1. Fight Spam and
Hackers!
BlogHer ’10
Geek Lab
Liz Henry
lizhenry@gmail.com
http://liz-henry.blogspot.com
Monday, August 9, 2010
2. Look at me
✤ Now look at your blog.
✤ Now back to me.
✤ Now type your password.
✤ Your password is awful!
✤ Best defense against being
hacked is thinking like a
hacker.
✤ Your blog can think like me!
Monday, August 9, 2010
3. Surveys of the room
What blog platform:
Blogger? (About a third) Blog Hacked?
Typepad? (A few) Big spam problem?
WordPress? (Most) Credit card stolen?
Others? (scattered few) Complicated Identity Theft?
Social media sites:
Facebook
Myspace
Twitter (All but 3)
Tumblr
Posterous
Others?
Monday, August 9, 2010
5. Freedom!!
✤ I believe strongly that as women we
need free access to unfiltered
information
✤ We must defend our right to speak in
public, unfiltered
✤ Just like we can go outside into the
world in public. A political right.
✤ Be cautious of being “protected”. What
if your words or image are what others
“need” to be protected from?
Monday, August 9, 2010
6. OMG Hackers
✤ No one really knows what they’re
doing
✤ Pretty much anything can be hacked
✤ Because no one really knows what
they’re doing, including security
experts who revel in discovering each
other’s silly mistakes. So don’t worry.
✤ You are more “at risk” from a piece of Security advice
carbon paper from using your credit
card in a store, or dumpster divers, constantly changes!
than from being hacked.
Monday, August 9, 2010
7. Where is the
risk?
✤ On your computer. Keyloggers.
✤ Network traffic. Wireless.
✤ Web passwords to services.
✤ Widgets, pdfs, images, other
people’s code on your blog.
✤ SQL injection.
✤ Your web host getting owned.
Monday, August 9, 2010
8. Shoulder
surfing
✤ It’s pretty easy to watch
someone type their password.
✤ Teach your kids password
manners.
Monday, August 9, 2010
9. What do you
risk?
✤ Bank accounts, credit card numbers.
Other personal data.
✤ Losing your data - blog entries
vandalized or deleted.
✤ Embarrassing vandalism - someone
posting as you.
✤ Triggering security alerts on other
people’s computers, getting blocked
from search engines.
✤ Denial of Service attacks for malicious
or political reasons.
Monday, August 9, 2010
10. Bad Passwords
✤ Your $%&#@! kitten’s name
✤ Your child’s name plus their
birth year. Oh, please!
✤ Your favorite animal, sports
team, pop star, or deity +123.
✤ Google for your password. Do
you find it?
✤ Did you find it on a list of The 500,000
Most Popular Passwords?
Monday, August 9, 2010
11. Crackers!
✤ Educate yourself about how to
crack a password!
✤ Google “how to crack
passwords”.
✤ Google “choosing secure
passwords”.
✤ Now you know how to make a
much better password.
Monday, August 9, 2010
12. Password
managers?
✤ 1password, keepass, other programs to
track your passwords and keep them
secure. Anyone use them? Kind of a
pain.
✤ High security PWs: Don’t use them
multiple places. Change more often.
Longer. email. banks. money.
✤ Low security pw: have a few and use
them for web apps, social media.
✤ Think about how to generate good
passwords over your lifetime. You
need a system - not one password.
Monday, August 9, 2010
13. Good
password!
✤ Now your password is made of
diamonds!
✤ Have a different password for
email than for everything else.
Email pw can compromise all
your others.
✤ Wallet, file cabinet. All your
other secure info is there
anyway.
Monday, August 9, 2010
14. Make backups!
✤ Back up your blog entries and
comments!
✤ If you get hacked, or DoSed,
you have a backup.
✤ Your web host may have
backups for you too.
Monday, August 9, 2010
15. Malware
✤ Antivirus software for your
computer, especially for
Windows
✤ Get to know the security
settings on your browser
✤ Keep your OS, browser, other
software up to date
Monday, August 9, 2010
16. Check your site
✤ Google Webmaster Tools
✤ Set up alert on site:http://yoursite.com
casino + viagra + (whatever other
common spam terms show up)
✤ http://www.unmaskparasites.com/ is
currently kind of nice
✤ More good advice:
www.stopbadware.org
Monday, August 9, 2010
17. Encryption
✤ https is awesome
✤ ssl (secure socket layer)
encryption
✤ https://www.eff.org/https-
everywhere is nice for Firefox
Monday, August 9, 2010
18. WordPress
security tips
✤ Keep it updated!!
✤ Keep it backed up
✤ Keep the plugins updated
✤ Install some security scan
plugins from wordpress.org
✤ Exploit Scanner, WP Security
Scan
Monday, August 9, 2010
19. Harden
WordPress
✤ http://codex.wordpress.org/
Hardening_WordPress
✤ This is the best advice!
✤ HighTechDadBlog has decent
advice too
Monday, August 9, 2010
20. Hack party
✤ Have a hack date
✤ Try to crack each others’
passwords
✤ I’m totally serious!!!!
✤ No really!
Monday, August 9, 2010
21. Guess their passwords
“I can’t believe you guessed my
password was “MrDarcyishot69”!”
Monday, August 9, 2010
22. Be a white hat
hacker
✤ Warn your
friends if you
notice their
security
vulnerabilities.
Monday, August 9, 2010
23. Who has
your
data?
The companies you’re giving your data to may do something with it you don’t like.
Read their privacy policy/ToS.
http://www.tosback.org/ tracks changes in companies’ terms of service.
Monday, August 9, 2010
24. Your Privacy
✤ If you want to browse, IM, and
use the net without family
members or others on same
computer having access to
your info,
✤ Put Torbrowser on a USB stick,
and use that. Very secure.
✤ https://www.torproject.org/ Medical issues.
Visiting your in-laws.
torbrowser/ Reading pages your husband might not be comfortable with.
IM and email you don’t want your kid reading.
End of relationship, or domestic violence situations.
Monday, August 9, 2010
25. I’m on a horse
Well, not in this
photo, but at some
point in life I was.
Unfortunately in
this photo I’m
giving a lap dance
to a giant
fiberglass
lumberjack rabbit
and his enormous
carrot water
fountain.
Monday, August 9, 2010
26. When you get
hacked
Get some help and advice
Do a little research
You are now a computer forensics
investigator! Congratulations!
Don’t panic
Remember, you have backups!
Monday, August 9, 2010
