Security

Solving Problems In Secret

Matt Blaze computer and information science at University of Pennsylvania and blogs about security at Exhaustive Search. His recent post on mistakes in spying techniques, protocols, and hardware caught my interest: Indeed, the recent history of electronic surveillance is a veritable catalog of cautionary tales of technological errors, risks and unintended consequences. Sometime mishaps lead […] » about 400 words

SSH Tunneling Examples

Most of my work is available publicly, but some development is hosted on a private SVN that’s hidden behind a firewall. Unfortunately, my primary development server is on the wrong side of that particular firewall, so I use the following command to bridge the gap: ssh -R 1980:svn_host:80 username@dev_server.com That creates a reverse tunnel through […] » about 200 words

Evil Evil klaomta.com

A quick Google search of klaomta.com reveals more than a few people wondering why it’s iframed on their websites. The answer is that the site has been compromised.

Unfortunately for the fellow who asked me the question at WordCamp, solving the problem can be a bit of a chore. Keeping your WordPress installation up to date is important, as there are some known security flaws in older versions, but most of the attacks that crackers use are targeted elsewhere. Your passwords, all your server apps, the PHP config, your hosting control panel, and other users all must go under the microscope when trying to find security holes.

Crime vs. Highways. Or, Internet Security Is A Social (Not Technical) Problem

Stefan Savage, speaking in a segment on March 13’s On The Media, asked: The question I like to ask people is, what are you going to do to the highway system to reduce crime. And when you put it that way, it sounds absolutely ridiculous, because while criminals do use the highway, no rational person […] » about 400 words

Fly Safe, Fly Without ID

This is an old one, but because I’m in the air again today it’s worth digging up this up. Defense Tech long ago pointed out The Identity Project‘s position on showing ID for air travel:

If a 19 year-old college student can get a fake ID to drink, why couldn’t a bad person get one, too? And no matter how sophisticated the security embedded into the ID, wouldn’t a well-financed terrorist be able to falsify that, too? The answer to both questions is obviously ‘yes’.

Honest people, on the other hand, go to Pro-Life rallies. Honest people go to Pro-Choice rallies, too. Honest people attend gun shows. Honest people protest the actions of the President of the United States. Honest people fly to political conventions. What if those with the power to put people on a ‘no fly’ list decided that they didn’t like the reason for which you wanted to travel? The honest people wouldn’t be going anywhere.

Plugin Options Pages in WordPress 2.7

WordPress 2.7 requires that plugins explicitly white list their options using a couple new functions. WordPress MU has required this security measure for a while, and it’s nice to see an evolved form of it brought to the core code. Migrating Plugins and Themes to 2.7 article in the codex offers some guidance, but here’s how it works:

First, register each option for your plugin during the admin_init action:

``` function myplugin_admin_init(){ register_setting( 'my-options-group', 'my-option-name-1', 'absint' ); register_setting( 'my-options-group', 'my-option-name-2', 'wp_filter_nohtml_kses' ); } add_action( 'admin_init', 'myplugin_admin_init' ); ```

In the example above, the value for my-option-name-1 will be filtered by absint before being saved to the options table. my-option-name-2 will be stripped of any HTML by wp_filter_nohtml_kses.

Then build a form like this prototype:

``` ```

Easy.

Presidents Change…Presidential Limousines Change

Presidential Limos are armored, yes, but Gregg Merksamer reveals that George W. Bush’s limos sport five-inch thick glass, more than twice as thick as in Clinton’s limo. Merksamer should know, he wrote the book on so-called “professional cars”. He says half an inch is enough to stop a .44 magnum at point blank range, and […] » about 100 words