Monday, November 26, 2012

Gadgets for Security

In today's fast-paced life, security is most important. Many security gadgets are available in the market, which provide personal and home security. But getting the right gadget can be little difficult. Here are some of the best security gadgets which will help improve your Internet security. Take a look.

1. Gorilla Pod Camera Grip

Gorilla pod is a great gadget that secures your camera anywhere. Unlike other tripods, you don't need to keep it on a flat surface to take a perfect shot.

2. Open RFID Wallets

The special aluminum casing of this wallet shields up to 10 cards from data stripping and RFID scanners.

3. Sprinkler Hide-A-Key

Sprinkler Hide-A-Key looks like a sprinkler. You can store the keys inside this sprinkler and push it into the ground.

4. RFID Blocking Passport Billfold

Passport Billfold is one of the best security gadgets. It shields your Passport from RFID readers. It can also hold ID cards and cash.

5. Kensington Notebook Locks

Now, don't worry while carrying your laptop in public places. This laptop lock will keep your laptop secure.

6. Book Vault

Book Vault looks like a book. It has a perfect hiding space inside it which allows you to hide nearly 80 cubic inches of stuff.

7. Mandolin Password Manager

Mandolin Password Manager makes your password more secure. It automatically generates super-strong passwords and has the ability to manage up to 50 login records.

8. Alert Me

The security doesn't monitor your home with the help of camera. It has sensors in it which detects intruders, and if they are triggered, the device will automatically send you a e-mail or text alert.

9. Bullet proof Body Armour Clipboard

Bullet proof Body Armour Clipboard holds the papers and has the ability to stop a 9mm bullet in its way.

10. Sentry safe

Sentry safe has electronic and fingerprint locks which will keep your valuable things protected. You can keep your things secured in this gadget.

11. Alien-ware

This is one of the best gaming laptops with Dravidian GT 335M graphics card and video memory of 1024MB. It has got a unique blend portability and graphical power.

12. Dell

Dell has got long battery life and nice design. It has minimal bloat-ware, 3D graphics performance, USB 3.0, Blue tooth and automatic graphics switching technology.

These are some of the best gadgets which will help you to improve your Internet security that will keep you protected.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

Securing Your Website

Securing your website should rank high for anyone who has a website presence on the Internet. There are many ways that your website can be attacked, and all are reasons to dislike the Web. Hackers and spammers are becoming more adept at getting into your website. There are measures that can be taken to safeguard your site from attacks.

It is important to update when these updates are available. Upgrades tend to fix or update security software and therefore need to be run as soon as available.

Passwords are another security problem that can be easily hack by intruders. Having a strong password that is hack resistant is goes towards securing your website. Using passwords that has alpha, numeric and special characters makes for a strong password. Having at least eight characters is good for security also.

Keep your admin email address away from the public eye. This is the address used to log in into the host server for your website. Using a different contact email address will keep your site from being scammed. Phishing email can be disguised to look like it came from your hosting company. Adding a different table prefix to your database can be used to keep hackers from your data.

Having an .htaccess file is used to further securing your website by specifying security restrictions for a particular directory. Passwords can be created and stored in this file. Use robots.txt files to give instructions to the search engine spiders as to which folders are to be indexed and which are not.

Regular backups of your website are important and should be done each day. Having a recent backup saves the owner time in case their website has been compromised. The backup includes backing up of the entire website, database, and email files.

Look for security plugins that help to maintain the functionalities of the scripts. The security plugin will check for the weaknesses and advise how to correct. The overall job of the security scanner is to alert and correct attacks from the Internet.

Read the blogs and tech forums about website security. Stay connected about the latest attacks from bugs, vulnerabilities, and security risks from the Internet. There is always a delay of getting the patches with the updated information to you. Therefore knowing this information gives you time to protect or take your site offline temporarily.

Securing your website ensures that your business can be kept running and maintaining a professional image to your customers.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

What Is The Safest Way of Using Parental Monitoring Software?

So you might have a curious teenager or you might be afraid that your child is a victim of cyber bullying or stalking. There are many valid reasons for using parental monitoring software, but you need know how to manage the risks that come with using it.

You may ask, risks, what risks? Lets say you installed parental monitoring software on your laptop to keep tabs on your children when they are using it. If you've been using the laptop for quite some time, a lot of information would have accumulated on that laptop by now. If everyone logs on with the same user account, it means that the parental monitoring software was possibly active when you were using the laptop. You used the laptop for online banking, purchases, reading e-mail, submitting personal information, etc. Should this laptop be stolen, you will have quite a lot to worry about. What if the thief manages to gain access to the information logged by the monitoring software? That could compromise a lot of things, lead to things like identity theft and eventually have a huge impact on your finances.

So what am I trying to say, that you should never use parental monitoring software? No, off course not, just use it responsibly. Let me explain how to use it in such a way that it never compromises your online security or the sensitive information stored on your computer. First of all, if your child has his/her own computer, it makes life a lot easier in terms of using parental monitoring software, but giving your child his/her own computer is not always an ideal solution and many families have a single family computer used by all the members of the family, but for different purposes. I will explain these tips from this point of view.

If you only have one computer in your home you need to create an environment where you can operate as if everyone had their own computer. How on earth do you do this? Quite easily, create a separate user account for each family member, but only the parents must have administrative privileges, the children's accounts must be limited accounts. This way you can control what is being installed on the family computer and keep your children from making unwanted changes to the settings of the computer.

Why is this important? Well, having a limited user account won't make it impossible to bypass the monitoring software, but it will make it at least harder to do so. Secondly, monitoring software can be configured by the parent to monitor only certain users, so parents can can exclude their own accounts from being monitored. This is extremely useful, because it allows the parent to use the computer for online purchases and entering stuff like passwords, credit card numbers and other personal information without the need to turn off the monitoring software in order to prevent the information from being recorded.

There are also other benefits for creating limited user accounts for your children. Because of the limited privileges of such an account, you have better odds against malware. Please note, I said better odds, it does not mean you are immune to viruses. Never assume that a limited user account is a substitute for anti-virus software, you should always have some form of malware protection on your computer, and no, Windows Defender or Microsoft Security Essentials is not enough, you should have some industry standard anti-virus application installed on your computer. Since your computer is a family computer, it falls under the definition of home use. This means you can legally use the free versions of anti-virus applications like avast! or AVG.

This brings me to the next step of making sure that you put safety first when using monitoring software. Monitoring software often clashes with anti-virus applications. But why? It uses the same techniques as key-loggers and spyware and this normally causes the anti-virus software to intervene and block it from operating. The very last thing you should do is to choose the easy way out and disable your anti-virus software. This totally compromises the security of your computer and everything stored on it. If you have a good anti-virus program, it should allow you to exclude the parental monitoring software, so that the two can work in harmony.

Now that you've read this article, you are probably thinking that it is much easier to avoid monitoring software completely. Well, if you can avoid it, good for you, but most people view it as something used by parents to spy on their kids. I am a strong supporter of openness between child and parent when it comes to monitoring software. I believe you should never use it behind your kid's back and you should tell your kids that their behaviour on the computer is being monitored. Keep in mind that monitoring software is not only there to check if your child is browsing porn sites, it also helps you to step in when your child is being stalked or bullied online or to educate your children on safe browsing habits by reviewing the sites they normally visit or terms they use on search engines. For example if you notice that your child is searching for cracks of the latest first person shooter, you can immediately step in tell your child that it is dangerous to browse software piracy sites and that you walk the risk of getting the computer infected with malware.

There is more to parental monitoring software that meets the eye and there are many useful and practical applications for them. Choosing the right monitoring software is just as important as using it correctly. A good parental monitoring application is one that will allow you to do everything that's discussed in this article, so if your current monitoring software does not allow you to do this, it is time for a change.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

Why Layers of Security Can Help Protect Your Business

As a result, security is now an essential part of businesses, especially when hacking and cyber attacks are so rife. Furthermore, as the uptake of BYOD (Bring Your Own Device) rises, companies need to make sure that computers, mobiles, tablets, laptops and other pieces technology are all secure in order to protect their networks. An infected tablet brought in from home could wreak havoc on a company network if it isn't properly secured.

Next-level security

However, installing domestic, off-the-shelf anti-virus software isn't enough. Businesses need to look past tough-to-guess passwords and into the world of advanced online security in order to protect against cyber attacks. This rings especially true for small businesses who are generally the main target of hackers. Small businesses unfortunately don't have the financial backing to install a million pound security system and, as a result, many become victims of cyber attacks.

However you don't need to be the owner of a major corporation in order to acquire exceptional security software. There are affordable, advanced online security services on the market which can help protect staff blunders, such as misplacing an impact laptop - as well as network detection software and patch management systems.

For example, patch management can be important in helping businesses update all of their software to the latest version. This way, hackers can't exploit any vulnerabilities in older software which can help them access computers remotely, for example. However, it's important to make sure the manufacturer still supports the software you're using. For example, Microsoft is ending support on Windows XP in 2014, even though 46 per cent of people still use the operating system. It will become hackers' prime target when support ends, so firms need to make sure they upgrade to a newer version to avoid any potential attacks.

Staff error

As mentioned earlier, sometimes staff error cannot be helped. Leaving a tablet in a cafe or a laptop on the train is just part and parcel of business life; it could happen to anybody. In order to prevent the error from becoming a fully-fledged disaster, businesses need to make sure that any work device that is able to access confidential information or stores customer data is fully encrypted. Encryption involves the encoding of data to make it completely inaccessible to anybody without the required password or key. This way, any chancer that might happen to stumble upon a 'lost' tablet can't access any of the confidential information found on the device.

Advanced security is a integral part of online business, whether you're a major corporation or a small, local business. By neglecting security, the ramifications could be catastrophic, especially if customer data is stolen. Legal action could very well be on the cards. So it's important for business owners to make sure they protect themselves and look for good server security is one of the first steps on that process.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

How to Keep Your Online Data Safe

If you spend any amount of time online, surfing the Internet, then you are putting any information that you store on websites and even on your computer at risk of being hacked. It's important to know how to keep your online data safe and secure in a virtual world.

The first thing to keep in mind is that even though most websites seem completely safe and secure, many of them are searching for personal information with you. While a high percentage of these information searches are completely benign (used by many companies to target your preferences more effectively, allowing them to provide ads that would pertain to you), there are a few that have malicious intent.

Some websites are only seeking to steal your personal passwords or information that you store on your computer. They do this through viruses and cookies. Some websites are designed to look exactly like other sites that you may accounts with. For example, PayPal is constantly reminding its customers that they will never ask for the user's password or username. Yet you may find an email from what appears to be PayPal, informing you that your account may have been compromised. It then instructs you to click on the provided link and log in to your account.

This is an example of a phishing scam - a con designed to give someone else your personal details. If you click on that link, you'll notice the website address does not belong to, nor is it associated with, PayPal.

It's important for you to remain vigilant while you are online and not to share any personal information with any website that you personally did not go to and are not sure about its integrity. As stated above, most websites are run by honest, hardworking people, but you may not be able to trust the manner in which they protect your information. As a result, if you don't know them, if you don't know how well they will protect your personal information, then don't share any with them.

If you are searching for information or certain products, use one of the major search engines, such as Google. If the website is questionable, Google will likely provide a warning before allowing you to visit the site. This doesn't mean you shouldn't, but be aware of the risks. Also, don't respond to any emails that are spam or come from sources you do no know. Don't click on links from any of these emails, either.

Lastly, the most effective way to keep your personal information and online data safe and secure is to choose passwords that are not easy to guess. Use a series of seemingly random numbers and letters. It's better to have to struggle to remember them yourself on occasion than to give easy access to hackers who are bent on stealing everything you have worked so hard to earn.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

Why We Should Not Ignore the Importance of SSL Certificates?

Data will not be seen by others if it is secured by an SSL Certificate. Your customers won't trust your e-commerce site without SSL encryption; it protects you also. But, is an SSL required for an e-commerce site. Do you need an SSL Certificate for e-business?

If you have an e-commerce website with an online store, you absolutely need an SSL Certificate. The process on an e-commerce website is first you have to sign up with login credentials and give personal data and also, eventually, payment information (credit card or bank account information). The Website collects customer's confidential data. This must be scrambled by an SSL Certificate to assure the safety of the details and personal data, It your online payments.

People are now aware of online fraud and visitors are expecting security for their data. If your site doesn't have security, they will find other sites that secure their data with an SSL.

Security is a part of any e-commerce web site, so visitors can feel free to buy and provide their information like personal details, bank details, credit card numbers, etc. They expect all the details they give on the internet are secure. That is only possible with one of the Different Types of Certificates. An SSL Certificate is required to make any web site secure.

The Quick SSL Premium certificate enables you to turn your visitors into customers - grow your profit from the same level of traffic. GeoTrust help you to increase your average sale because customers trust your website when it is secured with SSL and displays https:// in the address bar and a padlock in the browser.

Take advantage of how the brand of the certificate provider increases trust with the customer: retailers have a chance to increase profits via brand recognition of their SSL provider. This alone motivates customer assurance and faith. The leader in SSL providers gives a value-added service in the form of site seals and trust sign to give extra credibility to the e-commerce site.

Just doing some quick online research, we can see that retailers display trust signs on their sites, so visitors are becoming more and more familiar with these logos. Seeing a logo makes the visitor more comfortable with the site services and after that become a customer.

If you are not installing an SSL Certificate, you may have the following problems in the future:

Your customer or visitor will go to a rival site; Your site visitors will not find the trust sign on your web site, making them lose confidence and trust in your brand and the services which you are selling. As your brand value goes down, ultimately your site value goes down; Visitors are less likely to give their information on your site; It may decrease your visitor conversion rates and may affect your overall profitability. Your site may have many visitors but a low conversion to buy. You have just visitors, not customers. An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

Protect Your Website!

"Freedom of Speech" Everyone has the ability to speak their mind without limitation. Yet, this has been questioned many times in different ways. In social media, freedom of speech is a widely accepted convenience wherein conversations are often not be restricted (or monitored); this give rise to the question about security and privacy.

Social sites have the power to spread stories and information that increase awareness. Once in a while, people assign different values, multiple comments and various approaches; some are compliments and some are aimed to spark controversy. In instances like these, online moderation is a valuable service.

SIGN-UP!

Moderation can start from the very point when users sign-up. The sign up process requires users to provide information before granting them the ability to comment on your website (example: name, email address, but not phone numbers or other type of codes). This is done to ensure they are real people using real identities.

COMMENT MODERATION

Moderation of comments is a tedious task but it is necessary.

1. To avoid offending others. Racist, sexist must be strictly controlled to keep your site pleasant. 2. To delete or remove ridiculous off-topic discussions. Messages that are not related to the subject. 3. To encourage proper online activities. Each should be sensitive enough to consider the feelings of others. To enforce this, moderation pushes for proper decorum online. 4. To avoid unlawful and distracting advertisements. Conversations that promote or publicize their products and services in direct violation of set rules. 5. To avoid personal attacks. Some users post negative comments and use profanity as a form of bullying or defamation. Moderation aims to eliminate these activities. 6. To avoid fraudulent generalizations. Some users have the knack for using stereotypes and profiling by using words like "all of them" or "a lot of them" these result in unnecessary debates and arguments. Moderation identifies users who cause this and take action to remove these comments or ban the user(s).

Comment moderation is important in maintaining the reputation and dignity of a website. It guarantees that the user experience does not decrease, that members keep signing up and that all rules and regulations are followed without exceptions. Moderation is indispensable in the goals for growth of a business website; and though it is a hard task that might seem unending, it is still a task that needs to be done nonetheless.

Rules can be posted to restrain comments and guide users, but it is unavoidable in any website that has numerous users to not have violators. These violators may either be committing offenses unintentionally or intentionally. Having a moderation service will make violations identifiable, preventable and virtually non-existent. Online moderation gives business and website owners the power and ability to correct mistakes, approve or reject posts and eliminate sources of conflict.

Protect your website from abusive users. Guard against spamming, trolling and flooding.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

What Are SSL Certificates? Why Is It So Important For Every E-Merchant To Have Them?

The SSL cert is the simplest and fastest way for anyone who promotes the sale of goods or services online to protect customer transactions from conniving, credit card pilfering hackers and the malware they devise to help them in their sticky-fingered criminal endeavors. And this makes equipping your site with SSL Certificates vital. Because shopper apprehension of credit card stealing hackers is the No.1 reason why e-merchants lose sales! - Otherwise known as Shopping Cart Abandonment.

Top SSL Certificates give you quick online issuance, advanced encryption, 24/7 e-merchant support, and strong warranties. But most important of all, an SSL Certificate helps you create a secure e-business environment in which sales can proliferate. The best SSL Certificates are designed with a 2048 bit signature, and are recognized by 99.3% of all Internet Browsers. This helps maximizing the reach of your e-business.

Most top SSL Certificates also feature another safeguard called "Point-to-Verify Site Seal Technology." Point-to-Verify Site Seals, or trust marks, verify the steps you've taken to keep customer transactions secure. These steps are publicly displayed whenever a site visitor hovers their mouse cursor over a seal.

Now you know what an SSL Certificate is and how it will help you and your online business thrive. But one important question remains. Of the three most powerfully used SSL types, which one is right for you? Let's find out.

The most basic SSL Certificate you can deploy is the DV SSL

DV SSL stands for Domain Validation Secure Sockets Layer. When your Website employs a DV SSL, its Certificate Authority has confirmed that your site is owned by an individual with a specified and fully registered email address. Top DV SSL provide your Website with Interactive Trust Marks site visitors can hover over to read the actual authentication information the Certificate Authority offers.

An even more popular, basic SSL Certificate is the OV SSL:

OV SSL stands for Organization Validation Secure Sockets Layer. When an e-merchant chooses this more advanced basic SSL Certificate, his Certificate Authority has confirmed both that your Website is owned by an individual with a specific email address, and that your Website is linked to a fully registered brick and mortar address. Top OV SSL provide you with floating and anchored trust marks to display throughout your Website. These increase customer confidence because their interactive capacity allows your potential buyers to hover over or click on them to read the kind of authentication information about you, your Website and your company that is very reassuring.

The most advanced SSL Certificate is the EV SSL:

EV SSL stands for Extended Validation Secure Sockets Layer. And the technology built into an EV SSL definitely supplies your Website's customers with extended validation! The EV SSL validates the security and integrity of your site and the location and identity of your company. But that's not all. Once you purchase an EV SSL, two things happen as soon as an online shopper types your URL into their computer's address bar. FIRST; their address bar turns green, alerting them to the fact that yours is one of the most secure, high quality e-merchant sites on the Web. Then SECOND, their view of both your Home Page and the Site Pages that follow includes floating and anchored trust marks. These insignia announce that your customers' credit card transactions are fully protected and can not be hacked. Finally, top EV SSL are bundled with tools that scan your Website for malware. You are also provided with the PCI Scan Compliance Reports you must submit to banks and credit card companies quarterly. And, of course, the best EV SSL come from Certificate Authorities that provide impressive Warranties and 24/7 technical support services.

So now you know why you need SSL Certificates and all about the types there are to choose from. Want a tip? If you're an e-merchant attempting to make site sales without the help of SSL, you're doing your company, your customers and your bottom line a disservice. Look into getting the right SSL Certificate today.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

Purging Virus Threats From Your PC for Better Protection Online

Protection from virus threats can be a never ending process as virus attacks are largely present online. Even if you keep a sharp watch on threats you may find yourself overlooking one at some point in time.The best way to deal with it is to install a robust antivirus program and keep it updated against the latest online threats. Adware, spyware, malware and Trojans have never ending effects on our daily schedule online thus it seems difficult to keep a track over vulnerable activities. It's an obvious fact that you won't like to install such programs on your PC thus it's important to understand the complexities involved with such threats.

It's certainly more critical to understand which malware is dangerous and which is easy in purging threats from your system. Users start experiencing certain hassles while operating a system without computer virus protection, which may result in slow down of system, crash, data corruption, pop-up windows and slow internet speed. In the worst cases you can even lose your personal information, which is likely to be used for malicious purposes. Online security from spyware and Trojans are the example of some of the few solutions offered by experts.

Such assistance helps an individual to engage proper techniques in order to store and wait for total repair. So be it computer spyware removal or PC diagnostic, dynamic antivirus protection software downloads can help fix the problem efficiently. Viruses manifest themselves with different applications and can destroy the entire system badly. It's essential to stay vigilant all the time whenever you are online as spyware program may use other application in order to perform unauthorized functions. An antivirus program can be a better option as it can really help you detect all the hidden threats and it certainly comes for free. These antivirus programs can be updated for free as there are various versions you can choose from online. Free antivirus programs are good enough to make arrangements for your own system. A real time antivirus program provides automatic protection against database updates, on-demand system scanning, removable media checking and download monitoring very well. The best antivirus program works usually strong and can very help you update the database as the paid ones. Various defense systems can be bundled together to receive the features of the best antivirus protection.

It's important to make informed choices and check the reviews of other various best antivirus software online. Take the most of your virus protect software and solve your purpose perfectly as safety is the basic concern online.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

PHP/MySQL: Easy Solutions to Protecting Passwords in a Database

One of the most common errors that a novice PHP/MySQL programmer will commit when creating a membership site is storing passwords in the database without securing them in some way. Why is this a problem? If a database is hacked, and this can occur easily without sufficient safeguards throughout the code of the entire website (one loophole and it could be accessed and the information harvested), a hacker could easily discover all over your users' passwords and not only use this information to take control of their accounts (including admin accounts!) but also accounts of other services of which a user may be using the same password (Gmail, Facebook, Twitter, PayPal, you name it!).

Perhaps an attack this drastic isn't as much of a problem if you have good code that prevents SQL injections and the like, but there is still the brute force or dictionary attack options that hackers could use to get a user's password, including the admin's password. It is therefore important for your own site and the privacy and safety of your users to ensure that your passwords are safely stored in your database. When a user gives you his password, he is expecting it to be safe; so don't let your users down!

There are many ways a PHP programmer can encrypt passwords before storing them in the database. The most common method is using a hash, which means that the process of encrypting a password cannot be reversed; so if a user loses her password, she must be given a new one as the old one cannot be decrypted and given back to her. Hashed passwords are usually checked during login in the same manner that an unencrypted password is: by comparing strings. There are exceptions to this method in stronger hashes, which I'll get to.

The easiest method (and a very common one) is through the use of md5 to encrypt the password. Though this method is incredibly easy, and certainly preferable than nothing at all, it is not very difficult to break the encryption, and there are many sites that help in doing exactly this. I tried one of these sites once, to great success.

But, if you feel this method will be secure enough for your site, at least for the time being, this is how it would be done:

$encrypt_pass = md5($pass);

Where $encrypt_pass is the encrypted password and $pass is the variable containing the password you wish to encrypt. But since this method is fairly insecure, let's look at other options.

A very similar but slightly better hash is sha1. It works in much the same way as md5 does, except it returns a 160-bit fingerprint rather than a 128-bit fingerprint:

$encrypt_pass = sha1($pass);

Another option is using a salt on top of md5 or sha1. The way this works is that a string is added to the password before md5 or sha1 hashes it. This is fairly good to prevent brute force or dictionary attacks, as the theory behind it is that a user's weak password can be strengthened by the salt before being hashed and inserted into the database. For example:

$pass = "pass123";//Let's say this is the password the user entered

$salt = "1y2Jdu1D8!b";//This is the salt algorithm

$encrypt_pass = md5($salt$pass);//We add the salt and hash

If the hacker can discover what the salt algorithm is, however, this method is just as weak as an ordinary md5 or sha1 hash. So what else can we do? How about combining methods?

$pass = "pass123";

$salt = sha1(md5($pass));

$encrypt_pass = md5($salt$pass);

Though this is not foolproof, it's really strong, and nearly impossible to crack without knowing the algorithms, which usually means access to the .php file. Of course, if you want to keep these passwords safe from others who may be working on a project with you and do have access to the files, there is yet another option to consider.

I personally like to use the "Portable PHP Password Hashing Framework" or phpass, an open-source solution on which password encryption for phpBB and WordPress is based on. With this system, a hash is different every time for the same password, meaning that one must use phpass's function to compare two passwords. Theoretically this makes it impossible to decrypt.

In order to use this framework, you must download the files from openwall. There will be a PHP file there called PasswordHash .php that has the hash class. Upload it to your server and require (or include) it on the page where the password will be encrypted. You can then call the class to hash the password:

$t_hasher = new PasswordHash(8, FALSE);

$hash = $t_hasher->HashPassword($pass);

Then, to check two passwords (during login for instance):

$check = $t_hasher->CheckPassword($pass, $hash); //$pass is the password being check and $hash would be the hashed password stored in the database

if ($check){ /*Let the user through*/ }

if(!$check){ /*Don't let the user through*/ }

The test .php file is well commented and will have more functions that may be useful to look over. It will also test everything to make sure it's working on your system.

So that's a quick rundown of what you can do to keep your site and your site's users safe. Please, please don't just store the passwords as plain text in your database. It's bad practice and it's not keeping the trust your users have in you when they register on your site. It's easy to do, and highly important.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

Why a Managed Security Services Provider Is a Business's Most Critical Partner

A business's network assets are critical to its success. Despite their overwhelming importance, however, too many businesses leave those assets to chance. A managed security services provider can design a unique set of solutions to protect network assets from the relentless threats and attacks that occur on a daily basis.

Left unmanaged, these security risks, which can come from both internal and external sources, can wreak havoc on a business's ability to operate. They pose a very serious and real threat to corporate performance and continuity.

A recent ZdNet commentary titled "IT security and new regulations needed to protect critical infrastructures" shed light on the importance of having a managed security services partner. Pointing out that 2011 is the year that many have dubbed "the year of the hack," the site's commentator suggested business owners may never again think the same way "about the security of networks and systems."

Although he recommended "the deployment of typical preventative technologies (e.g., firewalls, IPS, anti-virus, etc.)," he stressed that such technology in and of itself is not enough. What is required is proper design, implementation and maintenance of a process that allows a business to respond to any network threat in a "timely and effective manner." Of course, most companies don't have the resources to devote to that task, which is a 24/7 job. That's where "a Managed Security Services Provider (MSSP) [can] help them fill organizational capability gaps."

A managed security services provider can offer the following solutions:

Risk mitigation, so that any threat is stopped before it can turn into a full-blown emergency Improved network visibility with 24/7 monitoring for round-the-clock peace of mind Enhanced network performance, uptime, and utilization so businesses can maximize their effectiveness Flexibility to extend IT resources to strategic projects Simplicity in network management so business owners can devote their attention to more pressing matters Reduced network maintenance expenses for better bottom line A proactive approach to system issue resolutions

With all these benefits, it's hard to argue that a partnership with a managed security services provider isn't worth the investment, but for those CEOs who are still on the fence, "PC Magazine" echoes ZdNet's glowing recommendation of such a partnership. Several years back in an article on the topic of Managed Security Services, the publication said, "If your small business doesn't have full-time IT support staff, and you'd feel safer asking a specialist to handle security than tackling it on your own, consider outsourcing security to a managed security service provider (MSSP). MSSPs can provide a variety of services, such as firewall and VPN, content filtering, spam filtering, virus protection, and intrusion detection/ prevention services."

Today, a managed security services provider can provide all of that and a whole lot more, including (according to Wikipedia) "round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies." And in a day and age when network security threats are lurking around every corner, no business owner can afford to be without such protection.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

A Whole New Reason To Secure The Best VPN Services: HTTPS Isn't As Secure As You Thought

On the internet there is a system in place to keep financial and other confidential and sensitive data from falling into the wrong hands: Secure Sockets Layer. This is a method of encrypting and decrypting the data transferred to, and from, the website or server you are communicating with. But according to a report released recently by the Trustworthy Internet Movement (TIM,) you may need to start using the best VPN services you can find to further secure the communications.

What Is This Movement About

One project that TIM undertook was the determination of the security of some 200,000 registered HTTPS websites. They developed a scanning program called SSL Pulse which scans websites for known vulnerabilities and hacking methods including page spoofing, man-in-the-middle, and brute force attacks. The scanner then returned the results to TIM who analyzed them and found that of the 200,000 registered secured websites only 10% were truly secure. This, assuming that the visitor isn't using any of the best VPN services. The scanner checked many SSL protocols, SSL 2.0, SSL 3.0, and TLS protocols, along with all the latest encryption ciphers, and key lengths.

How They Were Rated And The Scores

Websites were rated on a basis of 1 - 100, which was then converted into a grading system... an "A" being a score of 80 or more points. And while at least half received an A, only 10% showed up as totally secure from exploitation. In site of the high ratings though, at least 75%, or 148,000 websites, were found to be vulnerable to a popular exploit called "BEAST." Beast uses cookies and authentication tokens to invade the secured stream. This is a hack revealed in the 2011 security conference in Buenos Aires and will work on SSL/TLS block encryption ciphers such as AES and Triple-DES, but doesn't affect any of the best VPN services protocols like OpenVPN, or PPTP.

How To Tell If Your Communications Are Secured

First of all I want to emphasize: Do not stop using your HTTPS websites. For the most part, they are fairly secure. But you may consider enlisting the best VPN services provider you can afford and using it when you are conducting transactions that you want to keep confidential. A spokesman for the group said that "For your average Web site -- which will not have anything of substantial value -- the risk is probably very small." Then he went on to say that the larger institutions, like financial websites, have a much larger potential for being exploited. By using one of the best VPN services, and always allowing your browser to check the website security certificate, this larger risk can be averted.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

What Makes a Password Secure?

In today's modern age, passwords have become a common practice in many facets of our lives. From basic email accounts to social media sites and even banking records, passwords are intended to keep our information private, safe, and secure. So what makes a password secure? What helps to keep your personal information from being compromised?

The answer is a combination of factors that you need to keep in mind no matter what kind of website you are accessing or setting up an account for. The first thing that you need to keep in mind is that even though you may know a number of people, you never know every single one of them intimately. Are you certain that the friend of a friend whom you met last week is honest and full of integrity? What if your password for your bank account happened to be the name of your favorite actress? Would this person have figured that out and right now, at this moment, be accessing your information, transferring funds to his own account, and leaving you broke?

Sure, that is not likely happening right now to you, but it happens to people all around the world. Every single day. People they thought they knew, people whom they thought they trusted are breaking into their accounts and stealing money from them because they didn't use a secure password.

So What Makes a Password Secure?

The bottom line about what makes a password secure is that it is something that a person who knows at least a little about you couldn't guess what it is. We have a tendency to create passwords that are easy to remember. Birth dates, favorite teams, names of children, schools we attended, and so on.

There's an inherent fear that too many people have that if they choose a relatively random password, then they'll forget what it is and have to deal with the hassle of having a new one sent to them and having to change it all over again. Yes, it's a burden when this happens but you know what? Wouldn't you prefer to go through that once in a while rather than wake up one morning to find out you've been robbed?

Create a password that is seemingly random. It doesn't have to be random, though. It merely needs to have the appearance of randomness. There was a popular movie years ago in which a seemingly random set of letters and numbers was mentioned by one of the main characters. This made a great password when combined with another phrase.

What About Storing Your Password?

You do want to make sure that you keep your passwords stored in a safe place somewhere that you can find, should you need it. Don't jot them down on sticky notes and have them on or around the computer. Keep them in a booklet in a safe place where only you know where it is. Your online safety and security is far more important than creating a sense of convenience. Protect yourself and make sure your password is secure.

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

Reality Overtakes Fiction: We Are Already at War, Albeit Electronic, But War All the Same

In previous articles, we have described hardware viruses as minor modifications of very complex circuit boards that make the basic components of every modern electronic chip. The great danger these new virus types pose is that they are, in fact, nearly undetectable because they are dormant until activated. A few thousand additional circuits among a few millions on a chip cannot be revealed by routine quality control. When this chip is one out of a few thousands getting into an electronic device, what chance is there that it will be discovered? As the design and production of any modern device is a complex task being executed by hundreds of independent teams on several continents, nobody can truly be responsible for the integrity of a computer or a smart phone. A hardware virus can therefore be as dormant as a mole for years, until activated by a certain date, by an outside message, or by a sequence of internal events. Hardware viruses could be introduced into everyday electronics by a criminal organization or a foreign Intelligence Agency. Unlike a software-virus, which can be handled by antivirus software and reprogramming, hardware viruses cannot be dealt with without replacing the whole physical component. A point being made in our previous articles was that it is common knowledge that most modern electronic chips are today manufactured in Asia. Would it really be an insurmountable task for a Chinese Intelligence Agency to have a subcontractor tweak a ubiquitous chip? Your answer is as good as mine.

The reality of hardware viruses cannot be swept aside: Not only are they theoretically obvious, they have been manufactured by several University laboratories and their potential nefarious activity documented. But we are now told that an actual hardware virus has been detected! The chip in which a "backdoor" has been detected is a very common component of many applications-including communications and military equipment. The hardware misconstruction allows for an external input to modify programs and memory contents of the final device. This is a very serious revelation, which to date has only been explored in fiction. But, funnily, it happens that the manufacturer of the potentially malicious chip is... American. This does not weaken the fact, of course, that hardware viruses are already a reality, and a very serious reality at that.

There is no doubt in anyone's mind that the next war will be fought in cyber-space as well as in the physical world. Civilian, financial, and military infrastructure will be the targets of severe disruptions in the case of conflict. And the race to be better prepared-both offensively and defensively - is being run right now. Clearly you cannot stop this progress, which, of late, we are told, has spawned a new generation of software viruses. These are called "Frankenstein" viruses: they are based on snippets of innocuous code that exist in legitimate software and trusted programs, but which assemble into a virus by themselves under the designed circumstances. These viruses are nearly undetectable because they avoid the statistical patterns and the malicious architecture of common viruses. They take legitimate building blocks of accepted and universal software, to build, in your device, a malicious entity.

If you bundle together these new hardware and next generation software viruses, and add it to what we already know about malfeasance by big companies and country-backed agencies, you have the recipe for potential havoc in our lives. But is it that real a threat? Is it not all conjecture? Would these cyber-weapons really be used by our enemies? The answer is short and clear: They already are!

Sources close to Intelligence agencies have admitted that the Suxnet virus, which successfully destroyed Uranium-enriching Iranian centrifuges, was an American-Israeli operation. It is not clear, however, whether the leading part in the Operation was American or Israeli, but that is not important. There have been more virus attacks on Iran since, notably the Intelligence-gathering Flame virus, and it looks as if Iran has retaliated in part. Official American policy states that any cyber-attack of American infrastructure will be considered a Casus Belli. In light of the universal principle of reciprocity, the US is therefore at war with Iran, having willfully targeted Iranian infrastructure, deep into underground bunkers. This war is going on, and there is probably much more we do not know.

And Iran is probably not alone as a target or as an instigator of cyber-operations. Any country with super- or regional-power aspirations must be preparing some kind of cyber warfare capability. China has publicly admitted they do invest a lot of money in those capabilities. And is it that difficult?

Google has warned users recently, when appropriate, of State-sponsored hacking. Several concerted cyber-attacks emanating from China have targeted American companies. International groups of hackers, like LuzSec, have hacked into corporations and government computers, including the CIA (By the way, for people who have read Rain Fund, one of the members of LuzSec arrested in the UK was a young man with Asperger's Syndrome). Every day, we are informed of another security breach that has tens of thousands of Credit Card details stolen. Need I say more?

There is a secret cyber-war going on...

Reality is probably extending much further than the fiction. The basic premises of Rain Fund are looking frighteningly more and more plausible every day...

An Explanation of CISPA for Small Businesses   Protect Your Privacy With Reputation Management   Top 5 Reasons to Check Website Security   Why Ignoring IDS Could Lead to Substantial Damage for Businesses   

Twitter Facebook Flickr RSS



Français Deutsch Italiano Português
Español 日本語 한국의 中国简体。