Web 2.0 Technology

by

GTUG-Addis

March 5,2011

Contents Introductions

Gtug-addis Who am I ? What is this presentation about ?

What is Web 2.0 ? Advanced searches

Real Time Comparative/computational searches

Social networking tools Securing your wordpress blog Using public internet/computers and security Basic online and offline security measures Links

GTUG-Addis GTUG - Google Technology Users Group GTUG-addis is a group dedicated for Addis

technology enthusiasts and professionals to come together and share their knowledge. All of the moderators of this site come from different walks of the technology life – software, hardware, network and security, so feel free to ask questions and make suggestions.

GTUG-addis will contribute to the society: students,professionals or anyone in technology trainings and consultings

Monthly meeting held @ iHub

Who Am I ? Fitsum Assalif Electrical Engineering + CCNA +SCNA +

MCITP+ GPEN Enterprise systems ( Windows, Linux/Unix)

and Security (Ethical hacking and penetration testing)

I like to participate in groups/associations for sharing knowledge and contributing what I know

I am not always correct ! so let me know if I make any mistakes

What is this presentation about ?

It is about Introducing GTUG-addis Basic online security, social networking and web

2.0 tools and tips Chance to discuss/request any type of technical

collaboration with/from GTUG-addis

It is not about Coding /web design

What is web 2.0 ?“ The term Web 2.0 is associated with web applications that facilitate

participatory information sharing, interoperability, user-centered design, and collaboration on the World Wide Web. A Web 2.0 site allows users to interact and collaborate with each other in a social media dialogue as creators (prosumers) of user-generated content in a virtual community, in contrast to websites where users (consumers) are limited to the passive viewing of content that was created for them. Examples of Web 2.0 include social networking sites, blogs, wikis, video sharing sites, hosted services, web applications, mashups and folksonomies. “ Wikipedia

Advanced Searches

Real Time Search

Searching real time update from public tweets and facebook posts

Using the normal web searches Google ( Use Realtime option ) Bing ( social search and twitter maps )

Social networking searches Openbook - http://openbook.org/ Tweetmeme - http://tweetmeme.com/ Picfog - http://picfog.com/ Socialmention - http://socialmention.com/

Comparative/computation searches

Statistical, comparative and trends Comparative/computational

Wolfram Alpha ( http://www.wolframalpha.com/ ) Google trends ( http://www.google.com/trends ) Google squared … (in labs and a little complicated

currently )

Public Data Google public data explorer

( http://www.google.com/publicdata/directory )

Social networking tools

If you want to see all your social network account updates,notifications and messages on one window like me !

TweetDeck ( https://www.tweetdeck.com/ ) Desktop,Android,Chrome... Coming to iphone and

ipad

Yoono ( http://yoono.com/ ) Chrome,Firefox,iphone,ipod touch,ipad Windows,Mac and Linux

Securing your wordpress blog

Why would anyone want to attack my blog ?

There is nothing valuable on my blog ! I only have very few visitors ! I turned off comments, I am secure ! Not necessarily, hacker will upload or inject

spam urls Malware files DOS (hacking 100 small blogs and inserting a link

to launch 10 instances = 1000)

1- DO NOT USE ADMIN ACCOUNT

Create a new account Make the username very unique Assign the new account an Administrator role Log out and log back in with new account Delete original admin account

2- USE STRONG PASSWORDS

alphanumeric+symbols+upper and lower cases Create random passwords

goodpassword.com

Convert existing ones to complex password P@55w0rd Ilovemom 1L0v3M0m

3- KEEP WP and PLUGINS UPDATED

Update WP Core Code

Keep theme files current

Keep all plugins current

4- REMOVE WP VERSION FROM HEADERS

Viewing source on most WP sites reveal the version they are running <meta name="generator" content="WordPress 2.8" /> <!-- leave this for stats -->

This helps attackers find vulnerabilities on the current version easily

Themes and plugins might also display versions in your

header.

5-USE SECURITY PLUGINS

WordPress Security Scan WordPress Exploit Scanner WordPress File Monitor Login Lockdown Plugin

6 - ...

Use Secret Keys Hide your plugin directory Edit configuration files to change default

names/values before installation eg. table prefix wp_ to something unique axc_

Check Google Web Master tools to see if your site has been compromised and it will tell you why

BACKUP … BACKUP and BACKUP

And If you still get HACKED ?

Give up and Join the Circus !

Using Public Internet/Computers

and Security

...is to scare the wp_crap out of you!

Purpose of this topic

Using Public Internet

Public Internet: Open and shared by anyone (mostly Wi-Fi)

Cafes, Internet Cafes, Hotels,Libraries, and open spaces

Advantage Open access to anyone Don't have to carry your dongle anywhere Increases internet access coverage for the public

Risks Wi-Fi : Open Wi-Fi, MITM, Rogue Access Point Who is running the network ? reputable and well-

known entity ?

Using Public Internet

Open Wi-Fi Problem : Anyone with basic internet and

computer knowledge can access your account if you working on the same connection

Solution : Use full SSL communication with every service you use online

Account Settings > Use SSL (gmail,hotmail,facebook … )

Firefox Users: HTTPS Everywhere Chrome Users: Prefer HTTPS, SSL Enforcer IE Users : :(

MITM (Man/Monkey in The Middle) attacks: If you are using a Wi-Fi and the wifi gets disconnected many times and comes with different channels

Firesheep

MITM

Using Public Computers

Risks Key Loggers : software recording every keystroke

you made Cookies left on the computer

Solutions: If you have to use internet in a place where are not

sure about the reputation; use your own browser on USB drive with keyscramblers

Firefox Addon: “keyscrambler”

Basic Online and Offline Security measures

DATA Types Data in Use Data in Motion Data at Rest

Security Online security Data leak protection (DLP) Lost data prevention (LDP)

Online Security

Protecting your credentials as well as data while you are online

OS Hardening Disable unnecessary services Updates and patches must be applied Anti-Malware Systems (anti-virus, anti-spam,firewall,HIDS)

Browser security Latest updates Firefox: No Script, WOT – Web Of Trust,Better Privacy,

Adblock, Flashblock, Ghostery

Offline Security

OS Hardening Encryption:

Partition: encrypt a separate partition for secure data storage

File Container: folder like file holding files. Can be created on a computer or removable media

Full Disk: Encrypt the whole computer disk

Questions ?

Thank You !