Passwords: the weakest link in WordPress security

•

0 gefällt mir•2,008 views

jessepollak

Brennen Byrne's talk on passwords at WordCamp Chicago 2014.

Technologie Unterhaltung & Humor

passwords
the weakest link in wordpress security
@brennenbyrne#wcchi

this talk is about
security
@brennenbyrne#wcchi

a lot of people think security is
hard
@brennenbyrne#wcchi

a lot of people think security is
hard
confusing
@brennenbyrne#wcchi

a lot of people think security is
hard
confusing complicated
@brennenbyrne#wcchi

a lot of people think security is
hard
confusing complicated
technical
impossible
frustrating
not for you
painful
infuriating
@brennenbyrne#wcchi

but we all know that it’s
important
@brennenbyrne#wcchi

but we all know that it’s
important
and my job is to make it
easy
@brennenbyrne#wcchi

hello, my name is brennen
(@brennenbyrne)
@brennenbyrne#wcchi

I’m a founder of Clef
(getclef.com)
@brennenbyrne#wcchi

for the next 30 mins
★ zombie army
★ two step (logins)
★ ssl
★ password rot
★ what you can do
@brennenbyrne#wcchi

getclef.com/wcchi2014
getclef.com/wordpress-security-checklist
slides
@brennenbyrne#wcchi

passwords
“The weakest link in the security of anything
you do online is your password.”
@brennenbyrne
—vip.wordpress.com/security
#wcchi

heartbleed
jetpack
http cookies
@brennenbyrne#wcchi

it’s time to talk
about the zombie
army.
@brennenbyrne#wcchi

the old way to break a password
@brennenbyrne#wcchi

2. guess common passwords
1. virus that watches you type
3. “advanced interrogation”
@brennenbyrne#wcchi

in order to defend myself
@brennenbyrne#wcchi

2. limit wrong guesses
1. don’t download viruses
3. don’t anger enemy nation-states
@brennenbyrne#wcchi

but attackers have gotten smarter
@brennenbyrne#wcchi

the zombie army is what happens to you
when other people download viruses
@brennenbyrne#wcchi

their computers become
zombies
@brennenbyrne#wcchi

sites infect visitors’ computers
zombies attack sites
visitors join zombie army
bigger army attacks more sites
@brennenbyrne#wcchi

zombies swarm and attack your site
from millions of diﬀerent computers
@brennenbyrne#wcchi

the zombie army is attackers’
response to our better defenses
as wordpress becomes a better target
the incentives for breaking it rise
@brennenbyrne#wcchi

something you
@brennenbyrne
the steps
know
#wcchi

something you
something you
@brennenbyrne
the steps
know
have
#wcchi

something you
@brennenbyrne
the steps
know
something you have
something you are
#wcchi

@brennenbyrne
the only thing better
than one factor of
authentication is…
two factors
#wcchi

the old way of doing this meant:
!
1. typing your password
2. getting a text with a bunch of numbers
3. typing in the bunch of numbers
!
(google authenticator)
@brennenbyrne#wcchi

@brennenbyrne
clef, the plugin i work on, skips
the password to make
two-factor much easier.
#wcchi

@brennenbyrne
s = safe
ss = safe safe
ssl = safe safe lock
it actually stands for “secure socket layer”
#wcchi

without ssl, everything is public
@brennenbyrne
only do stuﬀ you wouldn’t
mind standing on a table
and yelling about in a
coﬀee shop
i.e. no passwords or credit cards
#wcchi

@brennenbyrne
your password is strongest
on the day you set it
#wcchi

@brennenbyrne
your password is strongest
on the day you set it
it gets weaker every day
after that
#wcchi

2. more computer power available
1. more time for attacker to crack
3. greater chance you’ve reused
@brennenbyrne#wcchi

passwords pit our
memories against
computer brute force —
we are going to lose
@brennenbyrne#wcchi

@brennenbyrne
one weird trick to protect
your site from all attacks
#wcchi

use two factor for admin
@brennenbyrne
otherwise
install bruteprotect and cloak
read wordpress security checklist
getclef.com/wordpress-security-checklist
#wcchi

Weitere ähnliche Inhalte

Andere mochten auch

WordPress as a CMS

Matthew Vaccaro

You are working with WordPress when you find yourself in the strange, dimly lit Cave of Community. Gradually you can make out two passageways. One curves downward to the right; the other leads upward to the left. The choices you make in the WordPress community define your WordPress adventure. I’ll share stories of decisions and outcomes I’ve seen during my three years as a WordPress community manager.

WordPress Community: Choose your own adventure

Andrea Middleton

Por um wordpress mais seguro

Flávio Silveira

WorryProof WordPress - Backup Strategies for Your Web Site

Nathan Ingram

THE WORDPRESS DASHBOARD DEMYSTIFIED

BobWP.com

The world is full of amazing things, and if you’re like me you would like to see as much of this beautiful planet as possible. The existence of the Internet has made working off grid a real possibility for people. During my talk I will discuss my experience running a WordPress business while being “off-grid”, the types of products that make this lifestyle a possibility, and the challenges that come along with it.

Working Off Grid & Remote

travistotz

Builing a WordPress Theme

certainstrings

BuddyPress is a plugin created by the makers of WordPress, Automattic. It's an incredible tool that is rarely understood and under appreciated. In this presentation I illustrate how we harnessed the power of BuddyPress to build a project management system called chekmrk. Our topics include, Why project management apps are important. How we chose BuddyPress to build chekmrk. Why chekmrk is different. How we used BuddyPress to build chekmrk.

BuddyPress Tips: How We Built chekmrk

Wes Chyrchel

Wcto2012- after the install

Al Davis

Adventures in Non-Profit Web Design

Melodie Laylor

WordPress Security & Backups 101

Maeve Lander

WortdPress Child themes: Why and How

Paul Bearne

WordCamp Nashville: Clean Code for WordPress

mtoppa

The Best SEO Plugin for WordPress

2 the Top Web Design & Marketing

Using Theme Frameworks for rapid development and sustainability

Joel Norris

CSI: WordPress -- Getting Into the Guts

Dougal Campbell

Make Cash. Using Open Source. And WordPress.

sogrady

Andere mochten auch (17)

WordPress as a CMS

WordPress Community: Choose your own adventure

Por um wordpress mais seguro

WorryProof WordPress - Backup Strategies for Your Web Site

THE WORDPRESS DASHBOARD DEMYSTIFIED

Working Off Grid & Remote

Builing a WordPress Theme

BuddyPress Tips: How We Built chekmrk

Wcto2012- after the install

Adventures in Non-Profit Web Design

WordPress Security & Backups 101

WortdPress Child themes: Why and How

WordCamp Nashville: Clean Code for WordPress

The Best SEO Plugin for WordPress

Using Theme Frameworks for rapid development and sustainability

CSI: WordPress -- Getting Into the Guts

Make Cash. Using Open Source. And WordPress.

Mehr von jessepollak

Building Trust on the Blockchain: The Importance of Mental Models

jessepollak

Passwords: the weakest link in WordPress security

jessepollak

Passwords the weakest link in word press security

jessepollak

Passwords: the weakest link in WordPress security

jessepollak

WordPress Security Update: How we're building the web's most secure platform ...

jessepollak

Cryptography 101 (with math)

jessepollak

Cryptography 101

jessepollak

Passwords: the weakest link in WordPress security

jessepollak

Clef security architecture

jessepollak

The WordPress community has a huge security challenge on the horizon. Now powering almost 20% of the Internet, WordPress lets us build businesses and lifestyles behind a single password. Protecting one site is hard, but the real challenge is making sure that distributed attacks across WordPress sites don't find unprotected sites to attack. In this talk, Brennen Byrne, the CEO of Clef, discusses the attacks and defenses being established in the new security paradigm and the new strategies being worked on to protect your site from the robot army.

Passwords and Botnets and Zombies (oh my!)

jessepollak

Anatomy of a WordPress Hack

jessepollak

Mehr von jessepollak (11)

Building Trust on the Blockchain: The Importance of Mental Models

Passwords: the weakest link in WordPress security

Passwords the weakest link in word press security

Passwords: the weakest link in WordPress security

WordPress Security Update: How we're building the web's most secure platform ...

Cryptography 101 (with math)

Cryptography 101

Passwords: the weakest link in WordPress security

Clef security architecture

Passwords and Botnets and Zombies (oh my!)

Anatomy of a WordPress Hack

Kürzlich hochgeladen

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Histor y of HAM Radio presentation slide

vu2urc

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

How to convert PDF to text with Nanonets

naman860154

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Kürzlich hochgeladen (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Powerful Google developer tools for immediate impact! (2023-24 C)

GenAI Risks & Security Meetup 01052024.pdf

Histor y of HAM Radio presentation slide

GenCyber Cyber Security Day Presentation

Presentation on how to chat with PDF using ChatGPT code interpreter

08448380779 Call Girls In Friends Colony Women Seeking Men

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Finology Group – Insurtech Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Boost PC performance: How more available memory can improve productivity

2024: Domino Containers - The Next Step. News from the Domino Container commu...

How to convert PDF to text with Nanonets

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

presentation ICT roal in 21st century education

CNv6 Instructor Chapter 6 Quality of Service

Passwords: the weakest link in WordPress security

1. passwords the weakest link in wordpress security @brennenbyrne#wcchi

2. this talk is about security @brennenbyrne#wcchi

3. a lot of people think security is hard @brennenbyrne#wcchi

4. a lot of people think security is hard confusing @brennenbyrne#wcchi

5. a lot of people think security is hard confusing complicated @brennenbyrne#wcchi

6. a lot of people think security is hard confusing complicated technical impossible frustrating not for you painful infuriating @brennenbyrne#wcchi

7. but we all know that it’s important @brennenbyrne#wcchi

8. but we all know that it’s important and my job is to make it easy @brennenbyrne#wcchi

9. hello, my name is brennen (@brennenbyrne) @brennenbyrne#wcchi

10. I’m a founder of Clef (getclef.com) @brennenbyrne#wcchi

11. for the next 30 mins ★ zombie army ★ two step (logins) ★ ssl ★ password rot ★ what you can do @brennenbyrne#wcchi

12. getclef.com/wcchi2014 getclef.com/wordpress-security-checklist slides @brennenbyrne#wcchi

13. passwords “The weakest link in the security of anything you do online is your password.” @brennenbyrne —vip.wordpress.com/security #wcchi

14. heartbleed jetpack http cookies @brennenbyrne#wcchi

15. it’s time to talk about the zombie army. @brennenbyrne#wcchi

16. the old way to break a password @brennenbyrne#wcchi

17. 2. guess common passwords 1. virus that watches you type 3. “advanced interrogation” @brennenbyrne#wcchi

18. in order to defend myself @brennenbyrne#wcchi

19. 2. limit wrong guesses 1. don’t download viruses 3. don’t anger enemy nation-states @brennenbyrne#wcchi

20. but attackers have gotten smarter @brennenbyrne#wcchi

21. zombie army @brennenbyrne#wcchi

22. the zombie army is what happens to you when other people download viruses @brennenbyrne#wcchi

23. their computers become zombies @brennenbyrne#wcchi

24. sites infect visitors’ computers zombies attack sites visitors join zombie army bigger army attacks more sites @brennenbyrne#wcchi

25. zombies swarm and attack your site from millions of diﬀerent computers @brennenbyrne#wcchi

26. 2. limit wrong guesses 1. don’t download viruses 3. don’t anger enemy nation-states @brennenbyrne#wcchi

27. the zombie army is attackers’ response to our better defenses as wordpress becomes a better target the incentives for breaking it rise @brennenbyrne#wcchi

28. two step @brennenbyrne#wcchi

29. something you @brennenbyrne the steps know #wcchi

30. something you something you @brennenbyrne the steps know have #wcchi

31. something you @brennenbyrne the steps know something you have something you are #wcchi

32. @brennenbyrne the only thing better than one factor of authentication is… two factors #wcchi

33. the old way of doing this meant: ! 1. typing your password 2. getting a text with a bunch of numbers 3. typing in the bunch of numbers ! (google authenticator) @brennenbyrne#wcchi

34. @brennenbyrne clef, the plugin i work on, skips the password to make two-factor much easier. #wcchi

35. ssl @brennenbyrne#wcchi

36. @brennenbyrne s = safe ss = safe safe ssl = safe safe lock it actually stands for “secure socket layer” #wcchi

37. @brennenbyrne s = safe ss = safe safe ssl = safe safe lock it actually stands for “secure socket layer” #wcchi

38. @brennenbyrne s = safe ss = safe safe ssl = safe safe lock *it actually stands for “secure socket layer” #wcchi

39. @brennenbyrne s = safe ss = safe safe ssl = safe safe lock *it actually stands for “secure socket layer” #wcchi

40. without ssl, everything is public @brennenbyrne only do stuﬀ you wouldn’t mind standing on a table and yelling about in a coﬀee shop i.e. no passwords or credit cards #wcchi

41. password rot @brennenbyrne#wcchi

42. @brennenbyrne your password is strongest on the day you set it #wcchi

43. @brennenbyrne your password is strongest on the day you set it it gets weaker every day after that #wcchi

44. 2. more computer power available 1. more time for attacker to crack 3. greater chance you’ve reused @brennenbyrne#wcchi

45. passwords pit our memories against computer brute force — we are going to lose @brennenbyrne#wcchi

46. what to do @brennenbyrne#wcchi

47. @brennenbyrne one weird trick to protect your site from all attacks #wcchi

48. @brennenbyrne delete it. #wcchi

49. use two factor for admin @brennenbyrne otherwise install bruteprotect and cloak read wordpress security checklist getclef.com/wordpress-security-checklist #wcchi

50. getclef.com/wcchi2014 getclef.com/wordpress-security-checklist slides @brennenbyrne#wcchi

Passwords: the weakest link in WordPress security

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (17)

Mehr von jessepollak

Mehr von jessepollak (11)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Passwords: the weakest link in WordPress security