have i been pwned?

With all the security breaches  going around, it’s hard to keep track on which sites got broken into, what was stolen, and, most importantly, if you are affected.  have i been pwned? website provides a very simple interface to check if your account data was leaked, across more than a hundred websites.

pwned

Try it out … you might be surprised.  Like I was. :)

28 Ways to Secure WordPress Website

28 Ways to Secure WordPress Website covers, as the title says, quite a few ways to make your WordPress website more secure.  There is no absolute security, and there are always more that you can do, but this is a good start.  Apart from all the useful advice, the article also tells you why you should care:

“Why would anyone hack my site?” – you ask

Let’s be clear. Your site is likely not special. Unless your firm’s name is CNN.

The fact is that most – or the great majority, rather – of attacks are automated. This means that various bots (pieces of software) developed by hackers crawl the web and look for vulnerable sites.

Then if they’re successful, the site gets added to the hacker’s portfolio, so to speak, and can be used for various purposes.

In other words, your site by itself is no special, but 10,000 sites just like yours is pure gold for a hacker. Such a network of hacked sites can be used for things like black hat SEO, mass email sending, database scraping (to get your users’ personal info), and so on.

You really shouldn’t feel overly safe just because/if you run a relatively small website.

Hackers don’t discriminate.

How fast has computing become?

Jeff Atwood has an excellent blog post, about the increase in computing powers of the modern CPUs and GPUs and the affects of those on things around us.  In particular – games such as chess and Go, and password cracking.

Every time you see a new video card release, don’t think “slightly nicer looking games” think “wow, hash cracking and AI just got 2× faster … again!”

Fascinating read!

Let’s Encrypt is not in Beta anymore

Let’s Encrypt – anew Certificate Authority, which is free, open, and automated – announced that it’s leaving beta.  Just look at how many SSL certificates they’ve issued, and at what rate!

Issuance-April-10-2016

I’ve first written about Let’s Encrypt back in November 2014.  It hasn’t been that long ago, but boy, what a journey!

Single Sign-On Between SugarCRM and Request Tracker

As mentioned before, over the last few month I’ve been involved in quite a few integration projects, using mostly SugarCRM and Request Tracker.  One of the interesting challenges was the Single Sign-On (SSO) between the two.

Continue reading Single Sign-On Between SugarCRM and Request Tracker