Linux Shellshock Security Patch

Just doing  a routine browsing this morning and i found that my Ubuntu is vulnerable with Shellshock attack. Shellshock is newly discovered security vulnerable for your bash, which means all Linux and Max are vulnerable from this security issue. Shellshock using crafted environment in bash script and gain access to your computer. This is more serious than heartbleed a while ago. To test if your Linux is vulnerable, run this script on your bash terminal: If you see a message: vulnerable … Read more...

Phising Through Email Using Google Drive Link

Recently i found that some of my friends send me an email asking to see an important document in Google Drive. The title would say "Kindly Review The Uploaded Document"  and here is the content of the email: Hello, please see this it's very important   https://drive.google.com/  and sign in to view It's very important Kind regards Please see the screenshot below: The email sent to me as bcc as my contacts, so i thought it might be something important. But i'm shock when … Read more...

TimThumb Zero Day Vulnerability

TimThumb, a small php script to resize and crop images on the fly which being use by many WordPress themes (usually premium WordPress themes such as elegantthemes) all over the net. This script has been compromised with zero day vulnerability. This blog and my other blog which using TimThumb also being hacked and injected with some malicious code to the WordPress core. The compromised script was TimThumb v2.7 and below. If you are using that script, YOU MUST UPDATE IT NOW!!! I spent 3 hours … Read more...

Choose A Rememberable and Secure Password For Your Accounts

Your password is a key to all your account on the internet. All account on the internet need username and password for their basic authentication. If your password fall into wrong hand, someone can easily impersonate you while online, sign your name to online service agreements or contracts, engage in transactions, or change your account information. So, choose your password carefully and then keep it safe from others. I have a few tips for you to choose a rememberable but still a strong … Read more...

Have You Done GMail Security Checklist?

To know that your account is being hacked is the worst nightmare ever. Especially when you have a confidential information such as finance information in that account. Most of the internet account need email for communication. And even Google mail have the best security (in my humble opinion), could be compromised if you are not careful. Amit Agarwal from labnol got his GMail hacked once and he managed to recover it back after some time. Actually Google Mail has the security checklist in … Read more...

How Facebook Account Been Hacked

There have been many report that their Facebook account has been hacked by the anonymous. My cousin also report that his Facebook account being hacked even he use a fairly strong password and really keep his password safe. Even Amit Argawal from Labnol also has been hacked recently, read his post "My Facebook Account Got Hacked". "I no longer have access to my Facebook pages!", said Amit in his blog post. As the technology journalist i'm pretty sure that he used a strong password for all of … Read more...

What To Do When Your WordPress Blog Got Hacked

It's been two years i've been blogging with Wordpress. And all the knowledges and articles i wrote in this blog comes from many sources and experiences. And in 2 years blogging, i got 2 hacked attack and survive. And now if pay attention to my access log, there are still some attempt to inject the malicious code to my site. You can read my article: Someone Trying To Inject IvanKristianto.com. I'm not saying that my blog is secure and bullet proof. But i have done everything i could do, trying … Read more...