SEM Wired

Archive for the ‘ Security ’ Category

How to connect to Facebook via SSL

April 11, 2010 How-to, Security, Web Development Comments

A few months aho Google announced Gmail would switch to a default https connection, increasing protection against sniffing and any other network related threat. It was great news, even though the SLL was already available, Google made it the default option for users.

how to connect to facebook via httpsNowadays all over the world millions of Facebook users get connected via standard http, keeping themselves quite vulnerable to sniffing or man in the middle type of exploits. Is there any way to switch to a safer connection making our Facebook login a bit more secure?

Just type https://facebook.com when logging in and your connection will pass through SLL encoding, making it safer: your machine will exchange a key with the facebook server through which all date will be encoded.

This means the secure socket layer connection s already availbale: how long should users wait for it to become the default connection in Facebook?

How to scan your WordPress for vulnerabilities

October 24, 2009 How-to, Security, Web Development, Wordpress Comments

scan-wordpress-vulnerabilities-exploitA news realase of WordPress has just been made available and is supposed to fix several security flaws, as explained here on the WP blog.

WordPress got so popular that any security update can actually be crucial, considering the amount of websites using it. Recently a well-known vulnerability allowed a worm to spread around affecting several blogs, according to this article. Still, there’s something more we can do to make our WordPress installation safer.

The WordPress Exploit Scanner extension can scan for well-known vulnerabilities and exploits which might affect your WordPress installation. In order to be used you just need to download, the extension, upload it on you server, active it by the extensions dashboard and a link will pop-up on your general dashboard.

Once you run the extension (it might need a few minutes to complete the task) the report you get is extensive. The plugin analyse in depth every single file, looking for malicious code embedded into standard file. It’s pretty useful, even if a standard report can require some programming knowledge to be fully understood. It’s a very neat tool, I guess it should be included in every WordPress standard setup.