Category Archives: TechNotes

Technical Notes viewable only by Level 1 Members and above

Yet Another Router Security Issue

Leave a reply

router security issueA serious flaw in an estimated 1.2 million routers has been discovered that lets hackers into your home or office network – they can even take control of your network. The problem lies with a feature called NAT-PMP (Network Address Translation – Port Mapping Protocol) which allows you – or someone else – easily setup a connection to things like a security camera or file server.

Ideally, the only way to turn on and configure NAT-PMP is if you’re already connected to your wireless network. However, some routers have NAT-PMP turned on by default and will let anyone outside the network configure it which means that a hacker can snoop on and even control things within your network, or things that you’re monitoring from outside the network. This includes snooping on your Internet browsing, re-directing your browsing to malicious sites, peeking at your security camera video or seeing what Internet-enabled gadgets you have in your home.

Unfortunately, no one knows yet exactly what routers are affected. NAT-PMP is often a feature on Apple, ZyXEL, Linksys and Netgear routers, but the models that might have the wrong settings are unknown. Routers from other companies may be affected as well.

To check if you’re affected, you’ll need to log in to your router. Open your browser of choice and type in the router’s IP address. You can find this in your router manual. Look for the settings involving “NAT-PMP.” You’ll probably see “NAT” or “Network Address Translation” on its own as well. Don’t change those – they aren’t the problem.

Turn off any settings concerning NAT-PMP and “external” or “untrusted” interfaces then save the settings. If you don’t see these settings anywhere, you probably are safe. However, while you’re there, also look at your “port forwarding” settings to make sure there’s nothing on the list you haven’t set up yourself. Anything on that list is a potential weak spot in your security if you don’t know what it does.

Heartbleed – What to do and what not to do

Leave a reply

OpenSSL-Heartbleed-vulnerability-CVE-2014-0160HeartBleed

What is it?

Heartbleed is the name that has been given to an extremely dangerous vulnerability in OpenSSL. OpenSSL is a protocol used on about two-thirds of the world’s websites including the FBI’s site, probably your bank’s website and your internet service providers servers. There has been vulnerability in this protocol for the last two years that allows hackers to access information being transferred to and from compromised websites and your computer. OpenSSL is also used in many routers – the devices that transfer data all over the internet. You probably have a router sitting on your desktop – it’s your connection to the internet.

What to do

Avoid secure internet transactions. Go to your brick-and-mortar bank location to do your banking. Do your shopping in person, not online. When your bank or other institutions notify you to change your password, change your password. If your internet service provider notifies you that you need to do something with your router, do it immediately. However, they will most likely be able to update your router without your involvement.

Last week the world was notified of this vulnerability. This means that all the hackers that were not aware of this vulnerability are now aware of it. You can be sure that they are now attempting to exploit this vulnerability. This is the absolute most dangerous time to engage in online commerce until this vulnerability has been removed. You can, however, test websites for this vulnerability at http://filippo.io/Heartbleed/. Be aware, however, that this is not an absolute guarantee of safety. If your router or other routers in the circuit are compromised, your data could still be at risk.

Because your data has been exposed for the last two years, you should contact Kathleen Hjort immediately or visit her website at www.kathleen76.legalshieldassociate.com and get identity theft protection. Legal Shield’s identity protection is the only service that will restore your identity for you in addition to providing alerts.

What not to do

DO NOT change your passwords online until you have been notified to change your password by the company or you have determined that the site is secure. This vulnerability does not give hackers access to data stored on servers – only data being transferred between your computer and the website. Hackers probably do not have your username and password now; if you go online and change it before the website has been updated, the hackers will be able to capture your username and password.

Domain Registration Prices and Other Issues

Leave a reply

Two common errors, in my opinion, that many people make are these:

1.  they register their domain with their webhost

2.  they use the e-mail service provided by their ISP

The reason that these are bad decisions are that webhosts and ISPs are frequently changed.

GoDaddy girlLet’s consider the domain registration first. If your domain is registered with your webhost, it makes the transfer that much more awkward and difficult. In addition, web hosts rarely offer the same level of service as a domain registrar as NameCheap does. Of course, no one else does either. Even GoDaddy. Just let me say this about GoDaddy. If you use them, you are paying too much – unless you are not going to renew your domain. GoDaddy offers deep discounts for your first year of domain registration, but they get it back when you renew. Currently it costs $14.99 to renew a ‘.com’ registration on GoDaddy as opposed to $10.87 to renew at NameCheap. I also hate GoDaddy‘s overwhelming upsell efforts – it’s difficult to find your way through all the pushy sales efforts to find your account maintenance functions. Finally, unless  you are willing to pay more to support GoDaddy‘s exploitation of gross sexual stereotypes, go with superior service and lower prices at NameCheap. If you are already with GoDaddy, transfer your domains to NameCheapwhen you are approaching your renewal date. Transferring domains can be a bit daunting to the uninitiated – contact us for assistance.

Second issue – using the e-mail address provided by your ISP. The primary reason I don’t use them is because I occasionally change Internet Service Providers (ISPs). In fact, I just did that on Friday. I dropped ComCast and went with CenturyLink. If I were using Comcast’s e-mail, I would have to notify everyone that my e-mail address has changed. And I’m not sure that ComCast would forward my mail from my old address to my new one. Another reason I don’t use the ISPs e-mail is that I have my own domain and have my e-mail associated with that domain. I actually have several domains and use one of them for my personal e-mails and virtualwebsource.com for my business e-mails. I intend to keep these two domains for the foreseeable future, so I won’t have to notify anyone that I’m changing my e-mail address for a very long time. Oh, and I do have  yahoo and gmail e-mail addresses as well. I use those when websites require me to signup for their mailing list but I don’t really want to.

If you are currently using your ISPs e-mail, i would recommend obtaining your own domain(s) and using the e-mail services associated with those domains. If you don’t want a website, you can purchase e-mail hosting for just $36/year from us. Contact us for assistance in either case.

If you are using yahoo, hotmail, gmail or any of those services for your e-mail, consider obtaining your own domain (as above) for privacy. These ‘free’ services sell your information to as many people as will buy it, not to mention the fact that Google (and probably the others as well) voluntarily hand all your e-mails and other information over to the NSA.

Do yourself a favor. Register your domains with NameCheap, obtain your webhosting from us, and use us for e-mail hosting. Or if not us, some other webhosting service. Just don’t register your domain with your webhost (we don’t even offer domain registration) and don’t user your ISPs e-mail service.

RSS Setup

Leave a reply

Instructions

 

    • 1

      Determine where to locate the RSS feed button. In most themes, RSS feeds are pre-installed in the sidebar — “sidebar.php” — or footer — “footer.php” — file.

    • 2

      Open the desired file with a text editor. Find either file in the “\wordpress\wp-content\themes\ThemeName” folder.

    • 3

      Insert the following code in the file before the closing “</div>” tag:

      <li>

      <a href=”<?php bloginfo(‘rss2_url’); ?>” title=”<?php _e(‘Syndicate this site using RSS’); ?>”><?php _e(‘<abbr title=”Really Simple Syndication”>RSS</abbr>’); ?></a>

      </li>

    • 4

      Save the file and close the editor.

Read more: How to Create an RSS Feed for a WordPress Blog | eHow.com http://www.ehow.com/how_8491176_create-rss-feed-wordpress-blog.html#ixzz26yxRCREk