Secure Drupal Admin Login Page

Category Archives: Security

Security

Published:: August 26, 2008 – 1:32 pm
Author:: By Dave

Secure Drupal Admin Login Page 3

Drupal’s administration login area is not secure by default. Usually there is an option in the configuration area of content management systems to set a secure area for logins, otherwise your username and password are sent in plain text over the internet. Luckily, there is a module which enforces secure login on a Drupal install. Drupal Module: Securepages Although it is still in development, the 6.x-1.x-dev version worked great with my Drupal 6.4 installation.

Categories: Configurations,Drupal,PHP,Security

Tagged: Drupal, modules, secure

Published:: August 20, 2008 – 9:48 pm
Author:: By Dave

Sony BDP-S301/BDP-S300 Blu-Ray Player Review 3

We received this Blu-ray player along with a few Blu-Ray DVDs for an anniversary present. The BDP-S301 is the same as the BDP-S300 except it is only sold at wholesale outlets like Costco and Sam’s Club. The S301 also includes an HDMI cable. The Pros: The image looks great. Hands down it is a clean, crisp image, and with the latest firmware updates (click here) supports most audio configurations. The Cons: This thing is the slowest media player I have ever laid my hands on. The instructions warn that the initial setup could take 90 seconds to start and after that, start up would be quicker. I suppose they didn’t lie – start up on an everyday basis takes around 40 seconds or more! After that, you can finally eject the tray to insert your movie, or make your way to the menu. Forty seconds, when you have an impatient….

Categories: Hardware,Reviews,Security,Television

Tagged: bdp-s300, bdp-s301, blu-ray, bluray, movies, Reviews, sony

Published:: April 30, 2008 – 8:30 pm
Author:: By Dave

Post on Makeuseof: Keeping Safe on the Web: 8 Firefox Addons for Privacy and Security Comments Off

I have a new post up on Makeuseof, regarding Firefox Addons for Privacy and Security. Maybe you won’t use all of them but even installing some of them (NoScript in particular) can really lower your chances of getting hit with a javascript exploit.

Categories: Programs,Security,Software

Tagged: extensions, firefox, privacy, Security

Published:: April 17, 2008 – 11:16 pm
Author:: By Dave

Using the PayPal/Verisign Security Key with OpenID for Two-Factor Authentication 14

As soon as I heard PayPal would be offering a $5 Security Key for additional security while logging in, I jumped on it. A few days later, it arrived in the mail. It’s a great idea, but I decided that carrying a little secure key that generates special numbers for the 3 times a month I login to PayPal just wasn’t worth it. For the uninitiated, two-factor authentication is when two separate methods are used to verify an identity. For example, a thumbprint and a codeword, or a eye scan and a smart card. The most useful in my and many other’s opinion is a One Time password token, like the Paypal/Verisign security key. This device, which is meant to be carried with you at all times (think, belongs on your keychain, and you keep it in your pocket like a key) generates a series of numbers which depend on….

Categories: Hardware,Security,Social Media

Tagged: cellular telephone, MyOpenID, openid, Security, smart card, target site, two factor, USD, verisign, Verisign Labs PIP

Published:: September 11, 2007 – 10:53 pm
Author:: By Dave

.htaccess stupid tips and tricks Comments Off

Found an encyclopedic list of “stupid” .htaccess tricks. Includes many useful ones such as being able to stop hotlinking of images and replacing with your own, increasing speed and security and general good-to-know htaccess information. Stupid htaccess tricks

Categories: Code Samples,Configurations,PHP,Security,System Administration,Webdesign

Published:: August 24, 2007 – 2:18 pm
Author:: By Dave

Analysis of a hacked machine Comments Off

If you are a system administrator, you should dread any time you use the normal “ls” command and receive a strange error in return. That is a sure sign that your machine has been hacked and ls has been replaced by an unknown program. Gnist blog has a nicely written step-by-step list of what you can do to track back an intruder. In his case it sounds like the original owner of the machine may have used a weak root password on his machine, allowing for someone to crack it and break into the box. People, don’t forget to use a hard-to-brute force password, and finally disable root login s. Instead, use normal users and sudo. Finally, if you are doing this in a legal setting and preparing for a possible future court case, don’t forget to make an image of the drive (using dd or Norton Ghost) before your….

Categories: Linux,Security,System Administration

Published:: August 10, 2007 – 7:12 am
Author:: By Dave

Secure Your Google Apps (Gmail, GDocs, GCal, etc) Comments Off

If you are a Google user – meaning Gmail, Google Docs, Google Calendar, Google Reader, etc – then you should know that by default, once you log in your sessions are typically not encrypted between your browser and the Google servers. For some more technical information on this, check out dmiessler’s post on the subject. He mentions using bookmarks to make force your browser to use Google’s secure connections – however I’ve noticed that occasionally depending on how you arrive to your Google services that you will switch to an unencrypted session without warning. For that reason, If you are using Firefox and greasemonkey, I highly recommend installing the “Google Secure Pro” userscript. It automatically switches you from using http:// to https:// to ensure your data is encrypted to Google’s servers. This will increase your security greatly from using the unencrypted connections, which is good if you transfer confidential data….

Categories: Configurations,JavaScript,Security,Windows

Tagged: Google, http