BlogSmall business, Marketing, Promotion and Web Design

In order to protect your WordPress installation the following steps are mandatory.

Step 1: Read this post from Matt Cutts on protecting your WordPress installation. If you don’t know what the .htaccess file is or does - read this or this.

Step 2: If you have access t0 cPanel or any other hosting management script installed - login to your hosting management console and turn off indexes for your web directory. If you don’t know what I am talking about - make sure you repeat step 2 from the article mentioned above for all folders where no index.php file exists.

Step 3: Instead of denying IPs you can simply password-protect the /wp-admin/ directory. On my installations it has weird effect of redirecting straight to index page instead of asking for login/password. Even better - no password to remember and you still can use one of the blog editors to upload content.

Popularity: 17%

You might also be interested in reading this:

• Zoundry Blog Editor (January 15, 2008): While contemplating on my ideas of blogging editor I stumbled upon various reviews of existing blogging clients. One of them caught my eye, so I ventured ahead and downloaded Zoundry - free blogging client. I am attempting to write this post in Zoundry, version 1.0.40. Generally, I am not looking for features I came up with [...]
• WordPress 2.3 upgrade (October 30, 2007): Apparently upgrade to WP 2.3 is much more problematic then I thought. Even though I updated the test blog first (didn't see any signs of trouble), the upgrade of this one left me without much liked plugin Ultimate Tag Warrior. Hopefully the developer will release an update soon...
• Upgrading WordPress to 2.3.3 (February 5, 2008): Looks like there is another vulnerability discovered in WordPress, that's why I have to upload all 3.1MB of files again to all the accounts I have WP installed. After backing up the account and downloading backup. Maybe I am being too quirky, but I would just post files that need to be updated - just like [...]
• The Irony of Wordpress Themes (January 27, 2008): Most of WordPress bloggers know that there are hundreds of themes to make your blog different from others. Some bloggers create lists, contests and other blog theme promotion events. Of course, the presentation is important, there is no doubt about it. What is, actually, puzzles me is that while we, bloggers, spend tremendous amounts of time [...]

Recently I was asked a very good question on Trusted Platform Module. Question stated that once the hard drive is removed from the system, there is nothing that prevents attacker to break decryption (even brute force it) and obtain data no matter how secure it is.

Pretty much all the protection applied in contemporary systems is built upon the thesis that any data is decipherable either by using LOTS of computer power or LOTS of time which makes data either too expensive to obtain in such a way or obsolete by the time it is deciphered.

Obtaining data from any hard drive is very expensive and time-consuming process. Unless you keep a little too much information on it - no one gives a damn. Basically, targeted attacks only make sense if attacker has enough reasons to believe that certain laptop possesses certain value. In all other cases - it’s cheaper to get “stuff” through other means.

That’s the primary reason for spam and phishing attacks – because it is cheaper and more productive to attack the weakest link in security chain. Such link happens to be a human, since most successful attacks use social engineering rather than brute forcing your password. Why break if you can ask and get it?

Generally speaking, most of security rules in place are impenetrable enough that fraudsters avert their efforts from brute force and other types of high-tech attacks and pursue scamming and phishing. Penetrating current security measures requires very high levels of knowledge and intelligence as well as knowing insides and outs of particular system one plans to attack. However, crafting fake bank web site and sending zillions of fake notifications to “update your account info” requires way less time, knowledge and costs almost nothing. The financial outcomes, however, are significant enough to make such attacks more feasible and more numerous.

Popularity: 14%

You might also be interested in reading this:

• Zoundry Blog Editor (January 15, 2008): While contemplating on my ideas of blogging editor I stumbled upon various reviews of existing blogging clients. One of them caught my eye, so I ventured ahead and downloaded Zoundry - free blogging client. I am attempting to write this post in Zoundry, version 1.0.40. Generally, I am not looking for features I came up with [...]
• X61p brief review (December 17, 2007): Since I have got the new Lenovo X61s laptop I am getting used to do things slightly differently then before. For one, I don't have to lug around with all the beauty of T60p with two hard drives and all the data on them. Even though all the e-mail isn't here (it's [...]
• What is it that I want (July 31, 2007): While moving tons of my ex-IT stuff from old apartment to new (and losing some ISA network cards on the way) I realized what is it that I ultimately need while most of my stuff is unavailable (like when I am moving, traveling, vacationing and so on). So think of this as of unofficial wish [...]
• Web hosting requests (October 20, 2004): What makes people to post requests like these? Platform: Linux Space: 1000 MB Bandwidth: 30GB Control Panel: yes IP Address: no Email Accounts: unlimited Database(s): unlimited Expected cost: 1 per year Right, like someone is really going to give them free hosting like this. The forum seems pretty empty. I mean if the forum would have been up to the resources, then sure, it [...]

There’s a confession I would like to make: I love reading paper magazines and books. So much so that I, on occasion, go out and buy those outrageously expensive magazines from UK on web design, computer arts and photography.

Now, I am not sure if there are any decent magazines on web design in USA, but judging by photography magazines, UK publishing wins hands down. Their magazines are just… tastier. Not in a sense of good and bad taste, but in a sense how gourmet food looks and tastes better then your average Brooklyn McDonald’s. Don’t know how they get to do it, but for me it’s a proven fact.

Unless you are one of those “I know everything already” gurus - I would like to suggest a Web Designer magazine by Imagine Publishing. And while you are at it - their Photoshop magazines are quite helpful, too.

In addition to that, last week at Barnes and Noble I picked up an interesting magazine, called hakin9 - hardcore IT security magazine. It is a bi-monthly Polish publication, specifically targeted at security professionals. Some reviews of popular anti-virus software, some hard-core Linux breaching techniques, even some commercial software included with magazine’s CD. However, the most interesting article in the picked issue was one on rootkit deployment techniques. That’s right, not how to protect yourself or how to recover from security breach, but how to break into someone else’s system - in plain English with screenshots and commentary.

So far, I enjoy my reading. Keep ‘em coming!

Popularity: 13%

You might also be interested in reading this:

• Why Trusted Platform Module won’t protect you (December 14, 2007): Recently I was asked a very good question on Trusted Platform Module. Question stated that once the hard drive is removed from the system, there is nothing that prevents attacker to break decryption (even brute force it) and obtain data no matter how secure it is. Pretty much all the protection applied in [...]
• Protecting WordPress (January 18, 2008): In order to protect your WordPress installation the following steps are mandatory. Step 1: Read this post from Matt Cutts on protecting your WordPress installation. If you don't know what the .htaccess file is or does - read this or this. Step 2: If you have access t0 cPanel or any other hosting management script installed - [...]
• Offline-Online Promotion For Small Businesses - Part 3 (January 17, 2008): Small businesses, especially those that are not geographically "challenged", should not limit themselves to small-scale marketing tools. Coupons, flyers, business cards, comp cards - it all can work for geographical regions of a small scale. Sending out postcards or distribute flyers can get really expensive as your targeted location grows in size. These marketing tools [...]