Gmail Now Uses Secure HTTPS Connection by Default

When you see a web address that starts with https, it’s typically for something important like your bank account or online shopping.  That prefix means the information you submit – credit cards, home addresses, or social security numbers – are kept private between your computer and the site you’re visiting.

Gmail started offering secure https access to their web-based email service in 2008, but it was optional and had to be manually enabled in your settings.  Google explains that they were reluctant to push https access to all users because with extra security comes a compromise: secure data travels slower than unsecure data.  After looking at the security/latency tradeoff for web applications, however, they decided to encrypt all traffic by default.

The new https feature is currently being rolled out to all Gmail users, but you can set it manually yourself in Gmail settings if it hasn’t taken effect yet.  For users already using https in Gmail – good work, you’ll notice no difference!

[Official Gmail Blog]

5 New Year’s Resolutions For Your PC

With the start of a new year fast approaching, many people are making personal New Year’s resolutions such as to lose a few pounds or save some extra money.  Your PC is also looking for changes this New Year.  Here are 5 simple New Year’s Resolutions for your PC.

1) Upgrade your web browser

Upgrading your web browser is one of the best things you can do for your PC in the new year.  Believe it or not, many people are still using Internet Explorer 6 which is almost 10 years old.  An updated web browser is one of your first lines of defense against the malicious activities that occur on the internet.  Below are a couple of web browsers that you could upgrade to.

Firefox

If you looking for a customizable, stable and secure web browser, then Firefox is for you.  Having an extensive collection of add-ons to customize your browser makes Firefox a great alternative to Internet Explorer.  Firefox is available for Windows, Mac, and Linux users.

Chrome

The newest competitor to the browser market, Google Chrome boasts superior Javascript performance over other browsers.  With the recent announcements of extensions for Chrome as well as beta versions of the browser for Mac and Linux users, Chrome has become a viable alternative to Internet Explorer.

2) Creating a testing environment

One way that your PC becomes slow and cluttered is from the parts of programs which remain on your hard drive after uninstalling the software.  Having a secondary PC for testing software and applications would be ideal, but not everyone has access to that luxury.

Setting up a virtual machine allows you to have a guest operating system running in a host operating system.  A virtual machine will allow you to install software without it affecting the operating system of your host computer.  Take a look here for some more information on what a virtual machine is and how to get started using one.  I also wrote an in-depth guide on installing Windows 7 on a virtual machine.

3) Change your anti-virus software

It is important to have updated anti-virus software installed on your PC to defend against viruses and other malicious software that thrives on the internet.  Many users are unaware whether their anti-virus software is updated and running properly.  This often occurs when 30-day trails or paid yearly subscriptions run out.  Switching to a free anti-virus solution will help to save money and keep your PC secure.  Listed below are some great free anti-virus alternatives.

4) Free-up space on your hard drive

With years of use, your PC’s hard drive can become cluttered with remnants of old software, duplicate files, and unnecessary software installers.  Removing these extra files can free-up space on your hard drive.  Below are a couple of programs that can assist with this.

WinDirStat

Running WinDirStat on your PC will give you a visual representation of the files on your hard drive.  This will allow you to easily spot large files and remove the outdated and unnecessary ones.  Read my guide for more information on using WinDirStat.

CCleaner

CCleaner will allow you to clean Cookies, Temporary Internet Files, History and Search results from all popular web browsers such as Internet Explorer, Firefox, Chrome, Opera, and Safari, along with temporary files from Windows and other third-party applications.  To find out more about CCleaner, read my guide.

5) Backup your files

Your computer has crashed, now what?  If you have backups, it’s no big deal.  Keeping a backup of your important files will make restoring your computer much easier.

Dropbox

Dropbox is a great way to keep a backup of your important files.  Offering 2 GB with the free version, Dropbox allows you to sync your files with other computers and devices such as the iPhone.  Read more about Dropbox here.

SyncToy

SyncToy is another way to keep backups of your important files by using a free application from Microsoft to copy, move, rename, and delete files between storage devices or computers quickly and easily.  Read our guide on SyncToy for more information.

These are just some of the things you can do for your PC in the New Year.  If you have any other suggestions, let us know in the comments below.

http://www.techerator.com/wp-content/uploads/fedora-thumb.png

WordPress Plugin: Login To Other User Accounts With Skeleton Key

WordPress allows for contributors to be geographically separated but still able to work together in an online environment.  At times, however, administrators need to log into their contributor’s accounts to troubleshoot and fix problems.  Since most people aren’t comfortable telling you their private passwords, how can you login to a user’s account without having them log in for you or asking them to temporarily change their password?

The Skeleton Key plugin for WordPress provides a solution, giving administrators a special method to login as any user.  After installing the plugin, administrators can go to the WordPress login page and enter admin+user (where user is the account you are trying to access).  Entering the administrator password will give you access to their account.

skeletonkey-login

When you have logged in, you will see the user’s Dashboard as if they had logged in themselves.

WordPress Plugin: Lock Accounts After Invalid Logins with User Locker

As the popularity of content management systems such as WordPress increases, the number of security threats will also increase.  Your first defense against intruders is the WordPress login page.

By default, there is no limit to the number of times a user can attempt to login to WordPress.  This makes your website vulnerable to brute force and dictionary attacks.  Making sure you have selected a secure password is a first good step, but it is not always possible to enforce this with all users.

A great solution is to limit the number of invalid logins with the User Locker plugin.  Once the plugin has been installed, it is set by default to lock the user’s account after 5 invalid login attempts.  This number can be changed on the plugin’s setting page.

userlocker-setting
User Locker Setting

If the number of invalid login attempts has been reached, the user is shown the message below and directed to reset their password.

userlocker-locked
Locked Account

An extra column is also added to the User menu in WordPress to show what user accounts have been locked.

Locked / Unlocked Users
Locked Users

Have you used this plugin and would you recommend it to others?  Let us know by commenting below.

Keep Your Phone Secure with Auto Lock

phone-autolock

While we’re generally protective of our wallets/purses (none of us would be caught dead leaving a wallet or purse unattended for more than a few minutes), we’re much more careless about another item we carry with that contains a great deal of personal information – our mobile phones.

Before the advent of smartphones, losing your phone just meant somebody could call your mom and text dirty things to your friends.  Not anymore- with modern phones, a person can now typically access your social networks, emails, bank accounts – everything.  Is that something you’re willing to risk to a random passerby at a restaurant or bar?

One easy way to keep your personal information secure is to protect your phone with a password or PIN.  In this guide, I’ll show you how to do this with an iPhone (and iPod Touch), BlackBerry, and Android-based mobile phone.

phone-iphone-autolockiPhone and iPod Touch

  1. Open Settings.
  2. Touch General.
  3. Enable Auto-Lock.  The shorter the delay, the more secure your phone will be.
  4. Scroll down and enable Passcode Lock.  You then need to create a 4-digit PIN number to unlock your device.
  5. (Optional) You can set your device to require a passcode after a certain amount of time has passed by touching the Require Passcode button.  Longer times make the device less secure, but it can save you from having to enter your passcode every time you turn on the device.  I recommend a maximum delay of 15 minutes.
  6. (Even more optional) If you really want to be secure, you can set the device to erase all data after 10 failed login attempts by enabling the Erase Data button.

phone-autolock-androidAndroid OS (2.0)

  1. Open Settings.
  2. Touch Location and Security.
  3. Enable Require pattern.

Unfortunately, the standard Android OS doesn’t allow you to specify a delay before the passcode is required – but no worries, the Android Market saves the day.  You can purchase an app called AutoLock from the Android Market ($0.99) which allows you to set a delay before the passcode is required.

AutoLock also integrates with the Locale app which can set your phone to automatically lock based on the time of day or your GPS location.

BlackBerry

  1. On the Home screen, click the Options icon.
  2. Click Security Options.
  3. Click General Settings.

    Note
    : If you are running BlackBerry Software version 4.0.2 or earlier, click Options and then Security.
    Note: If you are running BlackBerry Software version 4.6 or later, click Options and then Password.
  4. Change the Password field to Enabled.
  5. Display the menu and click Save.
  6. Type the new password and click Enter.
  7. Type the new password again and click Enter.

To enable a delay before the password is required on your BlackBerry:

  1. On the Home screen of the BlackBerry smartphone, click the Options icon.
  2. Click Security Options.
  3. Click General Settings.
  4. Set the value in the Security Timeout field to the amount of inactive time the phone is permitted before it is locked automatically.
  5. Display the menu and click Save.

Conclusion

Following these tips should greatly increase your security and privacy in the event that your mobile phone is stolen or misplaced.  Have any other tips for protecting your mobile phone, or password protection for different phones?  Share them with us in the comments!

Windows Security Tip: Enable Windows Firewall

Having your computer on any network, whether wired or wireless, subjects it to a countless number of security attacks everyday.  These attacks are an attempt to breach the security of your connection to collect information or damage your computer.  Since the release of Windows XP, Microsoft has included the Windows Firewall in it’s operating system.  The Windows Firewall is a simple software-based firewall solution that will provide basic protection against intruder attacks.

How to Enable the Windows Firewall

In Windows XP: Click Start > Control Panel > Windows Firewall.  In the new window click On (Recommended) if it is not already selected.

Windows Firewall in Windows XP
Windows Firewall in Windows XP

In Windows Vista/7: Click Start > Control Panel > System and Security > Windows Firewall.  On the left of the screen click Turn Windows Firewall on or off to change the status of Windows Firewall.

Windows Firewall in Windows 7
Windows Firewall in Windows 7

Enabling the Windows Firewall is one of the many steps you can perform to keep yourself secure as you browse the internet.  Click here for more of our security-related articles.

Wireless Security Tip: Secure Your Wireless Internet

wireless-security-thumbIf you have your own wireless internet connection, it might be unsecured (meaning that you don’t have to type in a password to access it) or it may be using WEP encryption.  There are several important reasons why you should encrypt your internet (or switch from WEP encryption to a stronger method such as WPA or WPA2):

  • Leaving your wireless internet unsecured lets anybody access your network which can cause slow connection speeds.
  • If an intruder illegally downloads something using your wireless internet, you could be legally liable for their actions.
  • An intruder could potentially monitor your network traffic and obtain passwords or other confidential information.
  • WEP encryption can be easily cracked in a matter of minutes, which makes it only slightly better than an unsecured connection.

This guide will show you how to identify the current security used on your wireless network, and how to better secure it with WPA / WPA2 encryption.

Note: Some older network cards don’t support WPA2 encryption.  If you can no longer connect to your access point after setting it to WPA2, use WPA instead.

Identifying Your Current Security Mode

Most of the time, you can see what type of security an access point uses before connecting to it.  View your available wireless networks and check out your own network to see what your current security settings are.

Wireless Security in Windows XP (WPA and WPA2 highlighted)
Wireless Security in Windows XP (WPA and WPA2 highlighted)

Wireless Security in Windows 7 (WEP and WPA highlighted)
Wireless Security in Windows 7 (WEP and WPA highlighted)

If you see WPA or WPA2 next to your connection – that’s great, you’re done.  WPA and WPA2 provide strong protection as long as you use a good password.  When creating a password, avoid using dictionary words and try to include complex characters like !@#$%^&*.

If you see WEP or no security, it’s time to add WPA or WPA2 to your access point.

Enabling WPA/WPA2

Wireless security options are different for every access point and router, so refer to your user’s manual or check out the device manufacturer’s support information online.  Your device may even come with an installation disc that can walk you through security setup.

In general, you need to locate a Wireless/Wireless Security section in your access point’s configuration and enable WPA or WPA2 security.  With many access points and routers, you can type in the Gateway address of your internet connection in a web browser to access the device’s configuration page.

Note: The Gateway address can be found by viewing your current connection’s details (varies by your operating system) or by pressing Windows Key + R, type cmd and press enter, then type ipconfig and press enter.

Gateway Address in Connection Details
Gateway Address in Connection Details

Gateway Address using ipconfig in Command Line
Gateway Address using ipconfig in Command Line

In my case, my router’s address is 192.168.1.1, so I typed that address in my browser and pressed enter.  This will open the device’s configuration page (you may need to enter login credentials to access this page).  Locate a Wireless Security section (this may be under Wireless, look around until you find it) and enable WPA or WPA2 security, selecting ‘Personal’ if it gives you the option.  Create a strong password and click save.  You will have to re-join your network once this has been done.

Wireless Security in Tomato Firmware
Wireless Security in Tomato Firmware

Wireless Security in Linksys Firmware
Wireless Security in Linksys Firmware

Now that you’ve enabled security on your wireless connection, it will be much more difficult for an intruder to steal your internet access or perhaps obtain confidential information.

Have any tips for better securing your internet connection?  Share them with us in the comments.

Have a Virus? Let Malwarebytes Help

It can happen to anyone:  You turn on your computer and log in, only to find pop-up advertisements, search bars, a changed desktop background, and many screens warning that you may be infected with a virus.

virus1
Desktop background changed by a virus

One sign that you have been infected with a virus (or what can be referred to as malware) is the sudden appearance of new “security” software, such as AntiVirus 2009, Total Security Center, and System Security.  These programs are not valid anti-virus software, and will often warn you that your system is infected and then direct you to their site and request payment for running scans on your system.  It is important that you do not pay for these “services”.

system-security

Depending on the severity of the virus infection, the usability of your computer may range from moderately usable with moderate pop-ups, to random restarts, system errors, and blue screens of death.

Although the situation may seem dire, there is hope.  Malwarebytes is a free program that swiftly remove virus and malware infections.

Using Malwarebytes

Start by downloading the free version of Malwarebytes.  Before finishing the installation, be sure that the check boxes for “Updating Malwarebytes’ Anti-Malware” and “Launching Malwarebytes’ Anti-Malware” are checked.

When the program has launched, select Perform full scan to scan your entire hard drive. and click Scan.  The full scan will take quite a bit of time, so if you’re in a hurry select the Perform quick scan option.

scan1

On the next screen, select the drives you wish to let Malwarebytes scan.  Although the default C: drive may be sufficient, I would recommend scanning all attached drives.  Click Start Scan to start the virus scan.  Depending on the size of your drives and the amount of data stored on them, a full scan may take well over an hour.

When the scan has completed, the results will be shown.  Click Show Results and click Remove Selected Items to remove the virus infection from your system.  Depending on the virus, it may be necessary to reboot your system to completely remove some items.

scan-results
Malwarebytes Scan Results

Tips for improving scan performance

Run the scan in Safe mode

Many times a virus will embed itself into a running system file.  Malwarebytes will not always be able to remove virus items that are embedded in running processes.  The easiest way to reduce the number of running processes is to boot into Windows Safe mode.  To enter Windows Safe mode, repeatedly press the F8 key when first booting your computer.

Update software before each use

It is important that you update the virus database before you perform a scan.  Click the Update tab on the Malwarebytes main window and click Check for Updates.  After the update has been finished, you can then continue with the scan as shown above.

Multiple scans

Although Malwarebytes may be successful, it may be possible that not all parts of the virus were removed during the scan.  It can be helpful to perform a second scan of the system to verify that all items were removed.

Conclusion

Although it is important to take steps to prevent a virus infection, Malwarebytes can be a useful program for removing malicious software.  Your first defense to preventing a virus infection is to have up-to-date virus software.  A free anti-virus solution is Microsoft Security Essentials.  Above all, smart internet browsing will be the best way to avoid malware.

Preventing Viruses Part 1: Email Viruses

keyboard-virus-thumbWhen you think of a computer virus, you might imagine a hacker in a dimly-lit room deliberately targeting your computer with malicious software.  While that might happen in movies, real viruses are nearly autonomous and are constantly scanning the internet seeking vulnerable software and hardware.  As soon as they find a viable target, they infect and attempt to propagate again.

So how does your computer get infected with viruses (or more broadly defined as malware)?  The unfortunate truth is that most viruses are self-inflicted, so in this guide I’ll be giving you some tips on how to avoid viruses that spread through email.

Why Email?

Email is a common way to become infected because it provides a simple method for transferring files as attachments.  This doesn’t mean that reading an email in your inbox will infect your computer, but it does mean that your messages could have viruses attached to them disguised as ordinary files.

Here’s a likely scenario:  A friend of yours gets a computer virus.  The virus then uses their email address book to spread itself over the internet (and your address is on that list).  You receive an email from your friend saying you should open the attached file.  You open it and your computer becomes infected, and the cycle continues.

The Art of Avoiding Email Viruses

Avoiding email viruses isn’t as easy as never opening attachments.  You need to be actively aware of the messages you’re receiving, including the sender, addressees, and message content.  If anything seems wrong, it’s probably in your best interest to leave it alone.  One of the oldest rules of the internet continues to hold true for email: if it seems too good to be true, it probably is.

The most important thing is to only open attachments you were expecting to receive, and make sure they are the correct file you expected.  You’re most likely to be infected by an email from a friend or family member, so if you receive an attachment when you weren’t expecting one, don’t hesitate to email them back and ask what the file is before opening it.

If you’re receiving a file you were expecting, it still doesn’t hurt to run your virus scanner before opening it.  Most email programs (including Gmail) can automatically scan attached files for viruses.

What to Watch Out For

I recently received a suspicious email from a friend that didn’t have an attachment, it instead had a link to an executable (.exe) file.  The email came with the subject “WOW”, which can easily pique your curiosity as to what the file may be.  I noted that the email was addressed to me and several people I had never heard of, which also alerted me that something was awry.

Before opening the file, I replied to my friend asking him if he intended to send that email (or if he was even aware it was sent).  I also suggested that if he didn’t intend to send the file, that he should immediately notify the recipients of the email to stop them from opening it.  It turns out that he had no idea the email had been sent from his account, and he began notifying the recipients not to open the file.

virus-prevention-email-message

General Rules for Avoiding Email Viruses

  1. If you weren’t expecting a file, don’t open it.
  2. Ask the sender what the attachment is before opening it.  They may not have been aware it was even sent.
  3. Make sure you have an anti-virus program installed and keep it updated.  Microsoft Security Essentials is free and provides good protection.
  4. Especially avoid executable file (.exe) attachments.  Viruses can be stored in many ways, but .exe’s are more likely than others to be malicious.

By following the tips in this guide, you should be well on your way safely using your email.  Have any tips for avoiding email viruses?  Share them with us in the comments!

How to Keep WordPress Secure with WP Security Scan

wordpressIf you’re running a WordPress self-hosted website, you are probably aware that WordPress’s popularity has caused it to become a frequent target for hackers.  Aside from keeping your WordPress software up-to-date (which is the most important step you can take to secure your website), it is critical to make sure your site’s folder permissions are correct.

Folder permissions dictate who can make changes to files and folder on your web server.  These permissions can be easily (and often accidentally) changed, allowing an intruder to access and make changes to your content and settings.

WP Security Scan is a plugin for WordPress that can quickly detect security flaws and advise you how to fix them.  Along with checking critical folder permissions, WP Security Scan can create secure passwords, secure your database, hide your WordPress version (which prevents version-specific hacks), and protect your administrator account.

To get started, install WP Security Scan from your self-hosted WordPress installation by clicking Plugins –> Add New and search for ‘WP Security Scan’ (in newer WordPress versions), or by downloading the plugin from the WordPress Plugins Directory and manually uploading it to your server’s wp-content/plugins folder.

Once you have installed and activated the plugin in WordPress, click the newly created Security button on the Dashboard menu.

The main page for WP Security Scan will show critical security information in the top left corner of the screen (secure elements are shown in green, insecure elements are displayed in red with additional information).  The right side of the screen will display technical information about your web server.

wp-security-scan-mainscreenturnon

The next important step is to verify your folder permissions.  Under the Security tab on your WordPress dashboard, click Scanner.  This will display a list of critical WordPress folders, the permission the folders should be set at for maximum security (listed as “Needed Chmod”, and the folders’ current access level.  Folders with incorrect permissions will be displayed with red highlighting and secure folders will be displayed with green highlighting.

Bad File Permissions
Bad File Permissions

The easiest way to change your file and folder permissions is to use a program such as WinSCP or Filezilla to access your web server.  In these programs, you can simply right click a folder and select “Change Permissions”.  This will bring up a dialog box where you can type in the number listed in the “Needed Chmod” field of the WP Security Scanner.

Advanced users can optionally change their file and folder permissions by logging into their web server using a shell client such as Putty and manually edit their permissions with the chmod command.

Once you have corrected the incorrect file permissions, run the Security Scan again.  You should be presented with friendlier results as shown below.

Good File Permissions
Good File Permissions

WP Security Scan has plans to release additional features in the future including a single-click option to change file and folder permissions, testing for XSS vulnerabilities, intrusion detection/prevention, and lock out on multiple incorrect login attempts.

Have any other tips to keeping your WordPress self-hosted website secure?  Let us know by commenting below.