Tag diamond mind web design

Heard about this “net neutrality” stuff? Assuming you are like the other seven hundred million Americans (or so) who use the Internet, if you haven’t, you should probably make a point to familiarize yourself with it, lest you end up like Senator Ted Cruz (R-Texas), embarrassing yourself publicly by comparing Net Neutrality to Obamacare.

Rather than go too in-depth here, we’ll let this article from The Oatmeal help out Senator Cruz (and you) get a handle on why we need it. Titled “Dear Senator Ted Cruz, I’m Going To Explain To You How Net Neutrality ACTUALLY Works“, that’s exactly what it does, in typical The Oatmeal fashion, a small bit of which is excerpted here:

Personally speaking, I think one of the reasons I love stuff like this from The Oatmeal is the Pink-Floyd-The-Wall-ishness of their illustrations. Now go call your Senator and tell them to read this blog post!

OK, maybe there aren’t that many reasons, but there is one that counts, and that is: Wordfence is the best security plugin for WordPress out there, period.  Here’s an excellent article on one of the ways Wordfence keeps our sites secure, titled “Remote Scanning vs Source Code Scanning“. Without getting too technical, source code scans cover everything that makes your site what it is, including images, while remote scans can only cover, by their nature, the end result your source code produces.  Here’s a great metaphor (and you know how we love metaphors) taken directly from the article:

“Imagine you ask someone to check your home for a rat infestation. They arrive at your house, but they don’t get out of their car. They’re parked on the other side of the street and they’re examining your front door, front garden, porch, the walls on the front of your home, parts of the basement windows that they can see. Once they don’t find anything they honk the horn, shout out the car window “Yo, your home is clean” and drive off. Doesn’t sound very effective does it?”

No, it does not! So, if you want to keep your WordPress site “rat-free”, you need Wordfence.  If you need help installing or using it, be sure to call us!

The latest issue of “In The Loop”, from Sanford, Lea & Associates, has a terrific article on tips for keeping your family safe online.  Everyone is a computer user these days, from your child playing online games to grandma learning to use Facebook.  There are security and privacy concerns with any type of online activity, so be sure to read up and familiarize yourself with what you can do to be more secure.  (And if you need accounting services, you can’t go wrong with Sanford, Lea & Associates!)

Read the entire article here.

WordPress — our CMS of choice here at Diamond Mind Web Design — has just released the newest version of their core software, version 4.0, otherwise known as “Benny” (for jazz great Benny Goodman).  What does this mean for you? Not much if you’re a viewer-only of WP blogs and websites, but quite a bit if you are a user of same.

Like Benny Goodman’s sweet jazz, the new WordPress gives a much smoother experience for creating and posting.  New (and much needed) features like a visual plug-in browser, and the ability to view embedded media right in your post draft without the need to preview or publish, make for a much more seamless experience.

Watch the video if you are interested in further details about the new upgrade.  And if you’re interested in starting your own WordPress-based blog, or converting a non-content-manageable site over to WP, give us a shout!

The new (and unofficially official 10th Anniversary) Diamond Mind website is nearly done!  A few more items to complete, including a revamped Portfolio page, an expanded Services page, and a few more surprises still under the hood.

Still working some of the kinks out, though, so please be patient if something is a bit wonky.  If you find a 404 after the next week or so has gone by, please be sure to let us know via our Contact Form.

Thanks, and we look forward to serving your website needs!

Yesterday, eBay reported that hackers had access to a stored password database sometime between February and March of this year. The company says no financial data was revealed — but it’s urging its users to update the passwords on their accounts anyway. (And if you use the same password for other sites, change them as well!)

Unfortunately, the hacked database DID include, in unencrypted format, eBay customers’ names, email addresses, physical addresses, phone numbers and dates of birth. Which means even if your eBay password is never cracked, hackers still have all the information needed to attempt identity theft.

Although the company did not release the number of people affected, if you do belong to eBay, expect to receive fake deals and offers. Be very aware of getting duped into revealing even more sensitive information, like your bank details or Social Security number. And, as always, keep an eye on banking and credit card transactions for anything that looks suspicious.

You can read the official post from eBay here: http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords

Haven’t done one of these in a while, like six months! Note to self: post more on blog.  There, that ought to do it. Anyway, this one fits right along with the last Jurassic Park post, so here you go!

By now you have probably heard about the HeartBleed security vulnerability — news about this bug has been so widespread in the last few days that it even made the Tonight Show monologue.  But HeartBleed is no joke — it is potentially the most serious issue to ever have affected the Internet.

A quick technical explanation of HeartBleed: This bug allows remote attackers to read 64k of memory of systems running affected versions of OpenSSL. That means an attacker can potentially pluck out usernames, passwords, the secret keys of SSL/TLS encryption to crack secure communications and other sensitive information, and so on.

One important thing to know about HeartBleed is that it does NOT affect every website where you may have stored a password.  It DOES, however, have a good chance of affecting all the most important, sensitive websites, such as your bank, your credit cards, anywhere it is necessary for secure communications on the Web.

What should you do, then?  IMMEDIATELY log in to all of your critical websites (PayPal, bank, credit cards, loans, etc.) and change your passwords.  You can do this for all stored-password sites if you want, but for those less critical, it may be wise to wait around a week, to be sure the vulnerability has been addressed.  After a week, though, you should log in to all of your sites, including the critical ones, and change your passwords AGAIN.

A brief note on passwords: NEVER use the same password across multiple sites, especially critical ones.  Passwords should NEVER be words that can be found in the dictionary, proper names, easily identifiable dates (such as birth dates, anniversaries, phone numbers, etc.).  Passwords SHOULD be at least 13 characters in length, and consist of some combination of numbers, letters (lower- and upper-case), and punctuation.

If you are interested, you can find a Random Password Generator here: https://identitysafe.norton.com/password-generator/

There are also many password-storage programs out there, if you have trouble keeping track.  One free service that comes highly-recommended is Dashlane.  (Thanks, Preston.)

Finally, for an in-depth technical explanation of the bug and what’s being done about it, visit Heartbleed.com.

As we’re whisked back in time to 1993, when one Dennis Nedry was head programmer at a certain Park on a certain island. (Can it really have been that long ago?) If you already have figured out what I’m talking about, then you’ll want to head right over to this site…

www.jurassicsystems.com

…to see if you’re smart enough to gain access to the main security grid.  (And don’t forget the magic word!)

If you have no clue yet, then it might be wise to watch this short clip:

So, what are you waiting for? Jam a cigarette butt in your mouth, practice your best Samuel L. Jackson impersonation, and if you’re a really good hacker, you might even find the Zebra Girl!

Full credit goes to Tully Robinson, the programmer who re-created this high-tech (in ’93) piece of wizardry.

Though in this case, I suppose, the order of the above should be reversed.  Facebook just announced that it has (once again) tweaked its News Feed algorithm.  The new change gives Business Pages more reach, by allowing posts tagging another Page to potentially appear in both Pages’ feeds.  According to this post over on Mashable.com, the new change “means brands will have greater reach than ever.”

Of course, this comes less than a year after Facebook devalued Business Page posts almost to the point of non-existance, in order to force more businesses to choose Facebook’s “Boost Post” monetary option.  Hence the title of this post.  And Business Pages have always been able to tag other Pages.  Though the potentiality of showing up in both News Feeds is something new, you’ll pardon me if I don’t go all gaga over the latest “upgrade”.

Still, any advance in potential eyes-on-posts is better than no advance at all.  A couple of notes about this change: It will not work for individuals tagging Pages (just as Pages cannot tag individuals), and don’t expect to start tagging Google’s (or Facebook’s) Facebook page and see your post views multiply astronomically.  The News Feed algorithm will still take account the relevancy of each post to both Pages to decide what to show.

In any case, we’ll certainly be giving it a shot. What are your opinions on this change?

One of the largest distributed brute force attacks on WordPress installations ever seen is currently going on, as reported by Mark Maunder of Wordfence Security on his blog. You can read the full post here. The attempts at hacking are running 30 times more frequently than average.

A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.

If you have a WordPress-based site, I highly recommend that you pay close attention to it until these brute force attempts have waned.  If you suspect that you’ve been hacked, and need help recovering, you can always contact us here at Diamond Mind Web Design.

Okay, so this isn’t funny — nor is it meant to be.  Inspirational, rather, as it was to me when I first read Tolkien some (cough, cough) years ago.  Not only was he a scholar, professor, linguist, and author, but a poet as well, and skilled at all, able to open entire worlds in his readers’ imaginations with mere words.

Me, too!

Image credit: Dan Thompson, Brevity.

If you’ve been on Google today, you’ve surely noticed the futuristic train sketch replacing the usual logo, as Google honors Raymond Loewy on his 120th birthday anniversary.

You may not be familiar with the name, but you are certainly familiar with the results of Loewy’s lifetime of work in the design field, whether you know it or not.  Each time you pass a Shell station, or visit the Post Office, or drink Coke from a bottle, you are interacting with one of Loewy’s creations.

Throughout his lifetime of work, spanning 70 years in the field of industrial design — emphasis on “design” — Loewy championed the notion that manufacturing could produce items that were beautiful as well as functional.  From cars, trains, planes, boats, and buses, to appliances, flatware, dinnerware, furniture, product logos and packaging, Loewy could “claim to have made the daily life of the 20th Century more beautiful”, as he himself once said.

Want more proof? Click on the Google logo, then click on the “Images” tab of results for a broad overview of the many items that Loewy designed.  Here’s a screenshot of just a small portion of one page:

Loewy’s work with corporate logos alone resulted in many icons that are still in use today, including Shell, Exxon, Nabisco, and the US Post Office. Several graphic designers of my acquaintance would give their eyeteeth to have legacies as lasting! 🙂

It seems when the holiday season arrives every year, the usual trickle of spam email starts rising until it reaches a flood stage around Christmas.  Perhaps the spammers are playing on the “do good” feelings that come with the season, perhaps they’re just trying to earn a little extra illicit cash to buy things for their own little spammer boys and girls.  Whatever the reason, it’s always wise to be extra suspicious of any phishing-type emails you might start to receive.

Not that this one is all that tricky, but I though I’d share an email that I just received a few minutes ago, to show you an example (if a rather obvious one) of a phishing attempt.  And one that gives us web-folk a bad name, as well, as you’ll see:

Subject line:  RE:  (Wow, that’s imaginative.)

From name:  web upgrading  (Umm, who?)

From email:  web@parliament.gov.bd  (That darn parliament of ours, always spamming!)

Return path email:  webmailupgradingservice@mail.com  (In other words, could be anybody.)

Message text:

We are pleased to inform you that Our web admin Center is closing all
unused accounts because of the congestion in our mail server. To confirm
your account active, you are required to complete your details below and
send it to us. This information would be required to verify your account
to avoid being closed.

First Name: ________________________
Last Name: __________________________
E-mail Username: _____________________
E-mail Password: ____________________

>>> Warning!!!

E-mail owner that refuses to comply with this mail his or her Email ID
within 26 days of receiving this warning will lose his or her E-mail
permanently.

Thank you for your understanding.
Copyright ©web Admin 2013 All Rights

Okay, not even particularly well-thought out, and full of the usual phishing give-aways: bad grammar, bad capitalization, etc.  Just a straightforward scare tactic.  Hopefully all of our usual readers are spam-savvy enough to recognize this for what it is, but it’s a good idea to remind others (the young and the elderly, particularly) to never send personal information (of any kind!) to someone over the Internet, unless you’re absolutely sure you know where you’re sending it.  As a good rule of thumb, banks and other financial institutions NEVER ask for personal information via email.

This concludes our good samaritan post for today!

A little spooky wake-up call on Halloween morning…

In case you were not aware of it, Adobe has confirmed the user account data of 2.9 million Adobe users has been breached. You can read the full story in the Washington Post, here:

http://www.washingtonpost.com/business/technology/adobe-confirms-security-breach

What does this mean for you?  Well, first the good news:  if you use Adobe products (like nearly every other single person in the entire known world), you may not be affected. (More on this later.)

The bad news:  the attackers may have had access to its users’ financial information.  Which means if you purchased something from Adobe within the last few years, you will need to keep a close eye on your credit card or bank statement for illegal activity.

Adobe has issued an official statement covering with details about the incident, and what you should do.  You can find the official Adobe statement here:

http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert

Things to keep in mind:

1) Even though Adobe states it has already reset the passwords of the affected users, it would be wise, if you have any type of Adobe account, to immediately log in and change your password.

2) If you are in the (bad) habit of using the same password across multiple sites, and have used your Adobe password elsewhere, go to those sites and change your password there, as well.

The further bad news: Adobe has also said that parts of its source code were accessed, but that it was not aware of any exploits being used to target Adobe products. Yet.  To be on the safe side, you should verify that all of your Adobe software is up-to-date, and keep it up to date over the coming weeks, as it seems very likely (to me, at least) that Adobe will be releasing further updates as advance protection against the access of its code.

We hope you have found this information useful. If so, please share our blog and/or Facebook page with your friends and suggest that they subscribe to stay updated on the latest news from the World of the Web!

No other comments needed!

Actually, I wanted to title this post: “Why You Should Never, Never, Never, Never, Never, Never, NEVER Use ‘admin’ As Your WordPress Username”…  but that might have been a bit long for SEO reasons. 🙂  However, it’s certainly not overkill when it comes to getting the message across.  So, why is this such a bad thing?

Let’s start with the fact that, in most cases, a new WordPress installation will set the default site administrator username to ‘admin’, and all that is required is to choose a password.  Now, it might be said that humans are inherently lazy, but it’s true that many folks will just leave that default name as is.  (We’ll leave the discussion of using ‘password’ as your password for another day!)  With so many administrator names set to ‘admin’, it’s an obvious place for a hacker to start… 50% of the equation has already been solved for him!  Now he only has to determine your password to have access to your entire site.

What’s more, most hack attempts are made by automated ‘bots’ set to try as many combinations of ‘admin’ + (a password) as possible, often hundreds per minute, in what’s known as a brute-force attempt to gain access.  Other hack attempts are made in person, by someone who has studied you and your site, looking for clues to help guess your password.  (Pet name, anyone?)  And make no mistake, these attempts are numerous and ongoing, 24/7/365.  As a random example, one of our WordPress sites received well over 3,000 ‘admin’ hack attempts in the last 30 days, with an average across our sites being at least in the hundreds.  So why give hackers that head start?

So, what to do if you ARE using ‘admin’ and need to change it to something else?  Follow these steps, EXACTLY, and oh by the way you should probably back your site up first, just in case.

1. Sign in as ‘admin’.
2. Head straight to the Users tab, and “Add New”.
3. Choose a hard-to-guess username, but don’t make it so difficult that you’ll forget it.
4. IMPORTANT: Set the new user’s role to “Administrator”.
5. You will need to use a different email address, as no two users can have the same one.  (Can be changed later.)
6. Choose a password that has upper and lower-case letters and numbers in it. Symbols are OK too. NEVER use the word ‘password’ in your password, even if it has a different case and includes numbers.  10 characters minimum!
7. Click “Add New User”.
8. Sign out as ‘admin’.
9. Sign in as the new user.
10. Delete your old ‘admin’ user, MAKING SURE you assign all posts/pages/comments to your new user.
11. Congratulations, you now have a more secure WordPress system!

What else can you do?  Ban your users from any variation of ‘admin/Admin/adm1n’ as username, enforce strong passwords, and always keep your WordPress software/themes/plugins up to date.  Install a quality security plugin (such as Wordfence) to help you enact all of these items. And make routine backups, as no software is ever 100% hacker-proof.

Bam!  Two in one…