Let’s be careful out there!

That was the shift commanders last words in the TV series Hill Street Blues as the cops went out on their patrol, some to get killed, or otherwise abused.

The statement is fairly futile. Yes we can exercise more caution and maybe we need to be reminded to do it, but come the grim reaper smiling, and caution goes out the window with your soul.

And so it is with “Internet Security”

There is no such real thing as Internet Security!

99% of it is after the horse has bolted stuff. So what is our biggest protection?

Our biggest protection is that there simply aren’t enough MoFO’s who want to mash us up about. But like us, they are discovering and deploying “automation”. I doubt the “thrill” (sic) is as great when you “knife someone by proxy” but I guess they can still smirk at the blips of RSS feeds and social media saying “I’m out of business, I’ve been hacked” fleet across their hacking command centre and they think “hey I did that”.

So I’m pretty much the dumb ass for now getting on their radar, but I’m feeling some one needs to say some thing, some time. And it looks like it’s my turn.

I’d like to say that these hackers were half wit mindless morons, but that would be a slur on actual half wit mindless morons everywhere. And in fact, hackers have more “intelligence” to hack than I do. It is a skill. It may be painting by numbers (but in code) I am not sure as I have not read the “hackers manual” and sure yes there is one. There are several. And video training on it, and everything. Yep they have their only little MoFo club and mofo school.

But I have to believe that it is better to CREATE than to DESTROY. So I guess I should be feeling sorry for these “people” because their talent is obviously just mis-directed. Damn liberal viewpoints

Of course there is another type of hacker, not he gamester, or what if dude, but the hack for profit chimp.

These are the sort of people who abuse WordPress 777 folder permissions and upload 1500 web pages of virus code, code which take sober the surfers browser, when they simply visit the page, and through in a few thousand links to porn sites and sponsors sites.

Sponsors?

Yes!

When hacking is done for money, there has to be someone who will “Profit” from this traffic and who even PAID for this to happen, up-front, if it isn’t being done by themselves directly.

Now the problem with prosecuting fly posters, is they can simply say “it wasn’t me, I didn’t ask for it, I didn’t know they would promote me, and I didn’t pay them $147 to do it last tuesday, no sir, not me.” and it may be true.

It’s easy to throw in a handful of legitimate parties in to the mix of hack fly posting. So how are you going to prosecute, without an actual confession, or payment trail?

So on the surface, we are just all screwed and at the mercy of a handful of hackers.

You see it all started with the dinosaurs:

Why did the dinosaurs become extinct? There were hundreds, if not thousands of them. They were huge powerful and dominated the planet. So what could wipe them ALL out so quickly?

They became big enough to be noticed and they became a target. Whether it was a target for a meteor, or for mother nature, or for death fleas, is not so important. The moral is one they became a target, some thing took them out.

There’s a critical PR point where you get noticed and some people decide they don’t like you because of it, and then it starts. David vs Goliath. Vladimir vs Commerce. The death flea against the dinosaur. The insane gunman against the celebrity. Some mofo who wants his 15 minutes f fame by riding in the slip stream of someone elses success. Someone who can’t create but can destroy.

We’ve seen it with anti-Microsoft hacking groups, who say it is in the name of “????” but in fact it is just an easy famous target.

GOOGLE will be next almost certainly. It’s one hell; of a target. Between ecommerce, file storage, email, and if you didn’t hear, they want to specifically store peoples personal medical records. YEP that was a great idea

Before that, today, right now, WORDPRESS is the dominant publishing system on the web. Their track record is IMHO not all that great. They respond fairly quickly sure. But how many times do they need to respond before the get it right to start with?

Well the answer to that, is that it is an IMPOSSIBLE mission. There is no such thing as Internet Security.

DON’T PANIC! I am not moving from WordPress (for most things) either.

We have to put tings in to perspective. What is the (normal) worst that actually happens?

Our blog gets hacked. We lose our blog for a few days. We go offline for a while.

Now “IF” we have a “recent” backup, we can clean out our account, and re-install and re-upload our backup and hopefully patch up the security hole with a band-aid. A band aid for a knife wound is pretty feeble, but it is enough till we heal naturally, and get over it and move on.

BUT this depends on us actually having a recent backup of our blog.

DO YOU EVEN HAVE A RECENT BACKUP OF OUR BLOG?

This merits a post of its own. But a minimal quick fix is to use WordPress itself, MANAGE | EXPORT (XML). This will at least save your posts and comments.

NOTE it does not save your “USERS”, your theme, theme edits, your plugins, your plugin settings, or any other database records like traffic hits, or anything else.

I would say use the recommended DATABSE backup plug-in, except that has a huge whopping security hole in it, itself, so what are we to do?

IF you run CPANEL hosting, it has various backup features of its own. ENTIRE SITE, Just databases and so on.

If you have PHPMYADMIN on your server, you can backup specific databases with that, and you may find that actually easier to restore than a CPANEL backup. Your call.

But maybe you need to do them all.

YOU need to examine these options and see what works for you. I can’t recommend a 1-fix-all.

Me? I do EVERYTHING (I can remember to do) !

The main point, is if you do nothing. If you do not backup at all, then you are ASKING to lose it all. You are really asking for it, with a big target sign on your back!

I don’t want to scare you BUT I do want to motivate you in to some sort of backup. It’s something you need to do NOW, and not later. Later may be too late.

The next move?

I’m certainly not clever enough to devise a solution. All I know is we ALL need to be mor epro-active about security, and some how we need to get together and police it better for ourselves.

The trouble is that whilst early warning IP blacklists are “effective” they are not efficient. A hacker can get a free AOL account, who use dynamic IPs, and we can not afford to ban the whole of AOL users. And that’ just one minor example to get on the Internet anonymously. Another would SHOCK you, but I don’t want to give them ideas, and you have no real need to know right.

But let’s just know that is you needed to recruit an army of hackers with anonymous Internet access, it can so easily be done, world wars look like fist fights.

SLOPPY CODING:

I’m planning to discuss sloppy coding at some stage in the future, so you can see what you should not buy and what you should not use. Also maybe us coders will work it out together and not be so sloppy.

But to be honest it’s pretty hard to do it the right way. And when deadlines and low volume money are at stake, people cut corners. They shave mountains off of the cliff in fact.

It’s not all bad news, because good hosts can help to minimise the risks of sloppy coding.

Exocet most hosts don’t know what they are doing. In fact I couldn’t even find a consensus of what the right thing was, because there’s no absolute answer. Some answers are just plain wrong, and they are still in use, so some of us are screwed, because we won’t know until it is too late and we have been hacked.

And sadly it goes back to the dinosaurs.

The most popular hosting system by far relies on CPANEL. And CPANEL is largely pretty good. But it is not perfect. Perfect isn’t even possible. And sadly just ike the dinosaur, CPANEL is a big fat tailed target.

Hacking school 101. If you wanted to take down 80% of the web, would you do it by targeting the 1% of blah blah users, or the 80% of CPANEL users? Fame has a price!

DO NOT PANIC! I am not changing from CPANEL either. Because the CPANEL “community” is pretty sharp. So if we have to hope someone can stay a half step ahead, we have o hope it is them. Well “I” do anyway.

And there we have part of the solution. A “sharp” community. Working together.

I guess it’s a bit like Neighbourhood watch, though we don’t hear much about that these day. I guess we rely on CCTV to grass out neighbour up more these days?

But my main point, yes there was one, is that we can NOT leave it to the other guy, to stop crime. We ALL have to be vigilant and play our part and work together as best we can.

I am not totally sure, how, but the WHY is obvious.

“Do not leave your security up to someone else. ” We all have to be careful out there, and sadly there will be casualties. Don’t let it be you by being complacent!

“Complacency costs lives”

PS: I said “normal” worst case, because with some hosting setups, you can lose ntegrity to your database, as well as have trojans injected in to your entire hosting account and temp directories, requiring a TOTAL WIPE and re-install. If you lose database integrity then all of your clients personal records are expose and you are culpable. Even if it’s just their name and email, they will NOT appreciate it.

I can’t give you any advice or guide or who good or bad hosts are. It’s a can of worms way too big for a little me to even start thinking about.

Let’s be careful out there! Some is us ARE going to die today! Don’t let it be you next. Backup.

One Response to “Why the dinosaurs became extinct and why WordPress is next”