Ahhh!
Hearing about never-ending hacks and break-ins is becoming wearisome. Like a cracked repeating 78 (if yuh know what that is), the 'noise' is beginning to even irritate this diehard.
How about solutions for a change?
Syrian hacktivists have chalked up more media-luvvie victims after hacking into and defacing blogs run by British broadcaster Channel 4. The Syrian Electronic Army, which backs the regime of President Bashar al-Assad, took over an online diary maintained on behalf of veteran newscaster Jon Snow before posting a fictitious …
I'm working on it... :-)
The real thing - as El Reg said a week or two back, is that the actual success of a high security IT strategy is indistinguishable from a rubbish site that hasn't been hacked (yet).
I am frankly APPALLED at how crap most CMSs are.
Real security takes a lot to achieve - been on the case a couple of months and no website is even visible. Its like a building with earthquake foundations, and shock absorbers..none of it shows and all of it is wasted till someone actually has a go.
To do serious damage someone has to fight through three layers of security. Obviously stealing passwords works, but then accesses are logged, when and where. And the same administrator cant be online in two different places. And will get thrown off if he fails to enetr passowrds coorectly enough times, this defetang brite force attacks.
DOS is catered for with firewalling at the earliest possible level, and by having per IP address rate limiting, so you need multiple IP addresses to mount successful attacks. Which is possible with spambots, but hey nothings perfect.
I might even build a honey pot, and let putative hackers trawl thorough reams of entirely fictitious data. While the police get time to ID them.
None of this is rocket science, but its all money on stuff that shows no visible signs of excellence.
As with backups, you never know how good yours is till something fails (my backup disk did, last week, I was up and running with zero data loss in less than 6 hours, and most of that was creating a new full backup ) or you get hacked, spammed or DOSsed.
3 months ago my dashboard showed unusually high network INBOUND network traffic, but no increase in outbound. No logs revealed any unusual process activity. After a couple of hours it stopped. DOS? PORT scan? Probably, bouncing off the firewall, but logging that would have slowed the machine more than simply discarding the data.
IT can be done, but it costs money and skill to do it. It will be interesting to see if anyone is interested in it, when I have. Its a hobby project really.
'Channel 4′s blogs were taken offline in response to the breach and replaced with a message stating "Something’s broken (or we’re making things better)" alongside a picture of characters from The IT Crowd sitcom.'
Surely, 'Please be patient while we turn it off and on again' would be a more appropriate message.
Not only have I experienced it, but I had to argue against Marketing taking their blog away from our managed, but slightly limited CMS, and instead to some no-name host that Marketing had chosen themselves, who would install WP for them (as there's no fucking way I would).
Of course, it was one of those "list-the-reasons-why-IT-dont-want-marketing-to-outsource-their-IT-but-never-mind-we've-already-decided-to-let-them-do-it" meetings. Here's hoping I'm off the ship before they get hacked..
To be fair, apart from the annual user privilege escalation exploit - AKA why you shouldn't let people you don't trust have accounts on your WP install - the main problem is the lack of limiting login attempts by default, making it easy to attempt to brute force passwords, combined with suggesting 'admin' as the username for account #1, meaning you don't need to bother to work out a good user name to try to hack.
Yesterday the alarm on MY phone went at some godawful hour and I looked at it, and it said 'A***'s birthday'.
The I remembered this was in fact my wife's phone with my 15 year old SIM in it, that a friend repaired after she dropped it and I bought her a new one.
And A*** was her sister. Still is actually.
wheres the 'restore to factory defaults' button?
The news the other day was about old SIMs, a surprising number of which include a relatively short DES (I think) encryption key and something called JavaCard. So, old SIMs are not so good to have.
Come to think, mine is at least three phones old. Hmm.
There are charming but puzzling Irish names, I know, such as Roisin (I think it means "dried grape") and Saoirse ("English go home"), so I'm not much surprised to see your A*** ("Happy Christmas", perhaps? According to Kirsty Macoll...)
This post has been deleted by its author