Tag Archives: security

How Dropbox Can Save Your Bacon



Yesterday, we locked ourselves out of one of our WordPress websites. Even though we write about tech things, we sometimes screw up. Luckily we were able to get back into the site using a password file that we had backed up on Dropbox. Here’s how it went down:

1. We keep a list of passwords in a simple text file on the main office computer and a duplicate file in our Dropbox folder online.

2. Somehow, probably when someone started to type something but didn’t know they were in the password file, one of the passwords got erased.

3. We had the admin password but we’d changed the admin user account’s settings so even though we were able to log-in as admin, we couldn’t do anything. If you have a WordPress site, this is one of the first things you should do. Hackers know that most WordPress users leave the log-in name as ‘admin’ which means that they are already half-way there when it comes to breaking into your site.

4. Since Dropbox syncs your computer’s Dropbox folder with its own online version, both text files were corrupt.

5. We logged on at Dropbox.com, found the file, then looked for the previous versions of that same file, an older version that hadn’t been corrupted. Dropbox stores older versions of files for these kinds of accidents.

6. After we found the file, simply right clicking it brought up this menu:

Photo of Dropbox menu
Right click and choose ‘Previous Version”

7. The previous version of the file had the correct password in it. After we logged into the site, we copied and pasted the missing password back into the original file on our computer. Dropbox, of course, immediately synced the two folders, its own and the one on our computer. We left the previous version as it was, just in case we need it again.

Now, you’re probably thinking, “Why didn’t they just use the ‘forgot password’ option on WordPress?” That makes perfect sense if we used the same email address for all of our sites but we don’t. Checking each of a dozen websites for the WordPress link would have taken much longer. The Dropbox option was faster. We have, however, made a list of what email address is used for each site. That file is on Dropbox and the main computer, of course. Yes, we should have thought of that before but we’re not real geniuses here, we’re just reasonably smart.

Dropbox can really help in this kind of situation. We hope you take our advice and use it. Check out the site, the installation process here:   Dropbox

Thanks for reading!

My View on Internet Freedom



Remember the Berlin Wall? It was one of the last relics of the Cold War. Built in 1961, it was a symbol of backward thinking politicians, persecution and the loss of personal freedom until it was torn down in 1989. You might also remember Ronald Reagan’s famous line, “Mr. Gorbachev, tear down this wall!” How dramatic that line was! It’s still used in stirring and patriotic speeches about God Bless America and freedom. Unfortunately, the western world is far less free than it was in 1989.

This week, Canada will enact legislation that will allow police and governments to spy on its citizens without a warrant of any kind. The legislation will force ISPs to provide vast amounts of information without any kind of judicial control. Canadians, showing their natural good humour (we spell it with the ‘u’), reacted to this legislation by using Twitter to make fun of the government minister who promoted the bill. We tweeted everything we were doing, everything we were thinking and everything that our cats and dogs were doing. Providing a mass of unrelated information  just might be a way to hide your tracks if you are up to something sinister. Unfortunately, this would also hide real criminals and terrorists from being identified.

Hasan Elahi used much the same kind of tactic when he was questioned by the FBI for six months in 2009. Here’s a description of what he did: http://www.nytimes.com/2011/10/30/opinion/sunday/giving-the-fbi-what-it-wants.html?pagewanted=all

Hasan’s website is here: http://www.elahi.umd.edu/track/  and you can track him virtually everywhere in the world. He’s taken privacy to a whole other level. By making himself completely open in all of his activities, he has invented a way to, perhaps, cloak his actions in behind a wall of transparency. Here he is on Youtube (Ted TV):

http://www.youtube.com/watch?v=wAdwurHhv-I

explaining what happened and how he handled the situation.

Americans have already lost their freedoms. You might not know it but you have. The NSA, the FBI, the CIA and even the EOP (look it up) are already spying on you. Through the use of expert scaremongering, successive presidents and legislators have teamed up to deny your constitutional rights. The Occupy riots have proven that even the most basic right of freedom of assembly, is long gone.

Canadians are by nature quite peaceful. This bill, hopefully, will stir us into action to defeat the government that introduced and supported it. Our political system is different from the American system. If we get ticked off with the current party in power, it’s not unusual for us to completely trash them in the next election. We’re not a two party country up here and we don’t vote along team lines. It’s a little bit harder for Americans to get rid of a party that threatens to limit their freedom but it’s still possible. As the Arab Spring might* have shown us, change is possible if we work collectively to promote it. Isn’t it curious that the communist principle of a collective voice against oppression seems to be the ideal tool in our post-capitalist society.

Thanks for reading. I’d love to see a few comments on this post.

*I say ‘might’ simply because neither Egypt or Libya seems to have succeeded in enacting the ideals that they fought for. In the power vacuum that was created after the ouster of the old leaders, it seems that the military in both countries has taken over. Just as church and state should be separate, there is no place  in the world for a military state.

 

 

Online Privacy Part 2 : TOR



What is TOR? Here is the description from the TOR website:

“Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.”

What this means is that once you are using the TOR browser, your surfing habits are hidden from prying eyes. TOR also hides your location from the rest of the world. Here is how TOR describes what it does:

“Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.”

If you’ve watched any recent cop show on TV, you’ll know that tracing a criminal can be easy, depending on the time limit in the plot. As far back as Three Days of the Condor (Six Days in the novel), smart operatives defeated tracking software simply by bouncing their source signal from place to place, either in a telephone exchange as Robert Redford did in Condor or through various servers around the world as Lisbeth Salander did in The Girl with the Dragon Tattoo.

Once you start using TOR, your surfing might slow down a bit but you will be as anonymous as you can get on the Internet.  Take a journey with me as I begin to discover TOR’s capabilities. I’ll also try to test it’s effectiveness at hiding my IP address in several places around the world. I should say now that TOR is free. There are other ways to hide your IP address from prying eyes but every one that I can think of involves spending some bucks. I’m all for free, aren’t you?

Start by reading the documentation here: https://www.torproject.org/docs/documentation.html.en   Start to discover on your own what TOR is about, download everything and pop back for more updates on Monday. (I’m donating blood tomorrow so I’ll be tied up most of the day.)

Thanks for reading!

Check Your User Settings in Worpress



This morning I received an email from this site telling me that someone had registered as a user. Needless to say I was surprised. I wasn’t quite sure what damage a new user could do to my site but I logged in, deleted him and changed my settings. When WordPress asked me to confirm the deletion, it also asked me if I wanted to delete any links that the new user had put up here. I said yes, of course, but that made me think about my settings on my other sites. The default WordPress settings make it very easy for anyone to subscribe to your site AND to post links. Here’s how you can protect your site before this happens to you.

Head over to Settings, second last link on the left side of your Dashboard window. Once you are there, you should be on the General Settings page but make sure that this is where you are.

Halfway down you’ll see ‘Membership’ with a box that is, probably, checked. If it is checked then ‘Anyone can register’ which isn’t what you want. You want to un-check that box to prevent people from adding themselves as users. You can still add users but you have to be logged in as admin in order to do that.

The second thing you want to do, now that we are on this subject, is to limit comments on your posts. Yes, you want comments but you don’t want spam. There are two ways to prevent this. The first is to go to Settings then to Discussion Settings. What you are looking for there is ‘Email me whenever’ and ‘Before a comment appears’. In the second one, make sure that the box is checked beside ‘An administrator must always approve the comment’. Then, in the section above, make sure that you get an email when someone makes a comment and when one is held for approval.

If you have your WordPress installation set up this way, you won’t get surprised by someone adding themselves to your user list AND you won’t get spam comments showing up unannounced, either. Sure, you will get spam but you can check the comments and delete them. How can you prevent spam completely? You can’t. But you can add a plugin that will put check all comments and automatically put the ones that are spam into the proper folder. Here’s how.

Akismet is a standard plugin that you get with WordPress. To get it working, you need to activate it. To activate Akismet, you have to register and then get what they call an ‘API Key’. Don’t worry, it’s free. All of the links are there on your WordPress Plugins page. The key is the only thing you need before Akismet roots out spam for you. It won’t send an email but it will hold all the comments that it thinks are spam, and it is never wrong, until you show up to delete them.

There are other ways to secure your WordPress installation, these are only two. WordPress is probably the most documented bit of brilliance on the ‘net. Keep learning and keep safe, people.

Thanks for reading!