Systems Russell Mickler Systems Russell Mickler

Don't Mess With Stray USB Sticks

If you find a USB stick on the street, don't plug it into a computer. Its content can likely harm you. Why do you want to learn more? Because you're not stupid.

Earlier this year, an experiment was conducted. 200 unbranded USB drives were dropped in high-traffic public areas in Chicago, San Francisco, Cleveland, and Washington DC. 20-percent of those who found the USB sticks picked them up and just plugged them right in to an electronic device. The users then proceeded with clicking on files and browsing to websites.

Okay, "people are stupid" isn't necessary a newsflash but let's go ahead and say that you might not understand why this is a risky behavior and, in fact, you don't see why sticking USB sticks in computers is a problem.

USB sticks are unencrypted storage devices that are read by computers when they're "mounted", or, inserted into a USB port. When that happens, it's possible that the USB drive can deliver a virus to the computer. Further, the files found on the USB drive can be double-clicked or opened, allowing for a virus to then launch on the infected computer. Finally, browsing to websites introduced by a USB stick could also introduce a virus to your computer.

Viruses, naturally, can then steal personal private information or harm your computer system.

Why did the stupid people do this? They wanted to see if there were any naked pictures on the drive, of course, or, wanted to invade the potential privacy of others by looting their personal files. They also wanted to see how big the drive was to see if they wanted to keep it for themselves, because people are greedy pigs. And finally, they just weren't trained not to do so, or, didn't care about the potential security risk - simply ignorant. Peoples do as peoples does.

So two take-aways here:

1. Don't store your crap on USB drives. It's an insecure medium and can easily fall out of your control, leaving your data to the sex-starved, greedy, ignorant masses.

2. Don't be stupid. Don't take any unknown USB drive and stick it into a computer you own, or, your work computer. Naturally you should do it on your friends computer or you mom's or something, but if you're not going to be a jerk about it, just throw it away. Well, okay, e-recycle the thing.

R

Read More
Systems Russell Mickler Systems Russell Mickler

How to Backup and Restore Wordpress

How to backup and restore a Wordpress database in a couple of easy albeit technical steps.

Okay, this is kind of technical, but here are some clear-cut, understandable steps for backing up your Wordpress site.

Backing Up Wordpress

On your existing website:

1. Install the WP Backup Plugin.

2. Run a Manual Backup using this plugin, saving files and the database.

3. When it's completed, it will show the archive zip file stored to the server. Download it to your PC.

You now have what you need to perform the restore.

Now, let's say that you're going to restore the website into a new host. In theory, you've setup Wordpress on the new host, and you have control over it (you can login to it and its CPANEL). Alternatively, you could also want to wipe out the existing install and start over. Either way, we're assuming here that you've got a fresh Wordpress install and control over it.

Restoring Wordpress

1. Unpack the zip file you downloaded to its own directory on your desktop.

2. Using FILEZILLA (or an FTP program of your choice), login to your new host using the CPANEL admin account.

3. Browse to your public_html directory.

4. Browse to the Wordpress install directory. You'll find a directory called WP_CONTENT.

5. Under WP_CONTENT, delete the directories PLUGINS, THEMES, and UPLOADS.

6. When this is finished, in Filezilla, we'd now browse the local directory system to your desktop and access the archive you unpacked. Locate the WP_CONTENT directory there.

7. Upload the three directories to the host: PLUGINS, THEMES, and UPLOADS.

Restoring a Wordpress Database

At this time, you've now completed nearly all the steps for the restore.  The last effort will be to restore the database.

1. On CPANEL, look for PHPMyAdmin.

2. Within PHPMyAdmin, select the named database.

3. Find the wp_options table.

4. Click the option to IMPORT.

5. On the next screen, select the *.SQL file created in the backup archive you extracted to your desktop. Then, confirm the import.

6. PHPMyAdmin will confirm x-number of rows were inserted and over-wrote the existing table.

7. Finally, if the URL changed, browse the Options table. One of the first fields has the URL for the website. Change it if necessary.

And you're done. 

If you require assist with this, remember, I'm happy to help through a consulting engagement - here's how you contact me.

R

Read More
Strategy, Info System Security Russell Mickler Strategy, Info System Security Russell Mickler

Why Heartbleed is a Good Thing

Yeah, Heartbleed was pretty bad. But know what would be worse? Going on, assuming everything was okay. Exposed technical vulnerabilities gets us to question our assumptions and make sweeping improvements, improving all of our security.

Don't get me wrong: Heartbleed wasn't a shining moment in tech security and I'm not super-glad that the vulnerability occurred. Still, personally, I'm pretty happy when stuff like this hits the fan.

Well, I suppose I'm glad in a "question authority" kind-of-way. When a wide-ranging vulnerability like this is brought into the open, it gets us in the technology security field off of our butts to, one, provide a remedy to the most immediate problem, but two, question all of our assumptions.

Incidents like Heartbleed, Edward Snowden's NSA revelations, and the good work conducted by Wikileaks, gets technology professionals to look more carefully at our solutions. It forces us to think differently. These incidents also reveal certain threats that we may haven't foreseen. They also lead us down a path of hardening our all our technologies in short-order to curtail compromise. In all, situations like Heartbleed elevates all of our security postures. They make all of us safer.

Arguably, what wasn't safe was continuing to live in ignorance as Heartbleed was exploited, or, while the NSA was wiretapping private data centers without warrants, or, believing that corporations and governments always have our best interests in mind. Assuming everything is okay wasn't safe. Proving flaws and vulnerabilities - even if the outcomes are undesirable - is how we all get better.

Question authority. Further, question our assumptions. Learn, build awareness, and do better next time. That's what will improve cyber security.

Read More