👓 Update now! Dangerous AMP for WordPress plugin fixed | Naked Security

Read Update now! Dangerous AMP for WordPress plugin fixed (Naked Security)
The popular plugin for implementing Accelerated Mobile Pages returned, patched, to WordPress.org last week.
Syndicated copies to:

👓 Securing WordPress’s membership settings | Roy Tanck

Read Securing WordPress’s membership settings by Roy Tanck (roytanck.com)
For as long as I can remember, it’s been possible to configure WordPress like this:
Screenshot of WordPress’s membership settings, as found under Settings -> General
In essence, this combination of settings translates to: “Please take my site. No seriously, it’s yours.“. Allowing new users to sign up, and then making them site administrators allows them to completely take over your site.

I’m really surprised that this is not a heavily protected option and can’t think of a reason people would really want to do such a thing.

Syndicated copies to:

👓 Two factor authentication overview | Nelson’s log

Read Two factor authentication overview (Nelson's log)
Bit of kerfuffle this week around Reddit, which had a security breach despite having two factor authentication enabled. Some basic introductory notes for folks wondering what’s going on. Two-…
Syndicated copies to:

👓 Putting Stickers On Your Laptop Is Probably a Bad Security Idea | Motherboard / Vice

Read Putting Stickers On Your Laptop Is Probably a Bad Security Idea by Joseph Cox (Motherboard)
From border crossings to hacking conferences, that Bitcoin or political sticker may be worth leaving on a case at home.

I had a very short conversation at the IndieWeb Summit 2018 in Portland with Nate Angell about the stickers on his laptop. Who knew he was such a subject area expert that Motherboard/Vice was using his material?

Of course this also reminds me that if academics, journalists, and publications/outlets were using webmentions when they credited creative commons articles, photos, audio, or other content, then the originator would get a notification that it was being used. This could also tip the originator off that their licensed content is being properly used.

Syndicated copies to:

👓 Fortnite is putting users at risk, to prove a point about Google’s Android monopoly | CNet

Read Fortnite is putting users at risk, to prove a point about Google's Android monopoly (CNET)
Commentary: Fortnite gives Google the middle finger, but both are failing us to some degree.

30% is a pretty high tax, particularly for such a massively large platform versus the direct costs for maintaining it. One would think that at their scale the cost would be significantly lower.

Syndicated copies to:

👓 How an Ex-Cop Rigged McDonald’s Monopoly Game and Stole Millions | The Daily Beast

Read How an Ex-Cop Rigged McDonald’s Monopoly Game and Stole Millions (The Daily Beast)
Jerome Jacobson and his network of mobsters, psychics, strip-club owners, and drug traffickers won almost every prize for 12 years, until the FBI launched Operation ‘Final Answer.’

A great little story here. I can see why Matt and Ben bought it.

Syndicated copies to:

👓 Why Sites Didn’t Automatically Update to WordPress 4.9.6 | WP Tavern

Read Why Sites Didn’t Automatically Update to WordPress 4.9.6 (WordPress Tavern)
WordPress 4.9.6 was released last week and was labeled a minor release. Minor releases trigger WordPress’ automatic update system. Shortly after its release, some users began questioning why …
Syndicated copies to:

So, apparently some time in October and unbeknownst to me, my website got (was given?) an SSL certificate so that it would resolve via https. I accidentally discovered this today and spent a few minutes setting up the appropriate redirects so that everyone is forced to use https links to access my site. I may still have a few administrative redirects and some bookmarklets to tweak along the way, but the whole process was far simpler than I would have expected.

A nice side benefit is that now the Simple Location data I’d like to use will now self-populate when I make posts relating to location!

Let them paste passwords | NCSC Site

Read Let them paste passwords (ncsc.gov.uk)
Allow your website to accept pasted passwords - it makes your site more secure, not less.

One of the things people often tweet to us @ncsc are examples of websites which prevent you pasting in a password. Why do websites do this? The debate has raged – with most commentators raging how annoying it is.

So why do organisations do this? Often no reason is given, but when one is, that reason is ‘security’. The NCSC don’t think the reasons add up. We think that stopping password pasting (or SPP) is a bad thing that reduces security. We think customers should be allowed to paste their passwords into forms, and that it improves security. Continue reading “Let them paste passwords | NCSC Site”

Syndicated copies to:

Trump private security force ‘playing with fire’ | POLITICO

Read Trump private security force ‘playing with fire’ (POLITICO)
The president-elect continues to employ a battalion of retired cops and FBI agents to protect him and clamp down on protesters.

Continue reading “Trump private security force ‘playing with fire’ | POLITICO”

Syndicated copies to:

Chris Aldrich is reading “Moving Toward SSL”

Read Moving Toward SSL (WordPress News)
We’re at a turning point: 2017 is going to be the year that we’re going to see features in WordPress which require hosts to have HTTPS available. Just as JavaScript is a near necessity for smoother…
Syndicated copies to: