Category Archives: Security

Using PHPass password hasher with Zend Framework

In this tutorial, we will learn how to use PHPass, a portable PHP password hashing component, with the “glue”-based Zend Framework.  The popular PHP-based blogging platform WordPress utilizes PHPass to hash user passwords.  Using this library adds an extra level of security over a normal MD5-protected password. Continue reading Using PHPass password hasher with Zend Framework

WordPress Security: Primer & Advanced Techniques

WordPress is the most widely used open source blogging software in the world.  This didn’t happen overnight, and the developers over there have certainly earned their keep.  With any web application, especially a heavily used one, there are security risks and precautions we must take.  Without a security model and virtual barriers in place to protect us, it can be an all-out free-for-all for hackers. Continue reading WordPress Security: Primer & Advanced Techniques

OpenDNS is much more than you think

I recently came across a lovely, free service called OpenDNS by accident, and being the curious person that I am, I just had to read on to find out what it was all about.  Upon reading I found that OpenDNS was a neat little service, offering the following benefits to everyday people:

  • Anti-Phishing – Protects against phishing and scam sites at the lowest level of content filtering.
  • Content Blocking – Allows administrators (parents, managers, etc.) to block entire categories of sites. (Examples: Politics, Photo Sharing, Social Networking, Sexuality, Automotive, etc.)

    OpenDNS - Content Filtering
    OpenDNS - Content Filtering
  • www Navigation – Allows use of terms or keywords to get to your favorite sites.  For example, this is what you would put in your browser’s address bar with and without OpenDNS:
    • w/o OpenDNS:
    • w/ OpenDNS: anything-you-want
  • Statistics – View your top viewed domains, IPs, and more.  This allows parents to keep tabs on their kids, or network admins to keep tabs on Internet usage.
  • Typo Correction – OpenDNS can detect common typos in domain names.

    OpenDNS - Typo correction on Settings page
    OpenDNS - Typo correction on Settings page
  • Additional security – OpenDNS provides measures to prevent DNS Rebinding Attacks, and offers additional protection against malware/botware (IE Zero Day Exploit, Conficker Virus).
  • SmartCache Beta – This is a feature that allows users to surf the web even in the event of an authoritative DNS outage.  Read the SmartCache Beta press release for more info.
  • Improved reliability and speed – OpenDNS offers “global routing technology” that routes your requests to the closest OpenDNS server, and a more reliable network that is supposed to reduce pesky outages.

So far so good!  Since discovering the software, I have implemented it in two different locations, and both have benefited from it.  One implementation was for a parent of a teenage girl who kept downloading “games” and creating virus and malware outbreaks.  It turned out this was caused by sites disguised as the sites she usually visited… phishing sites.

If my opinion changes, you’ll be the first to know, but for now, two thumbs up for OpenDNS!

Visit the OpenDNS home page »