Friday, 18 January 2013

Tips on how you can secure your wordpress blog

 A lot of wordpress blogs are hacked, One thing I could really figure out is, most of the people didn’t know what they could control to ensure their blog is not victimized.
Things to understand:

Most of the times when a lot of wordpress blogs are hacked, it is due to a known vulnerability that might have been discovered recently and a few kids taking advantage of being amongst first one to know it. Rest of the times, an entire web hosting server is hacked where almost all the websites on the servers are defaced (hacked). This could be classified into “fault of the hosting company” or “their un-awareness“. In the second scenario, there is not much you can do as if you restore your website with a backup, it is going to be hacked again as the entire server is rooted (gained access to). Best thing to do is “choose your host wisely” :) .
How to save your blog from hackers?
1. Add captchas at all input forms:
One of the most common way to exploit any wordpress blog is by using XSS (cross site scripting) technique. In this technique, the attacker exploits the input forms like comments, searches, logins with a malicious codes to gain access to restricted information i.e. your passwords, your cookies etc.

At the same time, another hacking technique known as “Brute forcing”, which basically means attacker trying all possible dictionary words as your passwords with a tool to check if  any of those work. Adding a captcha ensures that tool’s functionality will break and hence he will not be able to run all the words to match with your password.
2. Get a unique IP address (if affordable):

Trust me, you or I am not Bill Gates! So there is no one who is looking to hack your blog specifically. If your blog is hacked, it is  a part of a massive hacking attack. Most of the massive hacking attacks occur on an IP range of any web hosting server. Having a unique IP that stands up, brightens your chances of not being a part of hundreds of other websites getting hacked. Besides, a unique IP always adds up to SEO efforts.
3. Upgrade, but why?

This point is written everywhere to ensure you upgrade your wordpress to latest version. But do you know why? Whenever any release is published, theres a “change log” attached to it. This change log talks about the issues that were found in last release and how they have been patched. By reading this file, even a newbie hacker can easily understand the flaws in last version and how can he exploit it. So if you haven’t upgraded your version, you better start look for alternatives!
4. Add SSL to wp-admin dir:

Do you know what exactly SSL does? Well, most of the times you are hacked because your computer is infected by viruses which constantly monitors everything you type on your keyboard (even your username and passwords) and are sent to the hacker. If you are using a webpage which is SSL enabled, not application can monitor this encrypted traffic. Neither viruses nor anti-viruses. Using SSL, you ensure that your website will not get hacked even though your computer is infected. So enabling SSL to your wp-admin directory is a great idea.

Note -

    Enable SSL on wp-admin will work ONLY if you have a unique IP address.

5. Do not use “something@123″ , 12345 , admin, all guessable password:

This is the MOST common mistake that I have noticed in past year. Since it is globally accepted to use symbols and numbers into your password, almost every one would make change their “password” to “password@123″. Almost every brute forcing tools nowadays uses a technology where they add “@123″ after every dictionary word. So when “they” say use symbols and numbers, use your head and make it complexed!

Ensure your network is secure

Twenty-four hours a day, seven days a week, 365 days each year – it’s happening. Whether you are awake or asleep, in a meeting or on vacation, they are out there probing your network, looking for a way in. A way to exploit you; a way to steal your data, a place to store illegal content, a website they can deface, or any of a hundred other ways to mess with you for the simple joy of it all. And they can do this with relative ease, even in an automated fashion, with simple tools that are readily available to all.

I’m talking about network scanners. The bad guys use them all day every day to assess networks around the world because a network scanner is one of the easiest and most efficient ways to find the cracks in your armor. If you want to see your network the same way an attacker would, then you want to use a network scanner.

Network scanners perform automated tests of systems over the network. They don’t require agents or any other software to be installed on the “target” machines. They assess a system based on what they can get from it over the network. It’s the same sort of reconnaissance that is performed against your network around the clock, and that is why you want to do it too. Here are five checks you should perform regularly using your network scanner.

1. Vulnerability assessments
Network scanners can use databases of known vulnerabilities to check for anything that might present a risk to your systems. Update that database regularly since new vulnerabilities are discovered all the time.

2. Port scans
A port scanner is a very fast way to determine what sort of systems are running on your network, and are probably the most common sort of recon you will see. Determine what should be accessible on your network from the Internet, validate that with a port scanner, and then use a combination of firewall rule cleanup and system hardening to shut down anything that doesn’t belong.

3. Default password access
There’s a reason there are tens of thousands of default password lists on the Internet-they make for a very easy way to get in. Don’t make it easy for an attacker. Make sure everything on your network has been configured with a strong password to prevent unauthorized access.

4. Running services
To compromise a service, it first has to be running. Every server has to run certain services, otherwise it’s just a space heater, but many run unneeded services either because they are on by default, or the admin who set it up didn’t know any better. Use your network scanner to find all running services, and then shut down the ones that are not needed.

5. Remote access
Speaking of default passwords, in about half of the security audits I have performed for customers, I have found remote access software that they didn’t know about, running on systems that made it very easy to get in. Use your network scanner to find all of the Telnet, SSH, RDP, GoToMyPC, LogMeIn, PCAnywhere and other applications that can provide remote access to a system, and shut down all the ones that shouldn’t be there. Finding all those “secret” ways in, and closing up the unapproved ones, will greatly reduce the risks to your network.

Using a network scanner, set up a regular schedule of scanning your systems for these five critical checks. Scan from the outside to see what the firewall cannot stop, and scan from the internal network so you understand just how much damage an inside threat can cause. Knowing your systems the way an attacker will, helps you to ensure everything is safe.

Java exploit advertised in an Underground Internet forum

We continue to recommend users to disable the Java program on their Web browsers, because it remains vulnerable to attacks that could result in identity theft and other cyber crimes. After less than 24 hours after Oracle Sunday released a security update that addresses two critical zero-day vulnerabilities in Java that are being actively exploited by attackers, an online vulnerability seller began offering a brand-new Java bug for sale.

According to a report, a Java exploits was being advertised for $5,000 a piece in an underground Internet forum and the new zero-day vulnerability was apparently already in at least one attacker's hands. The thread has since been deleted from the forum indicating a sale has been made, something sure to bring more concern to Oracle.Oracle can’t predict the future, and its engineers obviously can’t predict what exploits are going to be found in its software.

The most recent hold Java fixed allowed hackers to enter a computer by using compromised websites as the entry-point into Java. Once in the system, they could steal any information, or hook up the computer to a botnet or a string of infected computers that can be used to launch attacks against other computers.

The exploit is valuable because not only is it usable on the most up-to-date version of Java, which could remain vulnerable for weeks, if not months.

Malware Infects US power plants through USB

The US Department of Homeland Security’s Cyber Emergency Response Team has released a report, which stated that two American electrical power plants were compromised late last year and has identified a number of glaring electronic vulnerabilities.

Some unknown malware infected two power plants control systems using unprotected USB drives as an attack vector. The tainted USB drive came in contact with a handful of machines at the power generation facility and investigators found sophisticated malware on two engineering workstations critical to the operation of the control environment.

The report did not say if the computers did or did not have up-to-date antivirus software, but it did say that current software would have found the malware. The other infection affected 10 computers in a turbine control system. It was also spread by a USB drive and resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks. ICS-CERT recommended that the power facility adopt new USB use guidelines, including the cleaning of a USB device before each use.

Malware a huge threat in Critical Infrastructure

Every time a story emerges up about malware popping up on an industrial control system or someone remotely hacking into some piece of critical infrastructure, there is a reliable and justifiable chorus of experts wagging their fingers and asking, “Why in the world was that system connected to the Internet in the first place?” At this point, pretty much everyone agrees that sensitive control systems should be air-gapped, or completely disconnected from the Internet. In this way, physical, human interaction should be the only way to access such systems, which is a considerable problem for those in the business of conducting cyberwarfare.

In order for the now-infamous Stuxnet malware to infiltrate work-stations at Iran’s Natanz nuclear enrichment facility, which was reportedly air-gapped from the rest of the Internet, some person apparently had to walk into the lab with USB device that had the Stuxnet malware preloaded onto it. This unknown person then had to physically plug the USB stick into a computer connected to the Natanz network, which then used some combination of Microsoft’s auto-run feature, a few forged certificates, multiple zero-days and lines upon lines of malicious code to spin a bunch of centrifuges out of control, causing them to malfunction in some catastrophic way.

This infection mechanism has an overwhelmingly analog feel to it, especially considering that malware itself and the Stuxnet saga as a whole constitute one of the more sophisticated cyberespionage operations known today.

As a number of news outlets have noted, the Natanz incident played an integral role in Microsoft’s decision to disable the AutoRun functionality that automatically executed external media upon detection. More to the point, the Natanz incident sent a warning to the administrators of secure systems all over the world that thumb drives and other external storage devices presented a serious threat, and could potentially render the air-gap defense method useless. Largely because of Stuxnet, Defense claims that USB-storage and similar devices have been banned at Natanz and at the Pentagon, as well as in any number of other facilities containing sensitive systems.

This reality has forced the U.S. military apparatus to look beyond the conventional, analog variety of infecting air-gapped machines. The Department of Defense knows that this sort of 20th century, Cold War-era spy work just won’t jibe with the digital age. So the Pentagon is seeking an electronic way to jump the air-gap, so to speak.

The details of their proposal are of course classified, but sources familiar with the program told Defense News that the Army’s Intelligence and Information Warfare Directorate (I2WD) met with representatives from 60 or so organizations on November 28 of last year. Together they came up with a handful of objectives that will guide their Tactical Electromagnetic Cyber Warfare Demonstrator (TECWD, pronounced ‘techwood’).

Defense News notes that the TECWD program aims to uncover electronic solutions to problems in kinetic warfare as well (the report claims that one objective seeks to develop systems that could mitigate the threat of improvised explosive devices).

However, the more relevant part is about “inserting and extracting data from sealed, wired networks.” According to Defense News, the DoD believes they can inject malicious code via radio frequencies by analyzing electromagnetic field distortions from aircraft and ground vehicles deployed in or around the systems they want to compromise.

The TECWD project isn’t seeking to directly produce systems, according to the report, but is rather designed to be a platform on which to demonstrate a vast swath of emerging electronic warfare and defense capabilities.