Recently I had attended a conference EMERGE OUT Delhi by NASSCOM. One of the speaker in the conference was Mr. Rajan Anandan who is the Managing Director of Google India! His best words were, if you want to be a successful in next 2-3 years then switch to mobile application development and as a company if you wish to become a millionaire or billionaire then hire 100 mobile application developers. His words motivated me a lot and forced me to start learning mobile application development.

Let’s find out that how can we actually start diving deep into learning Android:

1. developer.android.com

This website is sufficient for someone to learning android app development. It acts as a guide which covers from soups to nuts of android development. It also has a training feature where step by step methods are used.

2. TheNewBoston Channel on YouTUBE (Thanks to Abhishek Gahlot for sharing)

As per Mr. Anandan in the coming times, 90% of a website’s content will be video. Since every likes watching a video. So the above mentioned channel has 200 videos for dedicated android training.

The above mentioned resources are more than sufficient for someone who wish to learn android.

Recently one of my close friend’s WordPress site got attacked and he approached for a possible solution. After some basic assessment I found that the attacker had accessed the database and deleted the entries from wp_users table. So after restoring the values, the site started working smoothly. This experience led to the inspiration for writing this article. Before we start, let’s find the reasons for a possible attack:

1. Site Hosted on a Vulnerable Server: Most of the times a WordPress site gets attacked just because of a vulnerable server since WordPress is highly secured from various attacks. So running after cheap web hosts isn’t a good decision.
2. Badly Configured WordPress Installation: Most of the times the site isn’t properly configured in terms of security which leads to many exploits.

Now let’s consider a attack scenario to understand the topic in a better way:

An attacker first of all attacks the most vulnerable site hosted on a server. After that he simply uploads a script known as shell and tries to traverse the whole server, which results in access to many websites. Most of the times a SymLink Attack is done to get access to all the domains hosted on that particular server. This results to access the wp-config.php file of any site using WordPress. Now the attacker gets access to the database and simply adds a new user to the database or modifies the password of the present user. Finally he logs into the admin panel and modifies any theme or plugin with the shell and thus gains full access.

Nowadays we can easily setup a blog and start our journey as a blogger and all thanks to wordpress for providing such a wonderful platform for blogging. More than 54% websites are using WordPress and majority installations are quite vulnerable due to improper configuration. Now do we need to become a security expert to secure our wordpress installation? The answer is “NO”, we simply need to follow some steps which would provide sufficient security though it doesn’t mean that the security can’t be breached; reason behind vulnerability may be present in any component of the website or webserver which in turn can cause an attack.

So following are the steps to be followed:

Protecting wp-config.php

The most important file of the WordPress installation is the wp-config.php which needs to be protected at any cost.

1. File Permission: Permission may be changed to 400 or 440.
2. .htaccess Protection: This provides a protection from SymLink attacks.

</pre>
<pre>&lt;files wp-config.php&gt;
order allow,deny
deny from all
&lt;/files&gt;</pre>
<pre>

Recently I had attended a two day workshop on Information Security at my college. The workshop exposed to a various topics of the security domain. Out of which my personal favorite was the web based security and truly speaking, a person needn’t become a hacker to breakdown a website’s security since a simple search yields sufficient information required to launch an attack.

It will be foolish to say that a website is fully secured and can’t attacked because vulnerability may be present in any of the component of the website or the server may be using some outdated components which can be sufficient to launch an attack. So it becomes very tough for a normal user to have a determine that is their content secure or not?

In my last semester, we were taught software engineering which was quite an interesting subject since it gave a great exposure to various topics of software engineering. So the most appealing was the software quality; if we follow some rules, regulations, standards, etc. then we can drive-off many issues on both the functional and non-functional end.

Hey Folks,

After a long time, I had to spare some time for writing this article since today it became the black day in the history of Indian Blogging. The most influential blogging site of India, Digital Inspiration run by Amit Agarwal got attacked and all the data was deleted (link). Amit Agarwal, who is India’s First Professional Blogger and he has always been a source of inspiration for all the indian bloggers. His worthy efforts has allowed India to get a place in the worldwide competition of top blogs. I’m really very dejected with this sort of attack

About the Attack

Few days back, the hacker(Ocim32) had injected an adf.ly script in www.labnol.org and generated revenue of $28. The script was removed several times though the attacker managed to reinsert it. On 27^th June, the site was hacked but somehow recovered (link). Finally on 1^st July, the attacker took the extreme step and deleted almost all the websites of the Digital Inspiration Network.

What do we learn?

The main website www.labnol.org was running on WordPress and DreamHost was the hosting firm. Nothing seems to be wrong in the choice of software and webhost. If we look at the insights then WordPress has penetrated the blogging network and majority bloggers are using it. Now if a blog of such high repute got compromised then the warning bells are ringing.

We can’t say that a blog of such value wasn’t using correct security measures. Can we trust on WordPress anymore? This is the only question to be asked since what should we do if something like this happens with us. Every day many websites running on WordPress gets targeted to various types of attack, who is to be held responsible: the hackers or poor security.

We need to form an association for protecting India on the cyber world else everyday one or the other sites will be targeted. Apart from that proper awareness regarding security should be the first priority!

Finally I would like to say that this event is sure shot eye-opener for all the blogger of India. Now make it a point to secure your sites since it’s better to secure than to call up a war!