Written: March 30, 2018

email contact

Security Friday

I’m a big believer in keeping my office network secure by following all update instructions from Netgear, so today my WiFi router was updated to the latest firmware release 1.0.0.122:

Netgear firmware 1.0.0.122

Netgear firmware 1.0.0.122

This update process took maybe 5 minutes of my time and provided a sense of relief that my vendor Netgear continues to take security seriously by providing these free updates.

Apple also prompted me to update my Operating System to High Sierra 10.13.4, so that process took about 45 minutes, half of which was in the background just downloading the file then the other half I had to wait for my MacBook Pro to finish. While waiting I simply swapped to using my iPad and Samsung Note 4 smart phones to make calls, look at the calendar and run my business. I typically wait until outside of business hours to upgrade my laptop Operating System.

High Sierra 10.13.4

High Sierra 10.13.4

WordPress is still the number one Content Management System (CMS) in the world, so that means that it is a target for hackers. My favorite security Plugin for WordPress is called Wordfence, and here’s what the install process looks like after you add the plugin and activate it.

email contact

Click Activate

Click the link to setup Wordfence and then fill in your email address to receive alerts of suspicious activity:

Wordfence email

Wordfence email

I then clicked the link to receive auto-updates:

Wordfence updates

Wordfence updates

Next is Firewall setup, a technique to only allow trusted content to be run on your website:

Wordfence firewall

Wordfence firewall

Using Wordfence will alter something called the .htaccess file, so click the link to download your existing file, just in case you ever want to go back and un-install Wordfence.

Save old .htaccess file

Save old .htaccess file

OK, that’s about it for setup of Wordfence, so just wait for an email message from Wordfence if your site is being targeted by hackers. One of my clients received an email from Wordfence this morning and it listed every malicious file that had been added since 2014, so I was able to quickly remove the added files and then examine a few infected files before removing the added PHP code.

Wordfence all setup

Wordfence all setup

As always, if you have questions about your WordPress website and security, then give me a call, I’d be happy to explain it to you and help keep your site running smoothly.

 

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Netgear email

Remember to Update your WiFi Router Firmware to Stay Secure

Today I received an email from Netgear, my vendor for WiFi router used in the home office, so I read through it and decided to follow their security advice and follow the simple steps.

Netgear email

email from Netgear

It’s also best practice to double-check any email message like this by viewing the From address, and then hovering the cursor over any link just to make sure that you know where the link is pointing to before actually clicking it. This email passed my scrutiny, so the next step was to browse the link and find out what version of firmware I already had:

Firmware Version 1.0.0.16

So yes, there was a newer version of firmware at 1.0.0.18, so I started the update process and watched the progress bar:

firmware updating

Firmware updating

The update process only took a few minutes, so not a big deal in lost productivity for me. When the firmware update was complete I checked to see the latest version number of 1.0.0.118:

Version 1.0.0.118

You should always update to the latest firmware when your WiFi Router vendor sends you an email. When you purchase a new WiFi router make sure and register your product so that you can receive these useful update email notifications.

My previous update was in October 2017, so it looks like Netgear takes security seriously and continues to support their WiFi routers with new releases as soon as they find any exploit.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Netgear eail

Keeping your network updated

In my home I use WiFi to connect my MacBook Pro to the Internet. Today I received an email from Netgear, the company that sold me the WiFi router, and they wanted me to update the firmware to the latest release for security reasons. Right away I took action, because I really want my WiFi network up to date and secure so that hackers cannot get into my network and disrupt my business or steal my identity.

Netgear eail

Netgear email

In my web browser I logged into the WiFi router, then went to the page where firmware updates are performed.

Netgear firmware

Netgear firmware

The whole process to update the firmware took maybe 3 minutes, and then I reset my WiFi router.

It’s a good feeling to be secure in my business, and I recommend that you take update notices from your WiFi router vendor as serious so that your business runs smoothly

Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Facebook email

Thank You Facebook Security

Each morning after breakfast I start my work day by reading email messages to see what needs my attention or is urgent. This security message from Facebook stood out right away as something that I should look into right away:

Facebook email

The return address was from security@facebook.com, they knew my first name, the English was proper, the message made sense, and the link they wanted me to click was legitimate, https://www.facebook.com/login/. I certainly didn’t try to login to Facebook at 3:24AM using the Firefox browser on Windows 8, because my default browser is Google Chrome on Mac OS X.

Once I visited the login page I was greeted with a dialog telling me that my Facebook account was temporarily locked:

Your account is locked

The next dialog asked if I had tried to login on Facebook from South Korea, so I replied No. The third dialog let me know that my account needed to be kept secure:

Keep your account secure

They asked me to provide a new password:

change your password

New password accepted, so now I’m all set:

You're all set

Summary

The security folks at Facebook automatically noticed that someone was trying to login to my account from South Korea, which they blocked, and then for added security Facebook locked my account until I could respond to their email request to login and answer questions about my login history. I feel protected by Facebook and am quite happy to reset my password and continue using Facebook today. I did quickly look at my Facebook feed to double check that nothing had been posted as me by another person, and found the feed to be all safe. What a happy ending to the story.

Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Skype Password

How to Not Change Your Password

I’ve used the free Skype app for several years now and it has allowed me to speak with other professionals in San Jose and Tokyo for free by using a computer connected to the Internet. We all setup Skype accounts, then use the app to talk on our computers instead of making expensive overseas telephone calls. Way back in 2011 Microsoft paid some $8.5 Billion to acquire Skype and they pretty much left that company alone to run their business as before, that is until just recently. I received an email update from Skype yesterday telling me that a credit in my account was becoming inactive, so I decided to login to Skype and keep my credit active.

Microsoft wanted me to login with my Skype or Microsoft account, and I selected my Skype account. Next, it showed a dialog forcing me to update my password:

Skype Password

The first time that I tried this update password procedure I was confirming my password and the dialog told me that the passwords didn’t match, however it would let me go back and update the first password, it would only let me update the confirmed password. Uh, that is a catch-22, I couldn’t proceed because I had a typo in my first password yet I wasn’t allowed to change my first password. The only work around was to revisit the site at www.skype.com and start all over.

I’m all for security and sometimes prodding web users to update their passwords to something more secure, but when you do that prodding you need to allow a web user to update any field on the form, not keep them stuck on the confirmation password field only.

I would expect a small company to make an annoying user interface mistake like this one, but not a major corporation like Microsoft which should know better about using best User Interface best practices that allow a user to change any form field at any time, for any reason.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Online Security and Getting Hacked

In the past three weeks I’ve seen three friends get their online accounts taken over, also called being hacked:

The intention of the hackers is typically one of the following:

How can you protect yourself from being hacked?
Mostly it is a matter of choosing a password that is hard to guess. Security experts suggest the following password guidelines:

 It’s a real hassle to get your identity back after an online account has been hacked.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog Tags

Recent Posts

Blog Directory & Business Pages at OnToplist.com