Why someone would hack a WordPress account

I wasn’t surprised people were trying to hack my blog. What surprised me were how many people were trying to hack my blog–there was a time when I probably had more hacking-related traffic than I had reader-related traffic.

If you have a WordPress blog, you’re probably in a similar situation.

Read more

Identify bad guys through writing style

This month’s Social Engineer podcast discussed a tactic to identify bad guys through writing style, something the hosts expressed surprise was possible.

This won’t be news to anyone who minored in English or Communications or Journalism. A lot of factors go into style—where we grew up, where our parents are from, what we read growing up, our life experience, and it really is like a fingerprint. Fitzgerald’s Gatsby called everyone “Old Sport,” and we all have something like that, it’s just usually more subtle. I’ll say, “taste this,” when my wife or mother in law will say “taste of this.” That’s a regional thing. I pick up on that because I’m interested in language. A really good linguist can pick up on a lot more than that, and machine learning can potentially pick up on still more.

If you recall, it was the Unabomber’s long manifesto that brought down Ted Kaczynski.  Other forensics proved it, but the investigation began with his brother’s observation that the manifesto “sounded like Ted.”

Read more

An insider’s account of the fall of Radio Shack

When I heard Radio Shack was going to be open on Thanksgiving day, I wondered why they would bother. The few Radio Shack stores near me are deserted on normal days, so I didn’t know why anyone would take time out of Thanksgiving Day to go to Radio Shack.

Based on this sad account from an employee who spent hard time working at Radio Shack, I was probably even more right than I thought. The first story, from Black Friday 2004, tells the tale of a store that, when all was said and done, probably lost money on Black Friday. And this was in an era when tech blogs would say, “Believe it or not, there are worse places to be at 6am on Black Friday than Radio Shack.”

I’m not sure anybody believes it now. Read more

This should go without saying: Upgrade your WordPress!

Apparently, 86% of WordPress blogs haven’t been upgraded yet to version 4.0 or 4.01, because they are vulnerable to a terrible cross-site scripting vulnerability.

If you’re reading this, and you have a WordPress blog, go update it. This post will still be here when you’re done. Read more

Goodbye Amazon Affiliates, hello Viglink

I’ve been an Amazon affiliate for more than a decade, which meant that if I mentioned a product, posted a link to Amazon and someone clicked the link and bought it, I got a little bit of money. It didn’t make me rich, but in a good year, I made a couple hundred dollars, which paid for the upkeep of the site.

Well, Amazon and the state of Missouri are fighting, so Amazon is discontinuing the affiliate program for Missouri residents. The loss won’t break me, but by the same token, it’s nice to have that money coming in to pay for things like equipment upgrades. I found Viglink, and I’m going to give that a try.

Read more

The difference that posting frequency makes when blogging

Some time ago, I gave the advice that it doesn’t really matter if you post every day or not.

I think my rationale was that quality matters more than quantity, or at least it should. And although I still believe that in an ideal world, quality should matter more than quantity, now I have around 18 months of data that I can look at.

Here are the trends that I see.
Read more

Putting blog updates on Facebook

Some unknown percentage of my Facebook friends are interested in my blog posts. And some other unknown percentage of them would be if they knew what I was posting. There are several ways to get WordPress to put blog post links on Facebook, but some work better than others. I’d like to thank Rob O’Hara for doing 90% of the R&D for me on that, by telling the world about FT Facepress II.

There was just one problem for me: My web server can’t send e-mail.

Read more

How to secure a computer like a spook

A link to the National Security Agency’s (NSA) guidance on hardening operating systems has been floating around various blogs today. But the NSA’s guidance on configuring Windows 7 and other recent operating systems is, to put it mildly, a bit incomplete.

What one government agency doesn’t do, another probably does. That’s usually a safe assumption at least. Enter the Defense Information Systems Agency (DISA). If you want to harden recent Windows operating systems, visit http://iase.disa.mil/stigs/index.html for guidance.
Read more