Advertisements

Posts Tagged Yahoo

Why good password practices are no longer optional — Part 1

This is the first part in a two-part series in password security practices and storage. Be sure to click here to read part two if you haven’t already!

If you — like many people — are in the habit of using simple passwords, or even the same password over multiple sites, you’re setting yourself up for disaster.

Let me briefly explain: If you’re using a simple password it becomes much easier for a hacker to brute-force your password and gain access to your account. You should always use the strongest password — lower- and upper-case letters, numbers, and special characters — that any particular website supports.

If you’re already using strong passwords, good for you. However, if you’re using that same password — or a variation of it — on multiple sites, you’re undercutting the security of it. If one website that you use it on becomes compromised and that password is revealed or released, any other website that you use it on has also become compromised.

One example of this disaster is the RockYou hack. In  January of 2010, Imperva released data regarding passwords exposed in the RockYou.com breach. In this attack, 32 million accounts were compromised and led to the disclosure of the top ten most used passwords, which potentially led to countless more accounts being compromised which used passwords that were on that list. This list was later updated to the 25 most often used passwords, as listed on Yahoo Finance.

Another example of this disaster waiting to happen is a phishing attack. This type of social engineering attack starts with a convincing-looking email that leads you to a website where you will “log in” or provide some other account details. The site that you’re directed to — while looking like the real site — is often a fake, designed to get you to provide your account information. Once the site has it, your account information can be used to log in to the real site. From there, a hacker can seize control of your account (changing the email address, password, and security questions), and attempting to use that information to log into other sites. Again, if you’re using the same password on multiple sites, the hacker now has access to all of those other sites.

Think you can identify a phishing email? Take a few minutes and take the SONICwall Phishing IQ Test now. I got 100% on this test, feel free to post your score in the comments below! You can also try the OpenDNS phishing quiz. I scored 14 out of 14 on the OpenDNS quiz. Feel free to post your scores and feedback in the comments below.

The implications of this are almost limitless if an attacker manages to take control of your email account. Once that happens they can start issuing password reset requests on other sites, and start taking control of them as well. For that reason, protecting the security of your email account should always been first and foremost. Google for one agrees, and offers users the option of 2-factor authentication, which provides a very strong level of security. If you have a Google (Gmail) or Google Apps account, I recommend you go and set this up immediately. It only takes about 15 minutes.

Do you have any other password security practices that you would recommend? Do you have a story to share about an account being compromised? Do you have anything to share that I didn’t cover above? Please feel free to share in the comments below! Also — check back for part two of this article, coming soon!

Advertisements

, , , , ,

Leave a comment

My suggestions for WordPress plugins

Here’s my suggestions for a great set of WordPress plugins. The descriptions provided here are from the plug-ins themselves, and the links go to the plugin page on WordPress.org. You can also go to your ‘Plugins’ area in your WordPress dashboard to search for and install any of the below plugins easily.

Bad BehaviorDeny automated spambots access to your PHP-based Web site.

Contextual Related PostsShow user defined number of contextually related posts.

Fast Secure Contact Form – Fast Secure Contact Form for WordPress. The contact form lets your visitors send you a quick E-mail message. Super customizable with a multi-form feature, optional extra fields, and an option to redirect visitors to any URL after the message is sent. Includes CAPTCHA and Akismet support to block all common spammer tactics. Spam is no longer a problem.

Fluency Admin – Give your WordPress admin the Fluency look, Fluency 2.4 is the latest update and is compatible with WP 3.1.x.

Google XML Sitemaps – This plugin will generate a special XML sitemap which will help search engines like Google, Yahoo, Bing and Ask.com to better index your blog.

Jetpack by WordPress.com – Bring the power of the WordPress.com cloud to your self-hosted WordPress. Jetpack enables you to connect your blog to a WordPress.com account to use the powerful features normally only available to WordPress.com users.

Simple Facebook Connect – Simple Facebook Connect is a series of plugins that let you add any sort of Facebook Connect functionality you like to a WordPress blog.

Simple Twitter Connect – Makes it easy for your site to use Twitter, in a wholly modular way.

WP-PageNavi – Adds a more advanced paging navigation to your WordPress blog

What plugins do you use on your WordPress-powered blog? Have any to recommend? Are you a plugin author and want to “plug” your plugin? :) Please feel free to leave a comment below!

, , , , ,

Leave a comment

Must-have Android apps?

I initially had my list of must-have Android apps posted in my review of my Samsung Moment, but I thought they deserved a mention apart from my awful experience with that phone.

I’ve recently updated this list to reflect my current list of must-have Android apps, rather than the old list. Quite a few of my recommendations have changed. These are recommendations for Froyo and newer. So here they are, in no particular order, and now with Market links. Note that some of these application descriptions have been taken directly from Market where I feel the author has explained it better than I could. If you have an iPhone, feel free to check out my list of must-have iPhone apps as well.

aCar
An all-in-one application to track and manage your car: maintenance, fill-ups, fuel mileage, expenses, business trips and more.

Advanced Task Killer (ATK)
Simple, easy-to-use task killer that supports automatically killing tasks as well as force-closing unwanted system tasks.

Astro File Manager
In my opinion the best free file manager / file explorer program available for Android. Easy manage files on your device and SD card. Easy to use, free, and powerful.

Autokiller Memory Optimizer
An outstanding and powerful automatic task killer with manual-kill features and additional tuning for rooted phones. Does have some advanced tuning features, so novice users may want to consider ATK above instead.

Barcode Scanner
A fun little app for using the camera to extract human-readable info from 1D and 2D barcodes. Supports many different barcode formats and recognizes codes quickly.

Barcode2file
The natural compliment to Barcode Scanner. Save your scans in a text file or send them via email with a simple touch. Supports batch scanning as well.

Battery Indicator
A free, simple, no-nonsense application to display your remaining battery as a percentage in your notification area.

Battery Widget
This widget displays the battery charge level as a percent on the home screen and offers one-touch access to the Wifi, GPS, and Bluetooth power toggles

Data Counter Widget
A must-have for those who are on data-limited plans. This widget displays your cell and wifi data usage for the month (or another configurable period of time) as a home screen widget.

Dolphin Browser HD
Puts the stock browser to shame. Easy full-screen browsing with swipe access to plugins and gesture  support for quick access to your favorite websites. Supports a variety of plugins as well.

Eternal Legacy HD
If you’re a fan of the turn-based fantasy RPG’s (think Final Fantasy) you will LOVE Eternal Legacy HD. This one is NOT available on Market, but is available from Gameloft.  Check the link for actual phone compatibility.

Evernote
This is one of those apps that once you have it you’re not sure ow you got along without it. Evernote is an easy-to-use, free app that helps you remember everything across all of the devices you use. Stay organized, save your ideas and improve productivity. Evernote lets you take notes, capture photos, create to-do lists, record voice reminders–and makes these notes completely searchable, whether you are at home, at work, or on the go. Since Evernote’s notes are synced to all of your devices via the cloud, you don’t have to worry about losing them.

FBI Child ID
While the Android app is still in development as of  the date of this update, FBI Child ID is a must-have for anyone with a child that they are responsible for. You can store photos, identifying information, and have the comfort of having it with you whenever you have your phone. With the ability to send it to authorities with a few taps, FBI Child ID can save valuable time in the event of a lost or missing child. See the FBI’s official Child ID page for more information.

Facebook
What can I say? Facebook app. Much better with recent improvements.

Hackers Keyboard
I don’t like Swype — It lacks some of the extended characters that I use and I’m a tap-typer rather than a swipe-typer. When I do inadvertently swipe my finger across the keyboard it tends to mangle whatever I was trying to type. For me, Hackers Keyboard is better — and free!

JuiceDefender – Battery Saver
A freemium, easy-to-use application to monitor and extend the life of your phone or tablet. Features widgets that give you one-touch access to status and features.

JuicePlotter
Great app to show historical data about battery life and usage, as well as a widget to show time-to-charge and time-remaining on your battery life. Very useful, and gets more accurate over time.

LastPass
A great password manager. LastPass web site. With fast and easy access to your LastPass password vault, the LastPass mobile app is a must-have. (Note: Requires a LastPass premium subscription – $12/year)

Lookout Mobile Security
Contains an anti-virus element, phone location, and backup/restore services. Excellent service for free, and a quite reasonable paid subscription service.

Meebo IM
A multi-protocol instant messenger for Android. Supports AIM, Facebook, Google Talk, ICQ, Jabber, MSN, MySpace, and Yahoo messenger protocols.

Parcels
Track FedEx, UPS, USPS, DHL and more right from your handheld. Also allows you to scan barcodes before shipping to be informed on their progress to the recipient.

PayPal
Handy for sending money via PayPal while on the go.

Spare Parts Plus
This is a handy utility for editing some hidden functions of your phone or tablet device. Settings should be changed carefully. The most useful reason for this app is enabling/disabling compatibility mode.

Twitter
It’s Twitter. Do I need to say any more?

Waze
Waze uses your devices GPS to not only provide turn-by-turn navigation, but also provides crowd-sourced traffic data to other Waze users  about traffic, delays, police presence, accidents, and other road incidents. Waze allows you to report a road incident with just a few taps on the screen, and Waze works well in both portrait and landscape orientation. (Thanks Jeff T. for the recommendation!)

WeatherBug Elite
Shows up-to-date weather information, forecast, radar (supports multi-touch), and more, with configurable widgets and “follow me” support. WeatherBug Elite is nice, but they do have the free WeatherBug app available too.

WordPress
A real must-have for anyone with a WordPress.com or self-hosted WordPress blog.

Z-DeviceTest
Handy app for testing various functions and sensors on your phone.

If you’ve read this far, you might also be interested in a list of apps specifically for rooted phones, yes? Well, here they are:

AdAway
Open-source ad blocker for rooted phones.

AdFree Android
Another ad blocker for root phones. For more information and to give feedback, visit the XDA Forums.

Chainfire3D
An intermediary OpenGL graphics driver which may increase video performance on some devices. Requires: Root, 1ghz+ device, Android 2.1+. See the XDA thread for more information and a list of compatible devices.

Samba Filesharing
A Samba server for your Android phone. Allows you to access your Android phone’s SD card over your network.

Titanium Backup
EXTREMELY powerful tool. Backup ALL apps, Market links, remove bloatware & MORE! Backs up your apps to your SD card and can restore them with their data even after a hard reset, factory reset, or even a new ROM install. It’s fantastic!

Have an Android app you just can’t live without? Please let me know in the comments below!

Last update: December 7th, 2011

, , , , , , , ,

7 Comments

Bad robots

As part of being on a VPS, bandwidth is limited. One of the things you have to watch for is bots, crawlers, and scrapers coming and stealing your content and bandwidth.

Some of these bots are good and helpful, like the Google, Yahoo, and Bing crawlers. They index your site so it will appear in the search engines. Others, like the Yandex bot, crawl and index your pages for a Russian search engine. If you have an English-only site targeting US visitors, you might want to consider blocking the Yandex bot.

In my searches I also came across the Dotbot, which seems to crawl your pages just to get your response codes. I’m not sure what they do with the data, but in my opinion it’s better to block them.

So how does one block these bots? The Robots Exclusion Protocol states that a file, called robots.txt, can be put in your DocumentRoot with directives for bots to follow. For example, if your domain is example.com, your robots.txt should be at the following URL:

http://example.com/robots.txt

The robots.txt directives can tell bots which files they are allowed to index and which they are not. Well-behaved web robots will look at this file before attempting to crawl your site, and obey the directives within. The directives are based on the bots UserAgent string. A couple of examples:

Block the Dotbot robot from crawling any pages:

UserAgent: dotbot
Disallow: /

Block all robots from crawling anything under the /foo/ directory:

UserAgent: *
Disallow: /foo/

The Google Webmaster Tools has an excellent tool for checking your robots.txt file. You can find instructions on how to access it here. Google account required.

However, not all bots obey (or even look at) the robots.txt file. Those that don’t need special treatment in the .htaccess file, which I’ll describe in another post.

, , ,

Leave a comment

Ten things to do first when creating a new website

Alright, so you’ve got your CMS (website software) installed and set up, and you’re looking at your new front page.

Now what?

Here’s my suggestions for the first ten things to do to get your website “off the ground” as it were. It’s recommended that they be done in some kind of order, as you will get the best results with one after having done the others before it.

1. Edit your front page

This should go without saying. Change the default content to something a little personal talking about you and your new site. State what it’s about, but don’t go overboard with the keywords or ads. A new site is a new site, but a new site rife with “keywords” and ads will scream “stay away!”

Don’t worry about themes at this point, unless you have something specific in mind. The search engines won’t care what kind of theme you use and they’ll re-index as things change. There will be plenty of time for theming later.

2. Get an XML Sitemap plugin

XML sitemaps are sitemaps specifically designed for search engines to use to crawl your site quickly and effectively. They contain a list of every page regardless of whether or not it’s linked from another page, and the page’s last update. Even better, most XML Sitemap plugins will automatically “ping” (or notify) the search engines when you create a new page or update a page. A must have for fast indexing.

3. Get your webmaster accounts

Google, Yahoo, and Bing offer webmaster tools for site owners to submit, verify, and specify XML sitemaps for their sites. Once you complete this step, search engines will usually begin crawling your site within a day.

Make sure to complete the verification steps at each site.

Here are the direct links: Google Webmaster Tools, Yahoo Site Explorer, Bing Webmaster Center

4. Get a good stats system

Server logs aren’t a good indicator of site traffic unless you’re getting less than a handful of hits each day. Even then, once you start getting some traffic, you’re going to want to see specifically what pages are popular and with what visitors. Even inbound searches will show you what you’re doing right so you can keep focusing on the important stuff.

I recommend Clicky. The stats are real-time and it’s free for one site.

5. Get some inbound links

Chances are you have at least one friend with a website. Ask them to put up a link to yours. This is good for two things, traffic and search engine ranking.

Visitors to the other site may see a link to yours and click on it, and search engines will see the link from the other site to yours and “follow” it to yours, helping your search ranking.

Of course, it helps if the sites are on the same topic as yours.

6. Make it your own

Start playing with the theme, layout, and color options. Make it your space and your style. Darker themes are more suitable for personal sites, lighter themes for more professional. Use colorful backgrounds that show off your skills if you are an artist (painted or drawn art, music, etc. If you create something, show some style).

7. Start adding real content

Nothing is going to turn away visitors faster than the words “Coming Soon” or “Under  Construction.” Post something up, if only a few paragraphs. Talk about yourself, the reason and aim for your site, and what you’re working on. Link to your user profile on some social networking sites, put up pictures. Above all, make sure it’s original content! Users know when you steal from other websites, and it will immediately discredit you.

8. Make yourself available

Add a contact form, your email address, a Skype or Google Voice button if you have them. If a viewer wants to get in touch with you, they should be able to. If you’re a business, your address and/or telephone number are also a must.

9. Add interaction

Add a comment box or guestbook. Let visitors comment (even if it’s negative). You may learn something. Respond to the comments to show you are involved and that you care.

10. Update often!

A web site is not a set-it-and-forget-it kind of thing. Look at your site regularly and add new content, update out-of-date content, and play around with the layout. Out-of-date content is a turn-off for most web visitors. No one wants to spend time reading a post that is obsolete or out-of-date. Keep it fresh and keep it coming.

Have experience launching a website or any advice to share? Did you try these tips? Did they work for you? Have something to add? Please share it in the comments!

, , , ,

9 Comments