LocalCause

Information Technology Services

Category: Best Practices (page 1 of 6)

Hacker Lexicon: What Is DNS Hijacking?

DNS hijacking takes advantage of how the Domain Name System functions as the internet’s phone book—or more accurately, a series of phone books that a browser checks, with each book telling a browser which book to look in next, until the final one reveals the location of the server that hosts the website that the user wants to visit. When you type a domain name like “google.com” into your browser, DNS servers hosted by third parties, like the site’s domain registrar, translate it into the IP address for a server that hosts that website.

A DNS lookup is a convoluted process, and one that’s largely out of the destination website’s control. To perform that domain-to-IP translation, a your browser asks a DNS server—hosted by the your internet service provider—for the location of the domain, which then asks a DNS server hosted by the site’s top-level domain registry (the organizations in charge of swathes of the web like .com or .org) and domain registrar, which in turn asks the DNS server of the website or company itself. A hacker who’s able to corrupt a DNS lookup anywhere in that chain can send the visitor off in the wrong direction, making the site appear to be offline, or even redirecting users to a website the attacker controls.

What Is DNS Hijacking?

Keeping your internet property safe from hackers is hard enough on its own. But as WikiLeaks was reminded this week, one hacker technique can take over your entire website without even touching it directly. Instead, it takes advantage of the plumbing of the internet to siphon away your website’s visitors, and even other data like incoming emails, before they ever reach your network.

Beware: Most Mobile VPNs Aren’t as Safe as They Seem

Thinking About a Mobile VPN? Be Careful Which One You Pick

Between an industry-wide push to encrypt all web traffic and the newfound popularity of secure chat apps, it’s been a boom time for online privacy. Virtual private networks, which shield your web traffic from prying eyes, have rightly garnered more attention as well.

BETWEEN AN INDUSTRY-WIDE push to encrypt all web traffic and the newfound popularity of secure chat apps, it’s been a boom time for online privacy. Virtual private networks, which shield your web traffic from prying eyes, have rightly garnered more attention as well. But before you use a VPN to hide your online shopping from the IT department at your company—or help protect yourself from state surveillance—know that not all mobile VPNs are created equal. In fact, some are actively harmful.

“These days, many people know what a VPN is and what they can do with one,” says Kevin Du, a computer security researcher at Syracuse University and IEEE senior member. “Not many people know what a bad or flawed VPN can do to their devices, because they don’t know how VPN works.”
 
VPNs have been around for years, as have their attending trust issues. But while previously VPN enthusiasts were mostly a core base of desktop users, the mobile boom and app store accessibility has created an explosion in mobile VPN offerings. And while some are genuinely looking to offer security and privacy services, plenty do more harm than good.

In a recent in-depth analysis of 283 mobile VPNs on the Google Play Store from Australia’s Commonwealth Scientific and Industrial Research Organization, researchers found significant privacy and security limitations in a majority of the services. Eighteen percent of the mobile VPNs tested created private network “tunnels” for traffic to move through, but didn’t encrypt them at all, exposing user traffic to eavesdropping or man-in-the-middle attacks. Put another way, almost a fifth of the apps in the sample didn’t offer the level of security that’s basically the entire point of VPNs.

Read the rest at wired.com

WordPress Table Prefix: Changing It Does Nothing to Improve Security

Changing your WordPress table prefix is risky to implement and it does absolutely nothing to enhance your site security.

Data BurglarWhat if I told you that a great way to prevent burglaries is to turn off all the lights in your home? That way a burglar would be able to gain entry, but they would not be able to see where your stuff is and so they couldn’t steal it.
 

When you change your table prefix in WordPress you usually use a WordPress security plugin to do the job. Unfortunately the security plugin needs to execute as the change is taking place. That means that during execution, half your tables have one prefix, and the other half have another prefix. If execution stops for any reason you are left with a broken website that you need to restore from backups.

You’d tell me that the burglar would either bring a flashlight or turn on the lights themselves.

It’s exactly the same concept when it comes to renaming your WordPress database table prefix. Once an attacker can access your database using SQL injection, they are inside your home. If you rename your database tables using a unique prefix, you’ve turned out the lights in your home.

So what’s the first thing an attacker does? They do this:

Bypass renamed WordPress table prefix

The output of this query is:

Bypass renamed WordPress table prefix

The above query simply asks the database what WordPress table prefix is being used for the postmeta table. It turns on the lights.

Any bot, attack script or manual attack, using a tool like sqlmap, will always run a query like the above before assuming any default table prefix.

Changing your WordPress table prefix for security reasons does not make a SQL injection attack “slightly harder” for attackers. They simply run the above query before assuming your tables have a default prefix.

WordPress Table Prefix: Changing It Does Nothing to Improve Security

This entry was posted in WordPress Security on December 28, 2016 by mark 1 Reply There is an idea that was popularized a few years ago that if you change WordPress table prefix in your database, it helps protect your WordPress website from attackers.

TA16-336A: Avalanche Crimeware Alert

TA16-336A: Avalanche (crimeware-as-a-service infrastructure)

Systems Affected

Microsoft Windows

Overview

“Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), is releasing this Technical Alert to provide further information about Avalanche.

Description

Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials). Victims’ compromised systems may also have been used to conduct other malicious activity, such as launching denial-of-service (DoS) attacks or distributing malware variants to other victims’ computers.

In addition, Avalanche infrastructure was used to run money mule schemes where criminals recruited people to commit fraud involving transporting and laundering stolen money or merchandise.

Impact

A system infected with Avalanche-associated malware may be subject to malicious activity including the theft of user credentials and other sensitive data, such as banking and credit card information. Some of the malware had the capability to encrypt user files and demand a ransom be paid by the victim to regain access to those files. In addition, the malware may have allowed criminals unauthorized remote access to the infected computer. Infected systems could have been used to conduct distributed denial-of-service (DDoS) attacks.

Solution

Users are advised to take the following actions to remediate malware infections associated with Avalanche:

  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. Even though parts of Avalanche are designed to evade detection, security companies are continuously updating their software to counter these advanced threats. Therefore, it is important to keep your anti-virus software up-to-date. If you suspect you may be a victim of an Avalanche malware, update your anti-virus software definitions and run a full-system scan. (See Understanding Anti-Virus Software for more information.)
  • Avoid clicking links in email – Attackers have become very skilled at making phishing emails look legitimate. Users should ensure the link is legitimate by typing the link into a new browser (see Avoiding Social Engineering and Phishing Attacks for more information).
  • Change your passwords – Your original passwords may have been compromised during the infection, so you should change them. (See Choosing and Protecting Passwords for more information.)
  • Keep your operating system and application software up-to-date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. You should enable automatic updates of the operating system if this option is available. (See Understanding Patches for more information.)
  • Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool. A non-exhaustive list of examples is provided below. The U.S. Government does not endorse or support any particular product or vendor.

ESET Online Scanner

          https://www.eset.com/us/online-scanner/(link is external)

F-Secure

          https://www.f-secure.com/en/web/home_global/online-scanner(link is external)

McAfee Stinger

          http://www.mcafee.com/us/downloads/free-tools/index.aspx(link is external)

Microsoft Safety Scanner

          https://www.microsoft.com/security/scanner/en-us/default.aspx(link is external)

Norton Power Eraser

          https://norton.com/npe(link is external)

Revisions

  • December 1, 2016: Initial release

 

Avalanche (crimeware-as-a-service infrastructure) | US-CERT

Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials).

Why Visitors to Your Website Don’t Donate

Why Visitors to Your Website Don’t Donate, and a Few Things You Can Do About It.

Getting visitors to your nonprofit’s online fundraising site isn’t as easy as it sounds, and then trying to convert those visitors into donors is even harder.

The M+R Benchmark Study found that, on average, only 1.1 percent of website visitors made a donation to a nonprofit. Couple that with the fact that for every 1,000 website visitors, a nonprofit raises $612, and you can see that the nonprofit sector is struggling with conversion.

Nonprofits need to start capitalizing on presence of the visitors they already have. By converting those visitors into donors, your nonprofit is bound to increase your donor base and income.

There are a number of reasons why visitors to your website don’t donate. Let’s discuss four of them in detail..

4 Reasons Visitors to Your Website Don’t Donate

Getting visitors to your nonprofit’s online fundraising site isn’t as easy as it sounds, and then trying to convert those visitors into donors is even harder. The M+R Benchmark Study found that, on average, only 1.1 percent of website visitors made a donation to a nonprofit.

Is Trying to Calculate Organic Reach on Facebook a Waste of Time?

Just because 4% of your friends/followers/customers were shown your posts in their News Feed over the last month, that doesn’t mean they actually saw and read them. That’s why organic reach is considered by many to be a nonsensical number.

A more useful metric to track is your “Engagement Rate.” Engagement is defined as people who liked/reacted, commented, clicked, or shared your posts.

Here’s how to do that..

HOW TO: Calculate Your Nonprofit’s Organic Reach on Facebook

According to Facebook , organic reach is the total number of unique people who are shown your post(s) in their News Feed through unpaid distribution and although Facebook Insights provide a lot of useful data about your fans and reach (organic and paid), the one critical piece of data not provided is your nonprofit’s weekly, monthly, or quarterly average organic reach.

10 New iOS 10 Settings You Should Change

10 New iOS 10 Settings You Should Change

iOS 10 is here, and it’s packing a number of very cool new features. To activate some of those features – like sending read receipts in Messages or having Siri announce calls – you’ll need to tweak a few settings. A few other new options will change how your device behaves with iOS 10.

Hey there, Slack. This won’t be easy, but it’s for the best.

While it’s true that email was (and, despite your valiant efforts, still very much is) a barely-manageable firehose of to-do list items controlled by strangers, one of the few things that it did have going for it was that at least everything was in one place.

Trying to keep up with the manifold follow-up tasks from the manifold conversations in your manifold teams and channels requires a Skynet-like metapresence that is simply beyond me.

With you, the firehose problem has become a hydra-headed monster.

https://medium.com/better-people/slack-i-m-breaking-up-with-you-54600ace03ea#.hzf7d6n7x

Get People to Stay on Your Website Longer — Jetpack for WordPress

Check out these two Jetpack features to help people stay on your website longer and help more people discover the content you’ve already created.

via Get People to Stay on Your Website Longer — Jetpack for WordPress

Level Up with Blogging U. — WordPress.com News

Building a business website? Starting a blog? Working on your writing? Practicing photography? There’s a Blogging U. course for you.

via Level Up with Blogging U. — WordPress.com News

Older posts

© 2017 LocalCause

Website Malware Scan

Loading...