Surviving the Latest WordPress Brute Force Attack
If you have a blog, you need to install this plug-in immediately.
http://wordpress.org/extend/plugins/limit-login-attempts/
There is currently a major type of internet attack being waged by botnets against webservers running WordPress. These bots brute-force their way in past your password screen by making thousands of guesses until they gain entry. WordPress currently does not limit the number of incorrect password attempts. Until it does, you need a plug-in that provides the limiting.
There is currently a significant attack being launched at a large number of WordPress blogs across the Internet. The attacker is brute force attacking the WordPress administrative portals, using the username "admin" and trying thousands of passwords. It appears a botnet is being used to launch the attack and more than tens of thousands of unique IP addresses have been recorded attempting to hack WordPress installs.
One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack. These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic. This is a similar tactic that was used to build the so-called itsoknoproblembro/Brobot botnet which, in the Fall of 2012, was behind the large attacks on US financial institutions.
Source: http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br
Is your smartphone vulnerable to the Tel URL attack?
A tech named Dylan Reeve has a test site to determine your phone's vulnerability:
http://dylanreeve.com/phone.php
If your phone is vulnerable to the recently disclosed tel: URL attack then this website will cause your phone to open the dialler and display the IMEI code. With other USSD codes it could do any number of other things, including wipe all phone data.
You can find some more information and a simple workaround here: http://dylanreeve.posterous.com/remote-ussd-attack
What does it all mean?!
If visiting this page automatically causes your phone's dialler application to pop up with *#06# displayed then you are not vulnerable. If, however, the dialler pops up and then you immediately see your phone IMEI number (a 14- or 16-digit number) then you are potentially vulnerable to attack.
A poster on the site made an app to solve the problem without changing dialers: Download his free, open-source app that can intercept these malicious URLs:
https://play.google.com/store/apps/details?id=net.thauvin.erik.android.noussd
Yahoo – asking the wrong questions about its future
From a comment by the new CEO of Yahoo, Marissa Mayer:
Ms. Mayer may have the hardest time taking Yahoo into the mobile advertising arena, a market dominated by her former employer. Unlike Yahoo, Google and Apple dominate the mobile advertising space with hardware and software options.
And that’s where it runs headlong into its identity problem. “Yahoo is still mainly a media company. It doesn’t have an operating system. It doesn’t have the devices,” Mr. Hallerman, of eMarketer, said. “I don’t know if there’s room in the market for a fourth mobile platform.”
Asked whether she plans to run Yahoo as a media company or a technology company, Ms. Mayer said, “It’s not the right question. The most important thing is to give end users something valuable, inspiring and delightful that makes them want to come to Yahoo every day.”
Marissa Mayer is just 37 years old and has uncommon wisdom among the tech analysts and elite. Best of success to her!
Good News! AT&T withdraws its $39 billion bid to acquire T-Mobile
Analyst Tero Kuittinen said that T-Mobile "must now explore more creative opportunities — for instance, seeking partnerships with media giants like Amazon, Facebook or Google. T-Mobile’s spectrum, not its customer base, is its most valuable asset."
A commenter on a forum noted:
As a long-time T-Mobile customer, I can only say I am relieved to read that this is over, at least for now. The mere thought of one of the highest-priced carriers with the lowest customer service rating would be taking over the one carrier with the lowest rates and best customer service made me shudder.
Too true!
T-Mobile is not "damaged" as AT&T claims... besides being four billion dollars richer, many T-Mobile customers were opposed to this deal, and are relieved that the company can once again focus on its customers.
Steve Jobs Life and Death
“Your time is limited, so don’t waste it living someone else’s life,” Jobs said. “Don’t be trapped by dogma — which is living with the results of other people’s thinking. Don’t let the noise of others’ opinions drown out your own inner voice. And most important, have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary.”
Steve Jobs passed away today at 56 years old.
Firefox 7 brings speed and UI annoyances
1.
For power users who need their address bar to show the "http://" in a web address, you can revert to the original, preferred behavior:
- Open a new window and type about:config into the address/URL bar
- Paste in this quick filter-field search: browser.urlbar.trimURLs
- Double click on the browser.urlbar.trimURLs field to change its value from true to false
- Close the window (or tab) and your URL protocols will be unhidden
Why would you want to do this? If you copy/paste web address routinely -- say, to clients, via email -- you don't want to be manually adding back the protocol to every email you send or document you create, so that the URL can be clickable.
2.
Firefox 6 introduced a new “domain highlighting” feature, where the address bar grays-out any protocol (like http:// or https:// ) and the directory path in the URL, leaving just the domain in black. The thinking was that it would help inexperienced users easily catch phishing websites.
It is annoying to me, though. It makes the true path harder to see, and since I work with URLs on a regular basis -- copy/pasting them to clients in emails and documents -- I wanted to turn it off. Here's how:
- Open a new window or tab, and type about:config into the location bar
- Search for browser.urlbar.formatting.enabled in the filter field; you can copy/paste it from here
- Double click on the browser.urlbar.formatting.enabled field to toggle the value to false
- Close the window (or tab) and your domain paths will be unhidden
That's all there is to it! Now you can revert to a better way. 
Apple versus Amazon
The best summary I've seen of Apple's and Amazon's strategies:
Apple sells movies, music and books in order to sell devices. Amazon sells devices in order to sell books, movies and music.
From this article about the impending launch of an Amazon touch tablet.
Google makes new image format
But fails to support Alpha channels (for true transparency)!
Firefox maker rejects the format, and will not support it until changes are made.
WebP's lack of basic feature parity with JPEG in areas like metadata handling and ICC color profiles is identified by Muizelaar as another major problem with Google's format. It also doesn't add any important features that JPEG lacks, such as support for an alpha channel. He goes as far as using the phrase "half-baked" to describe the deficient WebP feature set.
Adopting a new image format in Web browsers is a big decision. Once a format becomes a part of the Web, it will have to be supported in perpetuity—adding overhead to the browser—even if it largely fizzles and only gains a small niche following. The chances of WebP attracting widespread use at this stage are very limited, so it seems prudent to avoid shoveling it into the browser.
Read more at arstechnica.com.
A post published on Google's official Chromium blog last week highlights a number of quality improvements in the implementation and discusses the growing number of third-party adopters. Most significantly, Google is adding WebP support to its own Web applications—including Picasa Web Albums and GMail.
Translate
Categories
- Advertising (15)
- Business (18)
- Computers (Mac) (25)
- Computers (Windows) (8)
- Consumer Rights (2)
- Design (12)
- Ecommerce (6)
- Latest news (23)
- Legal (4)
- Mobile (19)
- Music (2)
- Partnerships (2)
- Programming (20)
- Publishing (8)
- Search engine optimization (9)
- Security (17)
- Social Media (22)
- Technology (35)
- Video (3)
- Web Hosting (8)
- Website topics (28)
Recent Posts
- Surviving the Latest WordPress Brute Force Attack
- Can a big web player like Amazon go down?
- Amazon App store is shooting itself
- Comparison of iOS e-book reader software
- Building your big idea
About PDG & Associates
Twitter Feed
- No public Twitter messages.
Archives
- April 2013 (1)
- February 2013 (1)
- January 2013 (1)
- November 2012 (2)
- October 2012 (2)
- September 2012 (1)
- August 2012 (4)
- July 2012 (3)
- June 2012 (2)
- May 2012 (1)
- April 2012 (4)
- March 2012 (2)
- February 2012 (2)
- January 2012 (4)
- December 2011 (1)
- November 2011 (1)
- October 2011 (1)
- September 2011 (9)
- August 2011 (3)
- July 2011 (4)
- June 2011 (1)
- May 2011 (9)
- April 2011 (5)
- March 2011 (9)
- February 2011 (3)
- January 2011 (1)
- December 2010 (3)
- November 2010 (1)
- October 2010 (2)
- August 2010 (1)
- July 2010 (2)
- June 2010 (3)
- May 2010 (4)
- April 2010 (2)
- March 2010 (2)
- February 2010 (5)
- January 2010 (6)