Tag Archive for Security

Twitter – Verified or not?

March 9, 2012 No comments

Every now and then I come across a Twitter user who puts a ✔ after their user name or uses the words Verified Account in their profile. They do this to add an air of legitimacy to the account, to make them more plausible. I have seen an increase in and reported spammers over the last week who are using these ‘tricks’ to make them appear to be legitimate accounts.

The spam users have been trying various phishing tricks to get people to part with various bits of information, usually with a link to a legitimate looking webpage for a bank or courier firm. Pretty much what you see in the phishing e-mails, I guess you can say it is evolution.

Twitter verifies very few accounts in the great scheme of things, they did at one point have a public verification system in Beta test but this has now been closed and now they only verify things like, brands, partners, major celebrities, bands, politicians, law enforcement & government departments.

If you are using twitter.com when you look at a legitimate verified account from Twitter it will have this icon

after the user name like this

it won’t be in the profile, it won’t be after the @staffspolice user name, it will be clearly shown at the end of the bold user title at the top.

If you are using one of the desk top Twitter clients the verified logo may look like the one above or it may be more subtle like this.

in the iPhone app the same account looks like this

with a tick in a blue cut away corner denoting that the account is verified by Twitter.

If the Twitter account doesn’t have this icon next to the user name then it isn’t verified by Twitter, which means that they have not had to provide whatever proof Twitter require to prove legitimacy. This doesn’t mean that it isn’t necessarily an ‘official’ account, just that Twitter haven’t given it their stamp of approval.

Thanks to the work done by @nickkeane all the main accounts for UK Police forces are verified with Twitter, most of the ‘sub’ accounts for specialist units like Dog Units, Air Support Units & Neighbourhood Policing Teams aren’t, but you could check the validity of these by looking for a page like this from Staffordshire Police that lists all their official social media channels on your local force website.

If you want to check any twitter account yourself, you can do this by going to https://twitter.com/ to get to the Twitter home page (make sure you use https and not just http) then in the address bar enter the user name, without the @ after the / and press return.

https://twitter.com/staffspolice

this will return the user home page for that account and you will be able to see clearly on there if the account is verified or not. As I said earlier if the account isn’t verified, it doesn’t mean that it isn’t an official account, just that it isn’t verified by Twitter.

As ever the usual safety rules apply with Twitter, if some person or company contacts you out of the blue asking you to provide them with personal details or sending you links to pages where you have to enter personal details then ignore them.

 

 

Advice and Guidance, Blog, Quick Tips , , , , ,

Don’t get caught out by .com domain scams

August 30, 2011 No comments

If you have a .com domain for your hyperlocal site you may find that you get an E-mail like the one below around about the same time as the domain registration needs to be renewed, telling you that you need to submit a payment for you ‘search engine registration’

There is no need to submit a payment of $75 for search engine registration so you customers can locate you on the web. The ‘service’ provided here is a bit like me sending you a letter asking you for £75 to make sure your address is registered with the Post Office so you can get your letters. No search engines used by Joe Public require any form of payment to register your domains with them.

These E-mails are sent by companies using the public data held by the .com registrars by scammers to try and get your credit card details. I clicked through the ‘Submit Secure Payment’ link in the E-mail to the page below which asked me to enter my card details and offered me a selection of discounts for giving them increasing amounts of money.

As you can see it has two logos on the page that tell you it is secure but if you look in the address bar it isn’t a secure payment domain using https. It is just a simple form that will harvest your credit card details.

The $450 dollars fro 10 years registration with a 40% discount may sound like a good deal, but it is for a service you don’t need and I’m pretty sure your credit card will be hit with a lot more than $450 if you do fill the form in.

You may also find that your prized domain could be transferred to a new hosting provider who will then lock you in to their services and ramp the costs up so rather than around £8.99 annual renewal for your domain you might find that it is $50 and when you try and transfer it back to your own hosting provider you will be hit with charges for breaking the hosting ‘contract’ with the scammers.

Everything you should ever need to do with any domains you own should be able to be carried out using the control panel that is accessible from the company you purchased the domain from.

Top Tips

  • Know which company you purchased your domains with
  • Only deal with them by logging in to their control panel or by phone
  • Don’t respond to unsolicited E-mails like the one above.
Blog , , , , , , , ,

Quick password security tip for your WordPress blog

August 1, 2011 2 comments
username1

A quick security related post for your wordpress blogs. I’m going to tell you about the importance of  having a secure password *yawn* and also the benefits of having a different username.

Passwords

Always use strong passwords on your wordpress blog, this is a given, everyone tells you to have a strong password and wordrpress will check your password as you sign up to make sure it meets a minimum requirement. Using names, or numerical sequences as your password is a really bad idea. Your password should include upper & lowercase letters, some numbers and if you can the odd symbol like $%*!. The problem with strong passwords is remembering them but there are a number of solutions out there to help you remember your passwords if you ask Google.

Usernames

Everyone concentrates on making sure that you have a strong password for your site, just as I have done here, but another handy defence is to have your username different to your display name. What do I mean by this? Ok first a quick question, how many of you log in to wordpress using your real name and have your name displayed next to your posts in the same format like this?

Hands up..

So quite a few of you then?

Read on.

If you log in to your blog as BobSmith the chances are that your posts will be published as Bob Smith, this gives hackers a head start when it comes to trying to get in to your site, they already know one part of the two part security authentication, (Username & Password), it is almost like giving them the first 2 digits of your cash card PIN. Now if you were to change your login name from Bob Smith to say FluffyBunny36 any potential hacker has 2 things to guess to gain access so doubling the amount of work they need to do to get to your prized possession.

Mixing up your login name and display name isn’t as difficult as it sounds in WordPress. From the dashboard just go to Users >> My Profile as you can see in the screen grab below you can can change your either your username or your display name.

If you want to change your username use the link to the right of your username at the top of the page, if you want to change your Display name then just change it in the box next to where it says Display Name Publicly As, apply the changes and job done, you have made your wordpress blog a little bit more secure.

This was written for people using wordpress.com but it also has relevance to people on self hosted wordpress sites, although usernames can’t be changed on self hosted sites, you do have the ability to create new users, and you don’t use the main admin account as your account for posting and updating do you?…

Caution!

If you do decide to change your username please make sure you read the information on the change username page as by default wordpress associates your username with some other services and changing your username will affect these.

 

 

 

Advice and Guidance, Featured, Quick Tips, Wordpress Guides and Tips , , , ,

Twitter Spam

July 18, 2011 One comment

There seems to have been an increase in Twitter spam over the past week, with people sending out tweets like ‘Is this you in this photo [link]‘ or ‘I’m sure this is you in this video [link]‘ and ‘Want to make between $3000 & $8000 a month click here [link]‘.

The first and most important thing is to not click on the links, even if the tweet comes from someone you know and trust. The second thing is to let the person tweeting the links that they have been sending out spam links.

The safest way to sort out problems with spam tweets is to, login in to Twitter and go to https://twitter.com/settings/applications this page will list all the applications that you have authorised to use your Twitter account.

Review this list and revoke access to anything that you don’t know what it is for or you don’t recognise.

When you have done this go and change your Twitter Password at https://twitter.com/settings/password and this should stop any spam tweets from your account.

Always make sure that the Twitter URL is https so you know it is secure.

Don’t worry if you do revoke access to an application that means something stops working you can always go re-authorise it later.

Advice and Guidance, Blog, Other Tools and Tips, Quick Tips , , ,

WordPress.org Security Advisory

June 22, 2011 3 comments

If you have migrated your site from the hosted wordpress.com to self hosted wordpress.org they there is a security warning that you need to be aware of if you use the following plugins

[checklist]

  • WPTouch
  • AddThis
  • W3 Total Cache

[/checklist]

See this post on wordpress.org for full details.

[geolocation]

Blog, Wordpress Guides and Tips , , , , , , ,
« Older Entries  

  • Newsletter sign up

  • New posts sign up