Site hosting news, tutorials, tips, How Tos and more

Archive for January, 2013


Joomla Vulnerabilities

howto

For those of you who use Joomla on your web site, here are some tips to maintain the security of your Joomla web application.

Every application is susceptible to exploit.  Therefore it is very important to maintain an updated application and install all the latest security patches.

This link will take you to the known vulnerabilities within Joomla.  It is a comprehensive list, so you should carefully read through it.  If you find that you meet any of these criteria, there should be a link next to the criteria to help you patch up the exploit.

To those who have already had their Joomla site hacked, try downloading a tool to help you clear your  site.  I found this web tool that will audit your site and clean up your files:  http://myjoomla.com/

Now, from my experience the most common exploits to a web site start from the users own personal computer.  If your computer contracts a trojan or malware where a key logger is installed, your account login credentials will be recorded. No matter what security patches you have implemented in your web application, it will be compromised because an unauthorized party will have direct access to your web site.

You should always have an antivirus software installed on your computer and the latest updates installed.



January App Installer Update

announcements

Here is a list of updated applications for the Winhost Control Panel App Installer:

A tip for DotNetNuke, mojoPortal, MonoX installs: the wizard for each CMS works fine if you install it to an empty database.  Please also remember that nopCommerce 2.7 and above requires Windows 2012/IIS8/.NET 4.5 Framework.



Surprise! Firefox and Chrome display passwords in plain text

howto

Did you know that Mozilla Firefox and Google Chrome like to display your passwords in plain text? No? Well, they sure do.

If you want to see what I’m talking about, follow the steps below.

Open Firefox.

Click on the Firefox Menu at the top left corner.

FirefoxMenu

Select Options, then click on Options.

FirefoxOptions

Click on the Security tab at the top.

FirefoxSecurityButton

Click the Saved Passwords… button. This will open up the Saved Passwords box. Now click on Show Passwords Button.

Example Below:

FirefoxShowPassword

Surprise!

Did your jaw just hit the floor? I know mine did the first time I saw what Firefox was hiding from me all this time.

Is Google any better?

Now let’s open up Google Chrome and click Settings.

ChromeSettings

Once you get into your settings, scroll all the way to the bottom and click on Show advance settings…

ChromeShowAdvanceSettings

Look for the section Passwords and forms and click the Manage saved passwords link.

Select the site where you saved your password and click Show button.

ChromeShowPassword

Okay, I’m done with the surprises.

So how did Firefox and Google Chrome get my passwords in the first place?

To get the answer you must also answer this question: Have you ever seen the following notification in your web browser?

Mozilla Firefox:

FirefoxPasswordNotification

Google Chrome:

ChromePasswordNotification

Whenever you clicked on the shiny button “Remember Password” in Firefox or “Save Password” in Chrome, the site username and password are saved within the web browser – and as you also saw – displayed in plain simple text.

So what’s the big deal?

Anyone can walk up to your computer and take a quick look at your web browsers history/settings. Just imagine you’re at the office and you step away from your computer and a nosy/curious coworker gets the chance to take a look. That is why it’s important to always lock down your computer before you step away from your desk.

Additionally, say you’re unlucky enough to have some malicious software installed on your computer which happens to allow the hacker gain remote control of your desktop. The hacker will only have to wait until you are away from your computer to check your saved passwords.

What if you sent your computer out to a repair shop and they “just happened to” take a look at your saved passwords? It only takes a few seconds for them to snoop around on your computer and  do who-knows-what with your credentials.  There are a lot of different ways these passwords can be intercepted.  This just happens to be one method of interception that can be avoided.

So what’s the work-around and how do I keep my passwords safe? Fortunately there are plenty of third party plug-ins people use with their web browsers. Perhaps you can recommend what plug-in works best for you in the comment section below.

I found a plugin called LastPass. With 254,540 users and 827 reviews just for the Firefox plugin alone seems to be a great alternative. Best thing about this plugin is that it also works with the Google Chrome web browser.