WP Require Auth is a plugin for Wordpress which makes it mandatory to be logged in before viewing any page. It is just a matter of downloading and unpacking the plugin as usual and activating it in the Plugins page in Wordpress. There is currently nothing to configure.
Head on over to the WP Require Auth [...]
Posts Tagged ‘security’
WP Require Auth plugin released
OpenID and why it matters
Logging into websites have always been a pain if you want to stay somewhat secure. One could either use the same username and password everywhere or choose from a few remembered passwords. The next best thing is to use some kind of password manager, such as the one built into most modern web browsers or [...]
Address Book on Mac shows the wrong certificate
I recently wanted to email a recipient, for which I had the certificate. The problem was however, that he has an old certificate which has expired, and a new valid one. For some reason though, Address Book associates the old certificate with the email address instead of the new one.
I still haven’t found a way [...]
Automate system administration tasks using Nagios
As a system administrator, one often have to do repetitive tasks such as checking for free disk space, check mail queues and monitor critical services. If there are only a handful of servers, this task may not be very intimidating, but there are many times when there are many servers to monitor, or just for the sake [...]
Create a fixed size network storage for Time Machine
Time Machine is a backup program built into Mac OS 10.5, Leopard. It saves all files on the computer on a USB or network drive, which can be used for restoration of individual files or the whole computer.
The normal behavior of Time Machine is to keep
hourly backups for the past 24 hours
daily backups for the [...]
Basic forensics of a compromised Linux host
A friend of mine noted an interesting article discussing someone’s Linux system, which was behaving strangely. It turned out that it had been hacked, and the article shows the basic forensics investigation to see what really happened.
Have a look at Holliday cracking. Thanks Göran.
Public service announcement: Wordpress 2.1.1 is hacked
Well, it seems like a cracker has injected some code in a recent Wordpress release, so upgrade immediately!
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
For more [...]
How to send secure email using PGP
One of the biggest deficiencies in a virtual world is that authenticating a person is very hard. In the real world we can rely on our eyes, photo ID and other things. Neither of these things work directly in the digital world.
So, how can we authenticate users? Using PGP to fill this gap is very [...]
Biggest phishing attack reaches Swedish bank
One of the biggest banks in Sweden, Nordea, has recently become the victim of a large-scale phishing attack. The attackers managed to get around $1M USD, and this has been labeled as the biggest internet based bank heist to this date.
So, why was Nordea targeted? Could it perhaps be for their use of one-time-pad numbers, [...]
Formal verification of security protocols using OFMC
These last years, formal verification of the security properties of protocols have been analyzed and tools are being developed. There are of course different methods to analyze the security in a protocol, but the OFMC (On the Fly Model Checker) is the fastest and one of the best known one.
You begin by designing the protocol [...]