Why You Should Always Site with HTTPS

Recently I found that my Internet provider being "naughty" in their business practices. They added a tracking code to a web page if that page doesn't use https. This is very annoying and I did try to call the ISP and as usual it goes to the support operator which doesn't know anything about what I'm talking about...sigh...See the screenshot below:That script is injected at before the </body> tag, and I don't know for sure what it does, it could be one of the following:Cookies … Read more...

Secure Your WordPress Site

WordPress is an open source project and developed by the community from all over the world. A lot of expert spent their times to make WordPress as secure as possible. But I'm not in the position to say that it has bulletproof for security vulnerability. You can see there are couple security has been reported fixed and disclosed in WordPress hackerone. You can report any security issue too, if it is valid, you'll get bounty!With that said, I would like to share couple best practices I did to … Read more...

Secure Your Connection With Your Own Cheap OpenVPN

I did experience when my "naughty" ISP inject a javascript to a web page when the site is not using https. That script intended to track, and maybe steal some cookies (I'm not sure, since they can get anything). And another story also when I did use public wifi when I work in a cafe/coworking space, and I got SSL warning that there is man-in-the-middle try to intercept my connection, and said the SSL certificate is not valid. I was shocked that it is not hard for a sysadmin to intercept our … Read more...

Linux Shellshock Security Patch

Just doing  a routine browsing this morning and i found that my Ubuntu is vulnerable with Shellshock attack. Shellshock is newly discovered security vulnerable for your bash, which means all Linux and Max are vulnerable from this security issue. Shellshock using crafted environment in bash script and gain access to your computer. This is more serious than heartbleed a while ago.To test if your Linux is vulnerable, run this script on your bash terminal:If you see a message: vulnerable … Read more...

Phising Through Email Using Google Drive Link

Recently i found that some of my friends send me an email asking to see an important document in Google Drive. The title would say "Kindly Review The Uploaded Document"  and here is the content of the email: Hello,please see this it's very important  https://drive.google.com/  and sign in to viewIt's very importantKind regards Please see the screenshot below:The email sent to me as bcc as my contacts, so i thought it might be something important. But i'm shock when … Read more...

TimThumb Zero Day Vulnerability

TimThumb, a small php script to resize and crop images on the fly which being use by many WordPress themes (usually premium WordPress themes such as elegantthemes) all over the net. This script has been compromised with zero day vulnerability. This blog and my other blog which using TimThumb also being hacked and injected with some malicious code to the WordPress core.The compromised script was TimThumb v2.7 and below. If you are using that script, YOU MUST UPDATE IT NOW!!! I spent 3 hours … Read more...

Choose A Rememberable and Secure Password For Your Accounts

Your password is a key to all your account on the internet. All account on the internet need username and password for their basic authentication. If your password fall into wrong hand, someone can easily impersonate you while online, sign your name to online service agreements or contracts, engage in transactions, or change your account information. So, choose your password carefully and then keep it safe from others.I have a few tips for you to choose a rememberable but still a strong … Read more...

Have You Done GMail Security Checklist?

To know that your account is being hacked is the worst nightmare ever. Especially when you have a confidential information such as finance information in that account. Most of the internet account need email for communication. And even Google mail have the best security (in my humble opinion), could be compromised if you are not careful. Amit Agarwal from labnol got his GMail hacked once and he managed to recover it back after some time.Actually Google Mail has the security checklist in … Read more...

How Facebook Account Been Hacked

There have been many report that their Facebook account has been hacked by the anonymous. My cousin also report that his Facebook account being hacked even he use a fairly strong password and really keep his password safe. Even Amit Argawal from Labnol also has been hacked recently, read his post "My Facebook Account Got Hacked"."I no longer have access to my Facebook pages!", said Amit in his blog post. As the technology journalist i'm pretty sure that he used a strong password for all of … Read more...

What To Do When Your WordPress Blog Got Hacked

It's been two years i've been blogging with Wordpress. And all the knowledges and articles i wrote in this blog comes from many sources and experiences. And in 2 years blogging, i got 2 hacked attack and survive. And now if pay attention to my access log, there are still some attempt to inject the malicious code to my site. You can read my article: Someone Trying To Inject IvanKristianto.com.I'm not saying that my blog is secure and bullet proof. But i have done everything i could do, trying … Read more...