TAG: hackers

Don’t Get Hacked: Password Lessons from the Flame Broiler

It lasted for over an hour and was so ugly that even their competitors were sending out empathetic Tweets.

mcdonalds empathy burger king

Burger King’s Twitter account had been hacked, and not only were the hackers sending their own racially-charged tweets about Burger King employees “crushing and sniffing Percocet in the bathroom,” but they also changed all the branding from BK to McDonalds. They even went so far as to promote McDonald’s new Fish McBites.

burger king twitter hacked

So with this kind of nightmare playing out in real life in front of the whole world, we thought it was time to contribute a quick, legitimate  piece to the “how to come up with a great password that’s memorable and fun and makes you feel safe” articles that will be swirling around the ‘net. From our staff we compiled dozens of tips all shrunk down to this one convenient list of tips and tricks for a better, safer, more memorable password.

Caroline Temple, our Affiliate Marketing Manager, knocked out 8 quick pointers for better Internet security:

1. Well – duh – we’ve got the free 2-step verification.

2. Don’t use words like “H3LL0!”  The programs designed to crack passwords have included subbing numbers for vowels now.

3. Consider the “pass phrase”.  Like “IReallyLikeCoffeFirstThingInTheMorning10:00am”

4. Change your password often.

5.. Don’t use the same password for more than one account.

6. WRITE  your passwords down somewhere safe.  Try your darndest to not store them within a document that can get hacked.

7. Review all those apps that you have given access to your Twitter account – maybe it’s time to revoke access of apps that don’t use SSL certificates or that you have not used in a while.

8. Always make sure the URL bar up top reads “https” before logging in to any account.  that means they have an SSL certificate installed that will encrypt your information when logging in.

Some of these steps can be completely alleviated with great tools like oplop (courtesy of Pat “P-Mo” Moroney) that let you simplify all your passwords to a nickname and one master password. And Fitz in support reminded us to plug one of our customers, Last Pass, a secure password manager that promises to make your life much easier.

Finally, it should be noted, that your password should NOT be any word or phrase associated with your personal information or business products. Those are very easy to hack. Like I should not use “Jared1” and you definitely should NOT use “whopper123”  as Burger King, the Home of the Whopper, used up until recently.

We’ll leave you with this helpful password hint from one of our favorite web comics, XKCD

cartoon password strength tips tricks

WordPress, Joomla and Drupal: How to Protect your Websites!

Chris Gaston, our systems administrator, says, “Hey all, FYI theres a lot of hacks for WP, Joomla, and Drupal floating
around lately.”

It’s time to update those themes! Here’s more from the National Cyber Awareness System.
US-CERT Current Activity
Increased Exploitation in Web Content Management Systems

Original release date: September 21, 2012
Last revised: January 4, 2013

US-CERT is aware of recent increases in the exploitation of known
vulnerabilities in web content management systems (CMSs) such as
Wordpress and Joomla. Compromised CMS installations can be used to host
malicious content.

US-CERT recommends that users and administrators ensure that their CMS
installations are patched or upgraded to remove known vulnerabilities.
This may require contacting the hosting provider. Also, users and
administrators can check for known vulnerabilities in the National
Vulnerability Database by searching their CMS by name.

UPDATE: This is an update to emphasize post-exploitation clean-up.

Basic post-exploitation clean-up can be summarized by this: “Clean,
Patch, and Monitor.”

Clean – Remove the malicious content AND validate all accounts, removing
unauthorized accounts and paying particular attention to accounts with
administrative or elevated privileges.

Patch – Keep systems patched and upgrade system software to the most
current supported releases (predominantly Joomla in this ongoing
campaign of exploitations).

Monitor – Stay abreast of new patches and version releases of your
content management software, and patch when new versions are released.
Also perform continuous baseline review of your site’s usage to detect
abuse before your site is used to attack others.

A number of support sites and other open source forums have had recent
discussions involving the exploitation of Joomla installs up to versions
2.5.2 and earlier. Additional vulnerabilities have been identified and
patched relating to versions 2.5.4 and earlier. In many instances Joomla
installs have been found to be very out of date. The attacker would
self-register an account and then proceed to escalate the account to
have administrative privilege using vulnerabilities in the outdated
software. Once privileges have been escalated, the attacker is able to
modify the website to include the upload of malicious content. The
uploaded content may be malware to infect your website visitors, or
tools to enable the attacker to leverage your website to launch denial-
of-service attacks against others.

If your site has been compromised, remember to “Clean, Patch, and
Monitor.”

Relevant URL(s):
<http://web.nvd.nist.gov/view/vuln/search>

There are no more results.