Reading time: 3 – 4 minutes Tweet Business people utilize social media to optimize outreach to customers and partners. Loyal consumers of particular companies are often interested in what executives have to say. Similarly, companies also have plenty of reasons to stay updated on the latest events relating to business partners. Being concise is an […]
Archive for June, 2009
Reading time: 2 – 2 minutes
One of the most engaging Twitter application that I have used so far was the newly developed Tweetboard, a micro-forum type application that can be integrated into your website which pulls your Twitter stream in real-time (with maximum of one minute delay). Tweetboard reformats tweets into threaded conversations including those that spun off the original conversation giving your site’s visitors full perspective of what’s being discussed thereby engaging your website visitors to join in. Everytime a visitor posts or a reply via your Tweetboard, a linkback is appended to their tweet thereby creating viral stream of Twitter traffic.
The rise of Tweetboard as a promising Twitter application revolutionizes the way Twitter conversations can be streamlined on a larger scale through websites or blogs and this redefines the essence tweets on a more personal level.
Reading time: 3 – 4 minutes
Based on my previous post about this blog being compromised, I decided that it would bring much justice to the previous post entitled, “Blogosphere Alert: Prevent your WordPress blogs from being hacked!” to expose the different ways on how a WordPress blog can be compromised or hacked. We all know that WordPress blogs are written on php scripts and are made operational by means of MySQL Database via a web host.
For WordPress blogs, most hackers in order to create damage usually introduce malicious codes that may cause unwanted action statements through php code snippets. One of which is through SQL Injection. SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.
Another form of hack is Cross-site scripting (XSS) which is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users or cyber criminals into the web pages viewed by innocent users commonly exploited for phishing attacks to steal sensitive data such as credit card information in which most of the time, victims are unaware that a webpage is already stealing his/her valuable information.
The most common exploit that happens to a dedicated server is a script exploit that gives the hacker non root access to a dedicated server. What hackers do is pass the script some variables and commands in an http URL. The vulnerability is that the script allows the commands to be run thereby giving the hacker access only to the /tmp directory. The next action they would take is to upload scanning tools and start a DDOS attack against another server. While hackers don’t have root access, removing all their files and stopping all their processes will remove them but chances are, if the vulnerable scripts are not removed, they would still come back.
Another technique often used to attack Internet websites was via a remote computer known as Remote File Inclusion (RFI). Remote File Inclusion attacks allow malicious users to run their own PHP code called a webshell, also known as a PHP shell. A webshell can display the files and folders on the server allowing editing tasks such as editing, adding or deleting files which could also be used to gain administrator-level or root access on the server.
Familiarity with these vulnerabilities will give you ideas how your PHP scripts play a vital role in your WordPress blog’s security. Don’t try pretending to be a know-it-all guru, most tech bloggers’ blogs especially established one’s had once been compromised. It doesn’t hurt to ask what you don’t know. If you hardly believe it, do your research. Your call!
Reading time: 3 – 4 minutes
Traveling is definitely one of the most exciting activities that anyone could get into. The grandness of seeing beautiful places and tourist destinations are exhilarating and experiencing its beauty is worth a thousand words. Most of the time, a place that has marked its image and captured your heart could attract you to keep coming back.
How many times have you been on a certain place may be out of your country and returned for a visit? What makes you decide to comeback? There are just so many factors but the fact is there could be one or more compelling reasons. Let me guess, this could be because of the great place you’ve stayed, right?
Having a great place to stay during your travel could make or break your vacation or impression of a place. However it doesn’t mean that spending more comes along with getting a great holiday, correct? Why be afraid of traveling on a shoestring when you can get a great vacation for less the cost topped with great hotel accommodation? Isn’t that a great deal?
If I were to travel the next time around, I would surely keep an eye on cost-effective options in choosing the best place to stay especially now that I’ve come across AccorHotels.com which offers affordable hotel accommodations to stay in 27 cities including Bangkok, Singapore, Kuala Lumpur, Jakarta, Hanoi, Manila, Mumbai, Sydney and Auckland. The last time I left the country was in 2003 when I went to Singapore for a business trip. Given the chance to travel, I would opt to go back to Singapore to visit the places I’ve missed.
Choosing to go back to Singapore will be a great experience and staying at Hotel Ibis (one of Accor’s brand hotels) on Bencoolen St., located at the heart of Singapore’s Central Business District is an intelligent option for a cozy pit stop which is only 20 minutes way from Changi Airport with nearby parks and leisure destinations such as the Singapore Zoo and Jurong Bird Park. If I would want to visit a historical or a national heritage park, there’s Little India, to satisfy my visual and artistic craving there’s Bugis Cineplex for movie viewing, Esplanade for Classic Theatrical shows and the Suntec City Convention Center which was 3 kilometers away.
The month of June is a great time to travel especially because Accor Hotels City Super Sale is just in time to complement any traveler’s hunger for affordable and quality hotel accommodations to choose from with its reduced “City Super Sale” hotel rates in 27 destination cities across 10 countries in Asia Pacific with Accor’s various brands–Sofitel, Pullman, Grand Mercure, Novotel, Mercure, All Seasons and Ibis hotels participating thereby providing a wide range of affordable options and different rates during the two and a half months. With rates starting as low as US$25 per night and over 250,000 room nights on sale, travelers can take advantage of savings of up to 60% by booking on-line between 23rd – 29th of this month for stays between July 10 and September 30, 2009.
Nothing could be more attractive than this as Accor ‘City Super Sale’ coincides with record-low air fares across the Asia Pacific rim especially during this time of year allowing travelers to enjoy some of the world’s most exciting destinations. Traveling need not be expensive as long as you know where, when, and how to get the best deals during a specific time of year.
Update 09 September 2009: This is just one of those infomercial posts I’ve written ’bout promotions in the Asian region and hopefully there would be more to come soon, so stay tuned.
Reading time: 1 – 2 minutes
While this is not the first time VoIP has been covered on this blog, today’s post focuses on the companies providing VoIP services. For simplicity of facts, VoIP stands for Voice over Internet Protocol which refers to a system of transmission technologies that delivers voice communications over the Internet or other packet-switched networks. Also known for many terms such as IP telephony and Internet telephony, voice-over-IP systems carry telephony speech as digital audio which makes it inexpensive when communication is done via the internet.
Among the leading services that we know include AT&T CallVantage, Cox Communications Digital Telephone, Vonage, and Skype with the latter being the most widely used service via a free software client which enables communication over the internet for free minus the internet facility with the exception of some paid premium services.
Sources of VOIP Reviews on the internet are aplenty though there are few that really stand out. And since we are talking about VoIP service providers, why not enjoy the best VOIP and DSL services from Spectrotel, a telecommunications company that offers quality services. Visit Spectrotel’s profile here.
There are just so many VoIP service providers around so the ultimate criteria to consider before subscribing to any VoIP solutions provider is their ability to consistently deliver cost-effective, efficient and quality service at all times.
Reading time: 2 – 2 minutes
Based on my previous post entitled, “Conficker can damage MP3 players not just USB drives: AVG Antivirus Software detects and removes Conficker from my ZEN Stone MP3 Player,” I have mentioned in its latter part that I was able to recover my MP3 files after the trouble I’ve had with my Creative Zen MP3 player being infected with Conficker.
The good thing is that Creative Zen has provided a program that resolves majority of player problems such as those that stopped playing or working. This MP3 Player Recovery Software updates your player to the latest available firmware to make it work, meaning it renews it. So, this is the software that saved the life of my MP3 player.
Should I have lost the MP3 files, do you think I would have lost everything totally? Think about it, there’s always a way. I could have used the PC Recovery Smart Recovery Software or the MultiStage Recovery software. If you wanted to know how powerful they are, read this post entitled, “Reliable data recovery softwares that bring files back to life.”
Reading time: 1 – 2 minutes
The emergence of new threats on credit card security continuously challenges merchants on a daily basis thereby PCI Security Standard compliance has been a keen requirement to counter the possibility of any harmful impacts these may have on consumers. As merchants try to keep up with PCI Security Standards, the cost, time, and resources that come along with it are just overwhelming and as the recent breaches have proven, even merchants that are compliant find PCI compliance management does not guarantee security.
However, a smarter approach to PCI compliance had been developed using credit card tokenization and Transparent Redirect method. This unique and secure credit card data storage solution collects the sensitive data that is entered directly from the merchant’s website whenever payment is made by a customer. The data then never touches the merchant’s server instead these data or credit card information are stored in a vault and a unique “token” is returned to the merchant after the transaction. The “tokens” are as good as credit card that can be used for future sales, refunds, voids, credits, reporting and reconciliation. This solution completely eliminate the handling, processing and storage of credit card data without changing the user interface while providing merchants full control over the data which makes it useless to criminals even if the token are stolen. With this emerging security trend, the scope of PCI Compliance is significantly reduced and simplified and no credit card data is compromised.
Reading time: 1 – 2 minutes
The economic recession characterized by simultaneous occurrences that included major declines in coincident measures of activity such as employment, investment, and corporate profits globally affected most businesses. While most nations that are greatly affected are still struggling to bounce back, the challenge remains evident.
Most businesses that anticipate fluctuations in the economy, vigilant in their decision making, and are keen in their performance are likely to achieve their goals. In order to achieve these goals, a holistic approach to comprehensive business analyses must be undertaken strategically in these areas–assets and liabilities, strengths and opportunities, challenges and threats through the aid of an intensified accounting and financial action plan.
Established and trusted accounting firms can provide breakthrough financial and management advisory services that will guide you along the way. In Southern California, business accounting San Diego financial and management advisory services offerings through Allen Barron Inc., provides cost-effective analysis on the four functional lenses such as,
• FINANCIAL ACCOUNTING
• LEGAL SERVICES
• COMPUTER SYSTEMS
Customized accounting services are provided to each client’s needs specific to their financial goals. A Comprehensive Business Review is also provided which will tell you the direction where your business is heading and guide you in taking control of your business to where it should lead. Securing today’s business is a work in progess but taking into consideration the value of efficient support systems can help in achieving sustainability.
Reading time: 6 – 10 minutes
I was surprised knowing today that my blog was almost hacked.¹ The situation had shaken me that I almost freaked out but the good thing is that I’ve managed to put myself back together. I told myself that this could not happen so I didn’t panic instead I collectively put my thoughts into tracking the traces of the hacker on my site, and figuring out how it became possible.
I was editing previous posts when suddenly right after hitting “Update Post”, I became curious to check the post attribution drop down option. To my amazement, I have seen two other names on the drop down option which are not even contributors nor editors on this blog. When I checked the “user settings,” it became clear to me that there were really two guys with obscure names registered on my blog both marked as “admin.” While it had me marked as “administrator” with all the posts attributed to my name, it came into me that there’s something I needed to find out how these guys where able to register on my blog.
The Tracking Begins
I went first into the General settings. I found out that the “anyone can register” option box was ticked. Perhaps, that became their point of entry into my blog so I unticked it and saved the settings. So guys, don’t place the “Meta widget” on your webpage and don’t allow anyone to register especially when there’s no pre-defined user privileges or multiple users in your blog.
A bit paranoid that I am, I’ve decided to change my admin username and password. Changing WordPress default username “admin” to your preferred name can give you more protection since if you leave it at default “admin“, hackers would only have to figure out your password via brute force recovery and voila! You’re screwed. If you don’t have any idea how to change the default username “admin” in WordPress, follow these simple steps:
1. Back up your database first. This is the most important thing to do because you would not want your hard work go to waste.
2. Use phpMyAdmin to access your database.
3. Select the table labeled WP_Users, click the browse icon and select the record labeled Admin and click edit. The edit button looks like a pencil.
4. Go to the field labeled user_login and change the name to your preference. Save the changes.
5. Log out and login again to verify the changes.
If you don’t want to get into modifying it via phpmyadmin database, you can use a plugin to change admin username in WordPress found on www.w-shadow.com.
The next thing I did was to check if there had been some changes in the php scripts particularly in header.php file. Good thing is that I’ve found no trace of suspicious codes within the scripts, so I’m good. You can view here an example of a wp-blog-header.php file that has been hacked. I’ve also checked .htaccess file but it seems clean.
I’ve also downloaded the WordPress Exploit Scanner plugin which searches the files and database of your website for signs of suspicious activity, although its not a guarantee that it would stop anyone from getting into your site’s backend but it may help you figure out any uploaded, modified or compromised files left by a hacker.
Also, I have edited wp-config.php and created the SECRET_KEY, i.e., define(‘SECURE_AUTH_KEY’, ‘You unique phrase here’); a password containing elements that would make any hacking attempt unsuccessful to penetrate a security barrier since it generates a code that is almost impossible to decipher. Get instructions on editing wp-config.php here.
Lastly, I’ve made a backup of my database and files. If you need help on backing up your database, go seek your webhost for assistance as there are so many ways to do this depending on the MySQL version you are using.
There’s so much information overload here since internet security nowadays can really screw up anything you’ve accomplished in just a breeze. Don’t be a victim. I may have been saved for the day but who knows so I’m paying much attention to details now while doing a lot of extra protective measures. What happened was a false alarm though I’m keeping myself extra vigilant. So, do yourself a favor and learn as early as possible while you still have the chance. I cannot emphasize this more than enough because we’re all vulnerable here.
To sum up, I can simply advice you to remember the acronym–B.U.C.K.S
B–Backup database regularly.
U–Upgrade to the latest version of WordPress if you haven’t. I haven’t upgraded yet but eventually I would. I’m still looking at some factors especially the plugins because they are the ones mostly affected during upgrades aside from bugs. So far, I’m fine with 2.7.1 and I’m keeping my blog secured. It is advisable that you upgrade once your blog has been hacked.
C–Configure wp-config.php for added security.
K–Know how to do simple php script and database editing. It’s pay a lot to learn.
S–Seek help when needed. Don’t pretend that you know all things. It doesn’t hurt to ask questions.
That’s all for now, I’ll keep you posted once I’ve found out something new. Cheers!
While finalizing this post, I just came across this plugin called Login LockDown, an enhanced login security plugin that records the IP address and timestamps of every failed WordPress login attempt within 5 mins. After three unsuccessful attemps, all requests from that range of IP will be disabled as this prevents brute force password discovery.
The IP lockout time is set to a default of an hour but is modifiable via the options panel and administrators can also release locked out IP ranges manually. Login LockDown is downloadable from this link: http://www.bad-neighborhood.com/login-lockdown.html (Just copy paste the URL into your browser).
This post was originally posted on 16 June 2009 but for some reasons, the post disappeared from the exported WordPress XML file containing all the posts, comments, etc. so I had it republished.
A few hours after this post went live, I went back to this site to check how it was doing in terms of views when all of a sudden I got struck when all I’m seeing was “Index of/” when I type this blog’s URL on the browser. I contacted my host about this matter and they told me that the index.php file was missing.
1. My blog was hacked. The index.php was compromised by unscrupulous cyber criminals trying to stop me from exposing the realities of today’s WordPress blogs from this vulnerability. Here’s the screenshot of the index.php after it was compromised:
Yes, silence is golden but this incident just awakened my spirit and flared up my eagerness to continue writing. It seemed like somebody wants me to shut up but whoever they are, I’m just getting started.
Reading time: 2 – 4 minutes
Most of us may not realize that over a lifetime, years of wearing extended contacts and glasses are dramatically costing us more than we could reckon. Aside from the fact that wearing contacts require time and meticulous attention to ensure proper cleaning and to avoid infection, the extra precaution it requires is just one of the many comfort issues we face.
Vision correction procedures have been around for years, typically, laser eye correction promises better vision without glasses or contacts. The most common elective vision procedure in the U.S. is the iLASIK technology–a safe and proven method of laser eye correction recently approved by all branches of the U.S. military and NASA for their servicemen and women.
In order to qualify for the procedure, a candidate must pass the basic criteria as follows:
1. Must be at least 21 years old.
2. Generally of good health.
3. Has had a stable vision prescription for at least one year.
4. Has no existing eye disease.
It is strongly advised to get an extensive exam by an iLASIK surgeon to determine suitability to undergo the procedure. Sophisticated computers and software are used to make an individual blueprint of your eyes or what is called a customized WaveScan™ map which will serve as the road map for your iLASIK procedure.
The iLASIK procedure reshapes the cornea to correct the refractive imperfections in the eye (which is essentially the reason some people are nearsighted, farsighted, etc.) by creating a thin corneal flap using IntraLase™ FS laser which makes it unique and not the traditional LASIK with a blade.
The aid of Iris Registration and ActiveTrack™ 3D eye tracking technology ensure that the laser stays precisely aligned even with eye movements during the procedure. This eye correction is entirely computer driven, safe, fast and almost painless.
Results may vary however 98% of nearsighted patients who have undergone the procedure noticeably experienced improved vision of 20/20 and even better right after a year of treatment. And with iLASIK being covered by most health savings account offering a tax deductible payment scheme, this definitely makes it a worthwhile investment with long term benefit and a great way to pay for better vision.
Updated 09 September 2009: This is one of those infomercial posts I’ve written about that is up ’til now remains relevant. If you have anything that you’d like to add or correct, do let me know.
Reading time: 3 – 5 minutes
There was one incident noted today by one of our intercafe clients that Yahoo! Messenger is inaccessible. As I figured it out, the sign in problem in Yahoo that he has been getting was error 81003002 which normally advises users to find out if they were putting in their correct Yahoo! ID and password. Having to try it many times could be stressful and annoying. The sign in error was not remote because it was the same for all PCs running within the network.
Unlike Yahoo! error 81003004, Yahoo messenger error 81003002 has nothing to do with internet connection. Like most users have observed while using Yahoo Messenger 9, its bugs really causes a lot of issues which are not even resolved in their blog.
Here’s what you need to do in case you encountered Yahoo messenger error 81003002:
- Double check your Yahoo ID and password. If at several times of sign in attempts but you still get the same error, restart you PC and if you are connected to a modem or router, do the same.
If you are sure that no virus has actually penetrated the system, there is no need to run a system scan.
- While some blogs advice reinstallation of the software (of the same verision, i.e. v9) and some may even advice removal of v.9 and installation on an older Yahoo messenger version like Yahoo Messenger 8, do not waste your time as I have already done that. The older version of the IM software no longer works.
Again, if you have had error 81003002 while attempting to sign in to Yahoo, open Windows Task Manager (by pressing CLT+ALT+DEL), select Processes and find YahooMessenger.exe and click End Process. Try to do this several times but if it does not work, then try to reinstall the software. Doing this step does not guarantee that you will be able to sign in but its worth the try. The surprising thing is that when it happened to me, I removed Yahoo Messenger v9 on one of the PCs within my nextwork, the next day when my sister checked it out, she was able to sign in. It just simply fixed itself overtime. Huh?! It’s fascinating why did it happen? Could it be that our IP has been blocked by Yahoo for the entire day and restored it afterward? It’s not a virus as I’m 100% sure. It could be a bug though but I’m not certain what caused it so what I did was reinstall the instant messenger again and I was able to sign in to Yahoo messenger finally.
This is what happened and it’s something that I don’t have any technical reason to offer but I suspect that it was really a bug. Have you experienced the same scenario? What did you do?
FYI, if you are in need of using the application but was caught in a situation similar to the one discussed, you can try signing in to these alternative link or sites to get Yahoo! Messenger access.
http://paltalk.com-includes IM software or chat client
Update: 23 November 2009
I have just discovered another workaround to get rid of this error. Head over to my post about Yahoo Error 81003004 and follow the steps stated from the 20th of November update and choose Option 1. I haven’t tried Option 2 yet on this error but hopefully Option 1 should do the job. If you have any questions, use the contact us page.
Reading time: 3 – 4 minutes
Instant messenger software like Yahoo!, ICQ, and MSN among others are very useful in keeping up with our social interactions. Yahoo! Messenger and Yahoo! Multi-Messenger patch come in handly to provide a multi-functional instant messenger experience. However, if you are looking for variety, I have found a great instant messenger enhancement software that will surely light up a boaring IM window.
Introducing SweetIM, an instant messenger software enhancer that comes with two separate and fun-filled functionality–the SweetIM Software and the SweetIM Toolbar. SweetIM software enhances messenger experience by adding emoticons, winks, audibles, sound FX, display pictures, and nudges while the SweetIM Toolbar (which is only compatible with Internet Explorer) allows users to add favorite icons and emoticons to any web based application including web based email such as Hotmail, Yahoo! Mail, Gmail, Web Forums, Blogs, etc.
SweetIM is elegantly designed but the lack of compatibility with other widely used browsers like Firefox, Opera, and Safari is still a work in progress. Let me share with you a screen shot of SweetIM integrated on Yahoo! Messenger and SweetIM Toolbar on IE.
Also, here is an embed video taken from the SweetIM Toolbar on IE (which can also be sent via email) with Zac Efron on it. Enjoy!
If you liked this post, you might also be interested in Resolving Yahoo! Messenger sign in error 81003004.