Month: April 2013
WordPress is a great blogging software. It comes pretty much ready to use right out of the box. Whether you use it on a hosted site or you have set it up yourself using the scripts. There is a security problem built in that has been there for some time. The problem is that the default username is admin. Since every installation of WordPress uses this username unless the operator of the site does something to change the admin account that leaves only the password between your blog and someone who would like to take over your site. This article demonstrates the problem. http://www.foxnews.com/tech/2013/04/15/hackers-attack-90000-wordpress-blogs/?intcmp=HPBucket
Since I use a WordPress blog for this site I had been concerned about the default username not being very secure. I had looked for ways to change it but had not seen any. When I ran across the article I decided it needed to be changed. I had considered simply accessing the database the WordPress uses and editing the account. After a little diffing I found that this was indeed a good way to accomplish the change. So using PhpMyAdmin I changed the admin user in the wp_users table to something different. Hackers looking to gain access to a system need to know two pieces of information the username and the password. If one is known than half the job is done. This is also why simply using your name for the username is not advisable when security is needed.
If you have high speed or broad band internet at your home than you probably also have a WiFi access point. You may or may not even use it but unless you have a single computer connected to your modem or you specifically purchased a non-wireless router than you probably have one. If your wireless was set up by the technician who connected your broadband than chances are at least several of these steps need to be done.
- First thing that needs to be done is to change the administration password of the router. If this is left as admin admin as most are from the factory than it would not take much for someone to access your router and change settings for any number of purposes.
- After you changed the password you want to be sure that the wireless security is enabled and set to the strongest possible. Unless you need it for some older device do not use WEP encryption. This is an old encryption scheme that is rather simply broken. WPA or WPA2 is best along with a strong pass phrase.
- Change the Default SSID. All wireless routers use an identifying name so a client knows what wireless signal they are connecting to. Manufacturers ship their products with default names. There is nothing insecure about the default names however they are a sign to hackers they may have a poorly configured router and one that can easily be accessed. It’s easier to have a name you can readily identify amongst all your neighbors signals.
- Enable firewalls on routers as well as each computer attached to the network.
- If you have a wireless router but are not using the wireless functionality, you can disable the WiFi so it’s not even available.
I hooked up a new TV for a customer on Friday. They currently subscribe to Comcast cable in Olathe, KS. The TV is has both digital and analog tuners for cable signals. Once the TV was connected to the cable and had scanned for channels I was disappointed to find that not only were there many versions of the same channels but their numbering scheme was totally unintelligible. After figuring out how to delete channels from the lineup and spending a good hour trying to decipher which was the hi def channels and which were the 4×3 channels we still had a mess. I understand that the cable box does this for you and makes it show up with the common channel lineup numbers. It just seems like there is no reason to have digital cable tuners in TV’s if this is the outcome. The TV should have a way to rename the channels to a friendly name or number. This customer will probably have to get another cable box so they can understand and find the stations they want.