Exploit appeared November 17th, 2013.
  • Euclid Version 1 Theme contains a CSRF File Upload Vulnerability. Exploit appeared today. Theme is distributed by FreelanceWP.com.
  • Project 10 Theme, Version 1.0. Remote file upload vulnerability. Distributed by ThemeForest. Exploit appeared today.

Please remember: Deactivating a theme or plugin with a security hole does not make it safe. You need to remove all files from your system to remove the security hole in a theme or plugin. If your theme or plugin is listed here, don’t panic. First contact your theme or plugin author or vendor. Work with them to determine if your particular version contains the vulnerability we’ve publicized and get their advice on what action to take. If they are not contactable after a reasonable amount of time, work with your hosting provider or site developer to determine if you have a vulnerability and what action to take.

Source: www.wordfence.com

 

What Google Hummingbird Means For Your Website

/in /by

Google Hummingbird is a significant improvement because it lends understanding to the contextual intent and meaning of terms used in a query.

Back in August of 2013, Google unveiled its new algorithm for search – Google Hummingbird. Hummingbird allows the Google search engine to better do its job through improvements in semantic search. Semantic search is conversational search – “What’s the best pizza place in dc?” – “How do I get to the Redskins’ stadium?” – “How old is RG3?”

Let’s take a closer look at my semantic search examples.

1) “What’s the best pizza place in dc?”

Hummingbird does a really good job with synonyms, so it takes my query and substitutes “place” with “restaurant”. It also knows that in this context “dc” refers to “Washington, DC”, “district of columbia”, and even the entire “DC metro area”.

2) “How do I get to the Redskins’ stadium?”

One of the cool new features of the Hummingbird algorithm is something called the Knowledge Graph.  The Knowledge Graph is a gigantic semantic database with more than 570 million objects and more than 18 billion facts about and relationships between different objects that are used to understand the meaning of the keywords entered for the search. So in my example “How do I get to Redskins’ stadium?”, Hummingbird first figures out where I am (it knows this because it queries my IP address) and then the Knowledge Graph shows me a Google map to Fedex field, it tells me how long it will take in my car, how many miles it is to the stadium, and there’s even a drop-down with turn-by-turn directions from my house to the stadium.

google_hummingbird_semantic_search_example1

3) “How old is rg3?”

In this query, Google Hummingbird is starting to do something really interesting. It uses the contextual information from my previous search to help confirm that “rg3” in this context means “Robert Griffin Jr, the 3rd.” Then the Knowledge Graph tells me that he’s 23 years old, his birthday is February 12, 1990, and a whole host of other related information – his 40 yard dash time, where he was born, who he’s married to, how much he makes, his career stats as well as his stats for the past 3 games.

Keywords are still central to SEO

Google’s algorithm continues to be a complex mix of factors that weigh the relevancy of a page for a query. That hasn’t changed.

While some people may be panicking that their SEO strategy needs to be revamped, if you have been evolving on a natural SEO pace, there’s nothing to worry about. You’re on the right track.

Here is a sample of some of the things that continue to matter:

  • Mobile SEO: Conversational search is driven by the way people search using their mobile devices — so, mobile optimization is going to continue to be critical.
  • Structured Data Markup: Providing search engines with as much information as possible about your page content helps them do their job better. Structured data can also improve click-through rates in the search results when displayed in rich snippets.
  • Google+: Google’s social network is essential in helping to identify your online brand, connecting it with concepts and serving your content in the Google results.
  • Links: Google may not want SEOs obsessing over PageRank data, but that doesn’t mean links are irrelevant. Links help Google put concepts together on the Web; they also send strong signals to Google about page credibility.
  • Keyword Optimization & Content Creation: Nowadays, it seems there is a lot of debate over the usefulness of focusing on keywords. But keywords are not dead. Quality content is crucial, and that includes at least some level of keyword optimization.

Related Information

Amazon Glacier is a Dirt Cheap Backup Solution

/in , /by

Lifehacker.com has a great article on Amazon’s new backup solution called “Amazon Glacier”. This new storage/backup solution starts at just a penny per GB per month. Depending on your storage needs, Amazon Glacier  could be the most cost-efficient backup solution you can find. There are some caveats, however. This is really designed as the backup of backups – a place to archive things that you don’t access regularly and would only really need if all of your other backup systems failed. This is because though your data is secure, it is both slow and expensive to access.

Read the rest of the article

Security Holes in Two WordPress Plugins – WordPress Poll and Social Articles

/in , /by

There is a SQL injection vulnerability in WordPress Poll. Please upgrade to WordPress Poll version 35.0 immediately which was released a few days ago and fixes this security hole. We are currently seeing exploits for this vulnerability in the wild.

The Social Articles plugin appears to have an arbitrary file upload vulnerability in the current version which is 1.4. The vulnerability is in the upload-handler.php script included with the plugin. The exploit for this security hole is already in the wild. A fix has not been released yet so we recommend that you disable and delete the plugin until a fix is released.

Computer Viruses to Watch Out for: Cryptolocker and Ransomcrypt

/in , , /by

Cryptolocker and Ransomcrypt – New, Serious Threats

While Ransomlock Trojans have plagued the threat landscape over the last few years, we are now seeing cybercriminals increasingly use Ransomcrypt Trojans. The difference between Ransomlock and Ransomcrypt Trojans is that Ransomlock Trojans generally lock computer screens while Ransomcrypt Trojans encrypt (and locks) individual files. Both threats are motivated by monetary gains that cybercriminals make from extorting money from victims.

Recently, a new threat detected by Symantec as Trojan.Ransomcrypt.F (AKA Cryptolocker) has been growing in the wild. Trojan.Ransomcrypt.F encrypts data files, such as images and Microsoft Office documents, and then demands payment through Bitcoin or MoneyPak to decrypt them—all within a countdown time period. This Ransomcrypt Trojan uses strong encryption algorithms which make it almost impossible to decrypt the files without the cryptographic key.

What is particularly scary about this new threat is that it is working. People whose data is being held ransom are paying up and there is a legitimate concern for copycats since this has proven to be a successful scam.

The screenshot below is what pops up if your computer is infected.

 

How to avoid the cryptolocker and ransomcrypt virus

According to reports from security firms, CryptoLocker is most often spread through booby-trapped email attachments, but the malware also can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins.

Fortunately, there are a couple of simple and free tools that system administrators and regular home users can use to minimize the threat from CryptoLocker malware. A team of coders and administrators from enterprise consulting firm thirdtier.net have released the CryptoLocker Prevention Kit – a comprehensive set of group policies that can be used to block CryptoLocker infections across a  domain. The set of instructions that accompanies this free toolkit is comprehensive and well documented, and the group policies appear to be quite effective.

Individual Windows users should check out CryptoPrevent, a tiny utility from John Nicholas Shaw, CEO and developer of Foolish IT, a computer consultancy based in Outer Banks, N.C. Shaw said he created the tool to mimic the actions of the CryptoLocker Prevention Kit, but for home users. So far, he said, the CryptoPrevent installer and its portable version have seen tens of thousands of downloads.

CryptoLocker might be the best advertisement yet for cloud data storage systems. 

For further reading on cryptolocker see:

BleepingComputer discussion thread.

Malwarebytes: Cryptolocker Ransomware: What you need to know.

Naked Security (Sophos): Destructive malware Cryptolocker on the loose.

http://www.symantec.com/connect/forums/cryptolocker-and-adc-policies

Reddit thread: Proper care and feeding of your Cryptolocker

Makeuseof.com: Cryptolocker is the nastiest malware ever and here’s what you can do

Ars Technica: You’re infected — if you want to see your data again, pay us $300 in Bitcoins

 

Secure your Website with Wordfence Plugin

/in , /by

The First Step in Securing Your Website – Install Wordfence

I’m going to start blogging about my list of go-to plugins. Plugins can sometimes be the weak link in a website, particularly when a site relies on too many plugins and no one makes it their duty to update plugins or find ways to hardcode around relying on them.

That said, some plugins are worth their weight in gold. And that’s particularly the case when you stumble across a free plugin.

Wordfence is the leading cyber security solution for WordPress

With wordfence, you can block a hacker even if they’re changing IP addresses by banning their network, their range of IP addresses, or even their entire country. If your site has been hacked, you can use source code verification tools to determine what has been changed and help repair hacked files, even if you don’t have backups. Wordfence combines data on the newest hacks and their sources and uses the data to block the newest distributed attacks. On top of all of that, wordfence has a regular blog and email post publicizing weak plugins and themes.

Download Wordfence or ask your wordpress administrator about it as soon as possible. It could be lifesaving. Or, at least website saving.