Rodney Campbell's Blog

Evolved IM Worms To Spread Across All Networks
Kaspersky Lab predicts that malware writers have developed IM worms capable of attacking all major IM networks. The company says that the industry will witness a rise in IM worms which can spread via multiple IM networks, triggering the demise of traditional IM worms, such as Bropia, Kelvia and Prex, which spread via single IM networks, such as MSN.

One in 600 social-networking pages host malware
ScanSafe has released its latest Global Threat Report on Web filtering, spyware and viruses. According to an analysis of more than five billion Web requests in July, ScanSafe found that on average, up to one in 600 profile pages on social-networking sites hosted some form of malware. 

Blackberry Security was a hot topic this year at Black Hat and Defcon. FX of Phenoelit presented Analyzing Complex Systems: The Blackberry Case. Jesse D'Aguanno of Praetorian Global presented his Blackberry Attack Toolkit (COming Soon) – His presentation Blackjacking – 0wning the Enterprise via the Blackberry is to be available soon. News features on the topic include BlackBerry a Juicy Hacker Target and Critical BlackBerry exploit to be released Aug 14

Retina MS06-040 NetApi32 Scanner
eEye Digital Security has created a standalone vulnerability scanner to help identify systems vulnerable to this flaw.

New Kind of Spam 'Un-Training' Filters?
This new spam has confused many people due to its lack of advertising, viruses, or request for personal information. One popular theory is that these innocuous blocks of text, often drawn from popular literature, are being used to "un-train" spam filters to allow more malicious spam through in the future.

Hacker Sophistication Outpacing Forensics
In the never-ending cat-and-mouse game between hackers and those charged with stopping them, it's pretty clear who's winning–and it's not the cat.

Google to continue storing search requests despite AOL gaffe
Although he was alarmed by AOL's haphazard release of its subscribers' online search requests, Google Inc. CEO Eric Schmidt said Wednesday the privacy concerns raised by that breach won't change his company's practice of storing the inquiries made by its users.

Serious BlackBerry Hack Threat Reported
Secure Computing warns that organizations that have installed their BlackBerry server behind their gateway security devices could be subject to a hacking attack when security researcher Jesse D'Aguanno is scheduled to release the code for his BlackBerry hack next week.

Defcon 14 Presentations
Archive of PDF's from Defcon 14.

Workers Ignore the Risks of Web Links and Attachments
A survey into the habits of 142 UK office workers conducted by Finjan has uncovered that although they know the security risk to their employers caused by clicking on web-links or opening attachments from unknown sources, they simply can't help themselves.

Microsoft fixes 23 flaws
Microsoft released a dozen fixes on its scheduled patch day, closing 10 critical security holes and another 13 noncritical flaws in the latest versions of the company's software.

Why Internet Security Continues to Fail
In his public farewell to the Internet security community three years ago this month, famed security researcher Rain Forest Puppy (RFP) opined that the Internet security community was allowing commercialism to trump common sense security thinking – a situation that he believed led to the growing Internet insecurity problem.

Why popular antivirus apps 'do not work'
Antivirus applications from Symantec, McAfee or Trend Micro — the three leading AV vendors in 2005 — are far less likely to detect new viruses and Trojans than the least popular brands.

In a previous article (Choosing a Blogging Software Package) I went through my thinking in selecting WordPress for my blogging software package. In this follow up article I'll detail my selections for extending and enhancing my WordPress Blog site with a Theme as well as the Plugins and Widgets I use.

WordPress Themes

Fundamentally, the WordPress Theme system is a way to "skin" your weblog. Yet, it is more than just a "skin". Skinning your site implies that only the design is changed. WordPress Themes can provide much more control over the look and presentation of the material on your website.

A WordPress Theme is a collection of files that work together to produce a graphical interface with an underlying unifying design for a weblog. These files are called template files. A theme modifies the way the site is displayed, without modifying the underlying software. Themes may include customized template files, image files (*.jpg, *.gif), style sheets (*.css), custom Pages, as well as any necessary code files (*.php).

There are hundreds of WordPress Themes to choose from. All do basically the same thing but graphically present the information in a myriad of ways.

I found a number of good resources for previewing a large number of freely available themes which made the process of visually selecting an appropriate theme easier. I've listed what I think are the best of those below:

• Theme viewer
• Using Themes/Theme List « WordPress Codex
• How to Blog : Comprehensive list of 960+ Free WordPress 1.5 and 2.0 Themes / Templates

My main technical criteria for selecting a theme to use with WordPress was WordPress 2.0 and Widgets support, because I wanted to be able to easily extend and enhance my wordpress blog site with additional features and capabilities (some of which I already had in mind – not the exact plugins but an idea of what I wanted them to do). I also wanted a theme which was fairly simple looking without too much on screen clutter and preferably one which had mostly white (or at least lighter elements) – I didn't want a dark or black theme. I was primarily interested in a two column layout (a main text column with a sidebar). I was initially hoping for a theme which auto sized the width depending on the resolution of the browser window – however these were pretty uncommon (and none I liked) with the vast majority of themes designed for a standard fixed width.

Eventually I had shortlisted about ten themes which included Binary Blue, DFire and Lush. As you can see I eventually selected a Widescreen version of Lush. 

This theme includes support for a number of useful items including some ajaxy items like live search (type a search string into my search box at the top right but don't hit Enter – just wait and see), the customized table-less comment form and various script.aculo.us visual effect enhancements. It also includes a print stylesheet, adjustable font size for improved readability (try clicking on the Large, Normal and Small links next to Readability at the top right) and it also has support for WordPress Widgets.

WordPress Plugins

Plugins are cool bits of programming scripts that add additional functionality to your blog. These are often features which either enhance already available features or add them to your site.

WordPress offers simple and easy ways of adding Plugins to your blog. From the Administraton Panel, there is a Plugin Page. Once you have uploaded a Plugin to your WordPress plugin directory, activate it from the Plugins Management SubPanel, and sit back and watch your Plugin work. Not all Plugins are so easily installed, but WordPress Plugin authors and developers make the process as easy as possible.

I found a number of good resources for finding a large number of freely available plugins which made the process of selecting appropriate plugins easier. I've listed what I think are the best of those below:

• WordPress Plugins Database
• Plugins « WordPress Codex
• Red Alt – WP-Plugins Download Interface
• WordPress Plugin Repository – Trac

You will most lilkely notice a pattern to the plugins I selected to use on my site – many of them add Ajax capability to the site. Ajax (short for Asynchronous JavaScript + XML) is all the rage these days on the Web 2.0 and the technology offers all sorts of interesting interactive capabilities which make web based applications seem more like desktop applications.

The plugins I have installed and use on my blog include the following:

• Inline Ajax Comments

This plugin allows for the ability to expand the comments of a post below the main post content using ajax. To see what this works like just go to the main page for my blog and find an entry which has comments and click where it says "show comments inline".

• Inline Ajax More

Inline Ajax More is a plugin that displays content that is hidden by WP’s <!– more –> Tag on the same page using AJAX (instead of linking to another page).

• Lightbox2

A plugin that turns linked images into neat Javascript-powered overlay popups. This plugin integrates the cool javascript done by Lokesh Dhakar. Lightbox 2 is seriously good stuff and I'd already been using it for some of my recent web based photo albums so adding Lightbox 2 support to my blog was a no-brainer.

Try this javascript based page overlay image viewer now by clicking on one of the thumbnails below and then mouse over the displayed popup image to see the Next/Previous navigation links: here are a few pictures of my family:

There are actually a number of different Lightbox based plugins for WordPress. I tested about half a dozen different ones and finally settled on this one; however if you are keen to test out another one I found the stimuli.ca Lightbox 2.2 plugin for WordPress to also be very good. 

• Sociable

Social bookmarking sites allow websurfers to save, catalog, and share interesting pages they find online. The Sociable plugin appends links (with icons) for your readers to use those sites to the end of each of your blog’s posts, increasing your potential audience.

• Ultimate Tag Warrior 3

Ultimate Tag Warrior allows you to add tags either through the Write Post page in wordpress in a tag box, on posts using an AJAXy box, and in posts using special syntax from external editors (or internally, if you’d like). From the write post page, you can also get suggestions for tags using the Tagyu service.

Once you’ve got your tags entered; you enter a realm of interesting ways of doing things with your tags – you can automagically have tags included at the top and bottom of your posts without making changes to themes and you can add a Tagcloud widget (built in) to your sidebar (which I have).

• EditorMonkey

EditorMonkey for WordPress 2.0 supercharges the built-in rich editor with the latest version of TinyMCE. EditorMonkey also provides an easier way to configure the built-in rich editor and can replace the comment editing area with a WYSIWYG editing area.

• DropCap First Character

Finally there is my own DropCapFirst Character plugin which DropCaps the first character of each post and page automatically.

WordPress Widgets

WordPress Widgets (WPW) is a plugin designed to provide a simple way to arrange the various elements of your sidebar content without having to change any code. Basically it breaks down the sidebars in themes into discrete blocks of goodness, and there is an interface for you to add, delete, and rearrange them by simply dragging and dropping.

The first thing you need is to install the Automattic » WordPress Widgets plugin – after that you can install widgets (like plugins) and activate and set them up in your sidebar.

I found a number of good resources for finding a large number of freely available plugins which made the process of selecting appropriate plugins easier. I've listed what I think are the best of those below:

• Plugins/WordPress Widgets « WordPress Codex
• WordPress Widgets

The widgets I have installed and use on my blog include the following: 

• LiveCalendar

LiveCalendar is a widget plugin for WordPress which energizes your calendar with the magic of Ajax. It allows for calendar navigation without refreshing the entire page.

Other Updates and Final Words 

A number of the plugins which I installed on the site make use of versions of the excellent script.alico.us and Prototype JavaScript Framework libraries (as does the Lush theme itself). Rather than having these javascript libraries being downloaded and sourced multiple times I made some modifications to the PHP code for any of these plugins which use these libraries to not pull in the prototype.js & effects.js javascript includes again because they already exist in the lush theme.

Just testing if Trackbacks and Pingbacks are working 🙂

http://redalt.com/ping

E-mail privacy in the workplace
Even with a well-heeled corporate privacy policy stating that all employee communications may be monitored in the workplace, the legality of e-mail monitoring is not as clear cut as one might think.

Secure Valuable and Sensitive Data in MySQL
Unlike database backup procedures, which can be automated, securing your data from the prying eyes of unauthorized users requires a certain amount of interaction from the system administrator. If you're using MySQL, there are some easy things you can do to secure your systems and significantly reduce the risk of unauthorized access to your sensitive data.

Black Hat: Hit spyware by punishing purveyors, experts say
Antispyware vendors are losing the fight against spyware creators and will have a tough time catching up, according to a panel discussion at the Black Hat security conference.

New tools test VoIP security
If your VoIP phone starts ringing off the hook, it might not denote a surge in your popularity–just that someone is trying one of 13 newly released security tools.

Day one at Black Hat
If you've been concerned about the death of Black Hat — either because of its purchase last November by CMP, or by the rumors you've heard of a "Microsoft track," — you can relax. The place is jammed.

Day two at Black Hat
The crowds are larger on this second day of Black Hat, though people are moving a little more slowly than yesterday, perhaps because of the free toga party last night at Caesar's Palace, marking the casino's 40th anniversary. Nevertheless, the conference sessions have been packed with intriguing information.