WordPress Hacking and Cleanup

There’s a brute force attack underway on a global scale. Massive. The attack vector? Keep attempting user/pass combos in an automated way until a breakin happens.

If your WordPress site gets hacked, I am available for cleanup and an audit.

Aaron@technosailor.com

It absolutely will cost you a minor fortune. That’s the way it goes. Don’t complain or whine, just get your credit card out.

It would be cheaper to have a strong password and install a plugin that limits failed login attempts though.

But if you don’t, rest assured I can help you despite you having to postpone a vacation in St. Thomas.

Do the right thing.

Read More

Security Problems and Government 2.0

The other day, I made a very serious point about the fad that is “Government 2.0″. I was pleased by the amount of attention it received and the large number of very reputable and poignant comments it recieved. However, it was largely a philosophical post, and did not provide anything concrete.

Today, that concrete example fell in my lap as I read this post by IT Security company, Websense. The post outlines how malicious users added an image to a “user generated” section of My.Barack.Obama. The image led to a trojan download site that is infecting user computers.

Granted, the MBO site is not a government site, but it is certainly related, wouldn’t you say?

Veteran federal IT Administrators are vicious about protecting internal systems and intranets. Trust me, I know. I come from a Lockheed Martin, CSC and Northrop Grumman background where projects I worked on were all government-facing or oriented. This is what we did.

For as much complaint as there is about the lack of transparency, the lack of public facing services that engage the public in a Web 2.0 way, I’d point out that there is a valid reason for it. I would love to see the Government opened up to more Web-savvy ways, but there are very tangible reasons why they are not!

This is also why Government 2.0 will not rule the day. At least not soon. Until there is a sensible way to prevent user-generated content from being user-generated security nightmares, such as this incident was, Government 1.0 will rule the day.

Security will always trump anything else and right now, there is too much opportunity for mischief to entrust the federal systems to user-generated anything.

Read More