40Tech

One of the bigger security-related stories over the past week concerns a vulnerability in WiFi Protected Setup (WPS). WPS is designed to be an easy way for inexperienced users to set up a secure network, using methods such as inputing a PIN from your router into your computer or other device. The problem is that the PIN, which is 8 digits long, is susceptible to brute force attacks. In fact, a free tool named Reaver can crack that PIN in just a few hours. This vulnerability exists regardless of the kind of security you’re using on your network, so even WPA2 is at risk. This means that the kid next door could get Reaver running, go off and watch a movie, and a few hours later he is in your network. The solution? Turn off WPS. Unfortunately, you can’t do this with modern Linksys routers.

Java is a bit tricky. A lot of applications use it, and many of them come bundled with their own version of the Java Runtime Environment (JRE) — which they happily and oh-so-helpfully install on your system. This leads to multiple and redundant installs of Java on your computer, each of which may contain potential security threats, and may well leave you scratching your head as to whether you can or should delete them. Wonder no more… JavaRa is a free, light-weight utility that will clean up the redundant versions of the Java runtime, as well as update you to the latest version — and it has a few other tricks up its sleeves, besides.

When we first told you about Hotspot Shield, it was to use the free Virtual Private Network to bypass blocked media, as well as increase your browsing security. Over a year later, we posted a tutorial on how to use the VPN to watch US Netflix outside of United States, using your iOS devices. Unfortunately, the Hotspot Shield sign up process for iOS was broken soonafter, and their customer service team didn’t have a lot to say about it. Now we know why: Anchorfree, the creators of Hotspot Shield have released an iPhone app that makes all of the steps go away, and even solves a few of the problems.

LastPass, our favorite password manager, has just introduced support for two-factor authentication through Google Authenticator. Two-factor authentication is a form of security that requires a user to present a second form of confirmation before being able to log in to an account. We previously wrote about how, for Google accounts, that second form of authentication can come via a one-time code generated by the Authenticator app for iOS, Android, and Blackberry. That same app can now be used with LastPass.

Perhaps it is just a coincidence, but I’ve had a couple of people that I know who have had their email accounts hacked recently. Given all of the personal information we send and receive in email messages, that can be a traumatic experience. One victim wondered if she should take a scorched earth policy, and move completely to a new email account. That’s normally not necessary. If you still have access to your account, you can take some steps to secure it, and keep the slimy criminal out.

If it seems like we’ve been focusing on security lately, it’s because we have been. After we got hacked a few weeks ago, we took extra steps to lock down the site. From plugging the initial vulnerability and removing the intrusion, to running scanners to make sure the site was clean, to installing a WordPress plugin to notify us if any file on the site is changed, to turning on two-factor authentication in Gmail so site passwords couldn’t be comprised via email, we’ve been extra-cautious. Perhaps no site is secure when faced with a determined hacker, but you can ever be too safe. One more tool that you can use on your own site, or to check the malware status and history of other sites, is Google’s Safe Browsing Diagnostic Tool.

The spanking new McAfee AntiVirus Plus 2011 is an upgraded version of the 2010 McAfee VirusScan Plus. There is, of course, more than just the cursory name change. The McAfee AntiVirus Plus 2011 comes with a number of extra protection features and a fresh interface, which makes the streamlining of complex, virus-protection tools easy.

Have you ever worried that your email account was hacked? I had a scare recently that turned out to be unfounded, but it got me looking into ways to further secure my Gmail account. I had heard of Gmail’s two-factor authentication before, but had only dabbled in it. I now have two-factor authentication activated on both of my accounts, and it is pretty unobtrusive, and adds significant security to my account.

Last week, we covered two tools to help you scan your website for malware. Another method to determine if your site has been hacked is to look at changes in your server files themselves. That, though, can be time consuming if you do it manually. If you use WordPress (the self-hosted variety), and you want to use an automated tool that detects changes to files, take File Monitor Plus for a spin.

Yesterday we compared Squarespace and WordPress, and I indicated that as slick as Squarespace was, 40Tech was going to remain on a self-hosted WordPress installation. Bloggers using a self-hosted instance of WordPress, though, need to make sure that their blogs are secure. That includes making sure that your blog isn’t already compromised. How do you do that? The easiest way to do that is to use external tools to scan your site. There are two that we use here at 40Tech, and recommend.