Currently Viewing Posts Tagged security

MovableType 4.01a Released

Sixapart released Movable Type 4.01a today. It is a Security Update.
No matter MT 3.2, MT 3.3x or MT4.01, upgrade is required.
For MT4.01, just download the gz package and decompress it. Overwrite the MovableType 4.01 installation is OK.
No database upgrade this time.
It said, “Security Release. The potential vulnerability has not yet been exploited in the wild.This is a mandatory update for all users of Movable Type.”
So I did it as it said.
I used five steps to upgrade it.
1) Fully Backup
Backup database through PhpMySQL, Tar and compress all files into one file, and export all entries by build-in function.
2) Get package
SSH to Server, wget the file.
3) Decompress package
tar xvzf MT-4.01a-eb.tar.gz
4) Copy and overwrite the installation
5) Login the system and click upgrade if asked.
The SSH is provided by Dreamhost.

WordPress 2.2.1 is out

It is a bug fix release for the 2.2 series. Just released this morning.
There is a long list of bugs fixed.
Some highlights are shown below:
# Atom feed validation fixes
# XML-RPC fixes
# Widget backward compatibility fixes
# Widget layout fixes for IE7
# Page and Text Widget improvements
And WordPress 2.2.1 is not just a bug fix release. It improve the security protect with following items.
* Remote shell injection in PHPMailer
* Remote SQL injection in XML-RPC Discovered by Alexander Concha.
* Unescaped attribute in default theme
The Upgrade steps are same as before. And I may make another post about it.

Mozilla Firefox 2.0.0.4 update

If you use Firefox, it is time to update to 2.0.0.4.
It is released on May 30, 2007. Your Firefox may auto update itself or not.
Click Help > Check for Updates to get the update.
This update will fix following security issues.
XUL Popup Spoofing
XSS using addEventListener
Path Abuse in Cookies
Persistent Autocomplete Denial of Service
Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)
And provide better Windows Vista support.
And also provide two more language Afrikaans (af) and Belarusian (be).
Just for the security issues, it is worth to update your Firefox.

How To Set Up A Secure Home Network

I learn something about how to setup a secure home network. I also want share this one to the others.
1) There are some question you have to ask yourself first. It will help you to identify your network needs..
a. How many wired Ethernet ports, if any, will you need?
b.Where will these Ethernet ports need to be located? (In other words, where will the PCs and other equipment that will be plugged into these Ethernet ports be located?)
c.Where will the router and high-speed modems be located?
2) Then determine where to put your modem and router.
3) Gather all tools and supplies
Cat 5 Ethernet Cable
Cat 5 cable connectors
Crimper
Cable/DSL modem, It is provided by ISP normally.
Wired/Wi-Fi router. I do prefer wired router. It is safe and less security setting problem. If you still like WI-Fi router, I recommend you to use 802.11g router instead of 802.11b.
Ethernet hub
4) Connect all the cables together
I hope you add some tag on both ends of each cable. It will help you to identify them.
5) Test Your Network Connection
You can ping all other computers from one.
6) Set Up Your Router
7) Securing Your Network
This is the most important part I think.
a]. Change the SSID of your router. Use a name that’s innocuous and doesn’t refer to your business.
b]. Disable your wireless router’s “SSID Broadcast setting.” This will prevent random snoopers from seeing or detecting your Wi-Fi network through ordinary means.
c]. Set up either 128-bit WEP encryption of Windows’ WPA encryption. This is a fairly easy process that varies depending on your router’s software.
d]. Enable the firewall on your wireless router (if you have one).

How to share files and folder over a network for workgroups in Windows 2000 Server

I have a LAN with Windows 2000 pro and Windows 2000 server. One share folder in Windows 2000 server. All people in the Lan can access this folder as member of workgroup.
The requirement is to setup this share folder to two groups with different security right.
The following notes is what I do in my server.
Setting Security on a Folder before share it
1) Log on to server as a user who is a member of the Administrators group. Open Windows Explorer.
2) Click the drive or folder in which I want to create a new folder.
3) Create a new folder, named it as “shareit”.
4) Right-click “shareit”, and then click Properties. Click the Security tab.
5) Click to clear the Allow inheritable permissions form parent to propagate to this object check box. In the Security dialog box, click Copy.
Note: The inherited permissions are copied directly to this folder.

Continue reading “How to share files and folder over a network for workgroups in Windows 2000 Server”

SPF record for your Email server

If you have your own email server like me, you may need to know something about SPF record.
From the SPF website, I got the following description:
SPF fights return-path address forgery and makes it easier to identify spoofs.
Domain owners identify sending mail servers in DNS.
SMTP receivers verify the envelope sender address against this information, and can distinguish authentic messages from forgeries before any message data is transmitted.
Use DNS Stuff‘s DNS report tool, you can see if your email server has a SPF record.
spf-warning

To add a SPF record in Windows server.
I go to http://www.michaelbrumm.com/spfwindowsdns/

Update: The site with mentioned link is offline. Here is an archive page.
Follow the instruction to setup my DNS server in Windows 2003

Continue reading “SPF record for your Email server”

How to prepare your business travel

When you prepare your business travel, you may need your laptop. There are some tips for you.
If you travel without your Laptops:

Set up guest PCs in your branch offices for on-the-go employee.
Transport data on thumb-drive storage devices.
Make enterprie apps accessible by Web browser.
Use SSL VPN connections for temporary PCs to ensure security. SSL performs a disconnection cleanup so work history is automatically scrubbed from borrowed PCs.
Carry a cell phone and PDA. Even if they’re relegated to checked baggage, they have a better chance of going undamaged.

What about you travel with Laptops

Continue reading “How to prepare your business travel”

Keep IT Safe

Some simple steps can help you and your company avoid being the patsy in an online scam.
1 Never run a program unless you trust the source of the program.
2 Secure your computer with antivirus, antispyware, and a personal firewall. Such software can warn you if a program appears to be doing something suspicious.
3 Never give out your passwords. Only your employer and your bank should require your Social Security number.
4 Deploy a network intrusion-prevention system to detect the signs of an attack early.
5 Managers should require all workers who use computers to undergo training in the best computer-security practices.
The following article are from PC.Magazine.April.25.2006.
Any company need to know these about security for company assets.

Continue reading “Keep IT Safe”

Do we need wireless

So many wireless equipments are around us, cellphones, WiFi/AirPort computer networking, Bluetooth keyboards and mice. I know basicly the vendors have tested the EMF (electric and magnetic fields) exposure before their products go into the store.
They always say it doesn’t pose a health risk. I trust the test is followed the rule and the individual equipment’s EMF exposure is not over the limit. But what about when four or five itmes work at the same time.
Let me provide some basic information of EMF.

EMF (or ElectroMagnetic Field) is a broad term which includes electric fields generated by charged particles, magnetic fields generated by charged particles in motion, and radiated fields such as TV, radio, and microwaves. Electric fields are measured in units of volts per meter or V/m. Magnetic fields are measured in milli-Gauss or mG. The field is always strongest near the source and diminishes as you move away from the source. These energies have the ability to influence particles at great distances. For example, the radiation from a radio tower influences the atoms within a distant radio antenna, allowing it to pick up the signal. Despite the many wonderful conveniences of electrical technology, the effects of EMF on biological tissue remains the most controversial aspect of the EMF issue with virtually all scientists agreeing that more research is necessary to determine safe or dangerous levels. Iron, necessary for healthy blood and stored in the brain, is highly effected by EMF. The permeability of the cell membrane of our nerves, blood vessels, skin, and other organs is effected. The intricate DNA of the chromosomes has been shown to be effected by EMFs as well. In fact, throughout our bodies, every biochemical process involves precisely choreographed movement of EMF-sensitive atoms, molecules, and ions.

Continue reading “Do we need wireless”

  • Archives