UserOnline

, 3 Guests, 4 Bots

Archives

Print This Post Print This Post

WordPress 3.0.2 mandatory security update

This is a mandatory security update for all previous WordPress versions.

This maintenance release fixes a moderate security issue where a malicious Author-level user could gain further access to the site. This release also addresses a handful of bugs, and provides some additional security enhancements.

Summary

  • Fix moderate security issue where a malicious Author-level user could gain further access to the site.

Other bugs and security hardening:

  • Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
  • Fix canonical redirection for permalinks containing %category% with nested categories and paging.
  • Fix occasional irrelevant error messages on plugin activation.
  • Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
  • Clarify the license in the readme
  • Multisite: Fix the delete_user meta capability
  • Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
  • Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
  • Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs

List of Files Revised

wp-includes/ms-files.php
wp-includes/version.php
wp-includes/comment.php
wp-includes/functions.php
wp-includes/load.php
wp-includes/canonical.php
wp-includes/capabilities.php
readme.html
wp-admin/includes/plugin.php
wp-admin/includes/file.php
wp-admin/includes/update-core.php
wp-admin/plugins.php
Print This Post Print This Post

U.S. Government Seizes Domains of Fileshare websites

It’s clear today that the U.S. Government has been very busy. Without any need for COICA, ICE has just seized the domain of a BitTorrent meta-search engine along with those belonging to other music linking sites and several others which appear to be connected to physical counterfeit goods.  When trying to access these site you would be greeted with a nice little banned that looks like the following screen shot.

This happened to Torrent-Finder starting with DNS downtime.  After contacting the websites hosting service they had no idea what was going on and until now they do not understand the situation and they say it was totally from ICANN.  This is straight out crazy.  I can see if there was some kind of legal action against the sites or if there was probable cause to shut down the site that they could lose their domain.  But they won’t kill the domain for Wiki leaks for releasing sensitive information, but they will kill site for suspected copyright infringement.

Now I am not all for sharing files but there is legitimate file sharing out there.  Such as torrents that are used to download Linux distributions.  However that isn’t even the biggest problem, if you do something that is currently in bad favor with the government you can lose your domain without any kind of warning.   I am not sure what this has to say for the future of the Internet, but I don’t think this will even put a dent in the file sharing world.  There are several articles out there, to read more, check out the following:

http://torrentfreak.com/u-s-government-seizes-bittorrent-search-engine-domain-and-more-101126/

http://news.cnet.com/8301-1023_3-20023918-93.html?part=rss&subj=news&tag=2547-1_3-0-20

Print This Post Print This Post

File Encryption for Windows with AxCrypt

AxCrypt is the open source file encryption software for Windows. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files.  Encryption protects your data from being seen by others, and against undetected change.  It does not protect data from loss.  This application has a 32 and 64 bit MSI install package and integrates into the Windows menus.

Let start with where you can find the software.  It is at www.axantum.com, and the installation is pretty basic with a Window MSI package.  The only real selections you can make are a few menus in, here is a screen shot.

You can enable or disable Right click menu integration, self decryption, and portable encryption for a flash drive or portable hard drive.  Once it is installed you just simply right click on the file or folder that you want to encrypt and you can select from several option in the menu.  One of my favorite is the shred and delete option.  This deletes the file and write over the sectors of the hard drive the file was in to insure the file is gone.  Here is a pic of the right click menu on my machine.

Here are the features from the application developers website.

Features

The following are features that really set it apart from all other file encryption tools, commercial as well as free:

  • Double-click to edit/view with any application.
  • Automatic re-encryption after modification.
  • Absolutely no user configuration necessary or possible before use.
  • Open source under GNU General Public License.
  • 7 languages in one executable distribution.
  • Extensive command-line interface for scripting and programming.

Other features

  • Windows 2000/2003/XP/Vista/2008/7 compatible.
  • AES encryption with 128-bit keys.
  • Edit an encrypted document directly with double-click.
  • Optional pass phrase cache – type pass phrases once per logon and/or reboot.
  • Automatic pass phrase validation before decryption or editing.
  • Key-File generation and support.
  • No options or user interface – easy to install and use.
  • Relatively light-weight, less than 1Mb download
  • Extensive command-line interface.
  • Server mode options.
  • Support for files larger than 4GB (on Windows NT/2K/XP or later).
  • Dynamic brute force counter measure – iterative key wrapping.
  • Integrates well with web based file sharing services.
  • Selective compression before encryption – faster downloads/uploads.
  • Retains original file name and information of an encrypted file.
  • Integrated shredder.
  • Shredding of all temporary and encrypted plaintext files.
  • Secure memory handling – no keys or data in the paging file.
  • Industry standard algorithms.
  • Data integrity verification – no undetected modification.
  • Unique data encryption keys used for every file and (re-)encryption.
  • Polyglot – currently speaks English, German, French, Spanish, Italian, Hungarian and Swedish.
  • Easy to add more languages – contact me (I’m especially looking for Nordic languages)!
  • Open source – no backdoors.
  • Private branding support for commercial or corporate versions.
  • It’s FREE!
To encrypt a file or folder just right click on the file and select AxCrypt, then encrypt.  This will pop up another window that will give you options for the encryption of the file.  You can use a pass phrase or a key file.  Here is a pick of the menu.
Another way you can encrypt the file is so it will auto decrypt the file without having AxCrypt installed on the other machine.  It is pretty much the same process, but it makes an EXE file that does all of the work.  You can also make a key file using AxCrypt to use for the encryption of the files.  There is an option in the right click menu to create the file and it will output a text document to the location you choose and it will contain a string of random characters to be used.  The string will look similar to the one that follows.

example string:

DlA8 ti3j xH5j YWV6 yxtt YILA DM3c ns3m 3dHw hU3C s5s=

If you use a key file you will need to keep it is a safe location and not let anyone have it unless you want them to have access to you files.  The last option is the Shred and Delete.  This does just what it says by deleting the file and writing over the blocks on the hard drive it was located.  This is a secure way to remove the file from the hard drive, unlike the normal delete that just removes it forn the file allocation table and leaves the file on the drive.

This is one of the best encryption tools I have seen and I would recommend it for the storage of important files and information that people may store on a computer.  It is also important to remember to backup the files and the key or pass phrase that are used to encrypt the files.  So for extra security on personal information give this app a chance and I am sure you will like it.