OFFICIAL BLOGHER '10 LIVEBLOG: Geek Lab: Fight Spam and Hackers! Plugging Security Holes

BlogHer Original Post

Liz Henry opens the session with some lighthearted jokes. "This session should be called, 'change your password, change your password, change your password." Now she is asking what types of blog platforms we are using; wordpress, blogger, blogspot, etc.

Liz: We need to voice our right about security. We need to be protected about our privacy. All forms of privacy--being in the real-life public, you should also be protecting yourself on the internet.

Hackers--I consider myself a hacker. If I see a vulnerability I might go in it just so I can see if I can get in. Software updates are due to people making mistakes and leaving a hole in software. So the updates are to fix all the issues that come up.

You can be hacked on almost any level. If someone borrows your laptop they can put keyword logging software without your ever knowing.

PDFs are really hot for security issues. It's very easy to add things to PDFs that can hack into your computer.

Email passwords are the most important thing to keep secure.

Shoulder surfing is a big threat. It's easy to see what someone's password is by watching them.

Bad Passwords
Never give people your password. You can change your password temporarily if they need to access to "fix" things etc.

No pet names. No kids' names and birth year. No favorite teams, pop stars, deity, etc. Google for your password--does it come up? You can see if your password comes up on a list of cracked passwords.

Learn how to crack passwords. Google it! Google "how to crack passwords" or "choosing secure passwords."

Now you'll now how to make a better password!

There are programs called Password Managers. 1Password, keepass, PasswordSafe.

Liz asks the group if anyone uses these programs. She finds them more work but one of the attendees feels it's a nice program. He keeps it on his usb drive and takes it back/forth to work.

Question: How often are you changing passwords?
Liz: On high security things, maybe every couple of months.

Question: If you change the password often, isn't it more likely make simple passwords with a sequence number.

Liz: Depends on you and your paranoia level.

Liz still talking---

You need a system to keep track of your passwords.

Audience:
When you have questions, "Mother's maiden name" etc don't actually USE your mother's maiden name because your friends or people that know your mother's maiden name. You don't have to be honest in those security questions!

Liz Talking Again:
Have a different password for your email than everything else.
Make backups--backup your blogs

Malware is is a threat. Keep your antivirus software up to date, wordpress, blogspot, everything up to date.

Check your site: Google webmaster tools.

Set up an alert on your site for spam specific words on your site.

http://www.unmaskparasites.com/ is currently nice

More good advice is on stopbadware.org

Encryption: https is really great security.

Firefox tool is https://www.eff.org/https-everywhere

Keep WordPress updated. Keep it backed up, keep plugins updated.

Here's my weird radical idea: have a hack date. Try and hack each other's passwords?!

Be a white-hat hacker. If you see a friend has a vulnerability, let them know.

Think about who has your data. http://www.tosback.org will track changes in companies' terms of service.

Protecting the family, put Torbrowser on a USB stick and use that. Very secure. https://www.torproject.org/torbrowser/

DISCUSSIONS

Q: How do you backup blog posts?
A: Export functions are available on most platforms. It will download a copy of entire blog, comments, meta data.

Q: How do you block people or ban them?
A: There are ways to block. There are plugins and other. I can't answer off the top of my head. But the answer is yes.

Q: I am getting tons of spam comments on my blogs. Is there anyway I screen them out? I'm spending so much time blocking them.
A: Kismet is good and so is intense debate. There is a preset list and then you can add to it. On WordPress you can activate Kismet.

Q: How do you know that you've been hacked?
A: It's often subtle but it can be really obvious sometimes too.

Liz:
Don't let yourself be silenced because of hackers. Let me suggest a healthy fear to keep yourself protected.

Q: Why are people hacking? What is their purpose?
A: The most common thing are bots. They just go and check if you've emailed your credit card info or social security number etc. It can be set up to send spam all night long. Many times they look benign and then turn into a bigger problem. Sometimes they are just seeing if there's something interesting or not.

Q: I had a monologue on youtube and it get redirected to someone else's site.
A: What that person did is hack google and not you. You could report them as abuse. What they've done is out-SEO you to put themselves on top.

Liz:

If I was really famous I would buy up a bunch of domain names with my name in it, including "LizHenrySucks.com" kind of stuff.

Q: Is there somewhere I really should start? WordPress for Dummies is too hard for me.
A: Sometimes people think they are having trouble when maybe they really need to understand more of what's going on; the nuts and bolts of internet, server, where is my site, what does what, etc?

Comment from member: Surround yourself with people who know the things you don't.

Liz: If you have someone helping you with the computer and you are still confused and crying, they're a lousy teacher and get someone else. It's not you.

Q: Is there some company that you can call for answers? GoDaddy used to be great with 24/7 support. Who is there now? Is there a person?
A: Yes! I'm Sara with Technology for Moms.com I explain technology in ways for people to understand. I'm microsoft certified person and I offer assistance. My blog tech4moms.com. Twitter advice is free.

Session ends with large round of applause!

Comments

In order to comment on BlogHer.com, you'll need to be logged in. You'll be given the option to log in or create an account when you publish your comment. If you do not log in or create an account, your comment will not be displayed.