WordPress security for beginners

The Jetpack (a plug-in) blog has a pretty good WordPress Security for Beginners post which talks about what you need to do to keep your blog safe. The TL;DR: choose a good host keep software updated (WP, plug-ins, themes) use secure credentials off-site backups protect against brute force attacks scan for malware monitor for downtime remove… Continue reading WordPress security for beginners

MFA on a smartphone

Multi-factor authentication (MFA; aka Two-factor authentication aka 2FA) makes access to things more secure. However, how to do it from the same smartphone seems to be an afterthought. First, if someone has the smartphone which is used to generate the code, receive the text, answers the phone call, or confirms the access, then is MFA… Continue reading MFA on a smartphone

Friend Request Hoax

A legitimate message expressing concern about your impersonation account would: Ask if you created another account. Provide the address to the new account so you can go to the profile, click the three dots on the cover photo, select Report, and follow the instructions for impersonation. Instead, the hot hoax right now says: Hi….I actually… Continue reading Friend Request Hoax

Carrier Phish

Got a phone call from my own cell phone to itself. That was pretty interesting the first time, but I declined the call because I was certainly not calling myself. A day later, I got another call. This one I answered. It was an interesting call informing me my account with the cellphone carrier was… Continue reading Carrier Phish

USB Drives to Move Election Malware

From “Can Georgia’s electronic voting machines be trusted?“: Though voting machines aren’t directly connected to the internet, witnesses testified last week that USB drives are used to transfer election data from internet-connected computers to election servers. So, computers that are connected to the Internet are used to move data to the election servers. Malware can… Continue reading USB Drives to Move Election Malware

How wide was the Equifax data breach?

143 million US consumers were caught up in the data breach. I keep seeing it portrayed as 44% of the US population. But, the US population includes children. Initially, it seemed to me the better metric was 11 million more than all of 2016 IRS tax filers. The problems with this latter comparison? Lots of… Continue reading How wide was the Equifax data breach?

DOJ, Dreamhost, and DisruptJ20

The government has no interest in records relating to the 1.3 million IP addresses that are mentioned in DreamHost’s numerous press releases and opposition brief. Basically, the Department of Justice served Dreamhost this warrant asking for the code backing the web site, the HTTP request and error logs, logs about backend connections to upload files to the… Continue reading DOJ, Dreamhost, and DisruptJ20