cflinn : » Safety

Scheduled an upgrade yet?

admin — Mon, 21 Sep 2009 11:17:43 +0000

If your site was developed around a WordPress blog, congratulations: it’s a great CMS, with a vibrant and active developer community with tons of feedback and dialogue, and a dedication to always improve.

But if your install isn’t up to date — if you’re running an older version — you might want to read this post from HQ that makes an interesting point about car thefts, The Club, and lojack methods.

Afterwards, come back and mull over this quote:

A stitch in time saves nine. Upgrading is a known quantity of work, and one that the WordPress community has tried its darndest to make as easy as possible with one-click upgrades. Fixing a hacked blog, on the other hand, is quite hard. Upgrading is taking your vitamins; fixing a hack is open heart surgery. (This is true of cost, as well.)

Updated!
Someone chats with the 17 year old hacker who hacked his blog and asks why.

Sending me sensitive information

admin — Mon, 03 Aug 2009 13:27:58 +0000

Dear client,

I am concerned with the security of your information — the really touchy stuff, like login information and passwords and credit card data.

So please do not send that to me in an email. Emails are not considered secure. All sorts of nefarious folks can scan them (if they wish) while they’re en route from your email program to mine.

Instead, do one of these three easy, much safer things

Send me a letter by post. If time is not an issue, or if you’re returning your hosting sign-up form, this works fine.
Write the information in a Word or TextEdit or Notepad document (in a nice big font size). Use some easy screenshot software to take a picture of the information and save it as a JPG or GIF or PNG and email me the graphic.
If we’ve set up a shared DropBox folder, tuck it in there.

How are your passwords?

admin — Tue, 23 Jun 2009 22:15:37 +0000

You need a password for office computer, personal computer, banks, blogs, stores, social media…it never ends. Can’t things be simple? Not with something as critical as passwords. That would be a big mistake.

These are some things that are really bad ideas:

Use your pet’s or family members’ names or nicknames.
Use a word in the dictionary.
Use less than 8 characters.
Use anything that makes sense as you look at it.
Use only one or two passwords for everything.

These are much better ideas:

Use a combination of upper and lower case letters and numbers and even some other characters.
Use more than 8 characters.
Change your passwords regularly.
Hide any reminders in a safe, secure place and share critical information with your executor.

How are you handling your passwords now? Think of all the decisions that could be made by others should access fall into the wrong hands. Never be too friendly when your safety and identity and security are at risk.