Keeping Children (Kids) Safe Online: A Periscope Broadcast


In case you missed it – on October 7, 2015 I did the first @KenCook Periscope broadcast on the topic of home network security and particularly how to help keep children safe online. It’s about 16 minutes long and still only briefly touches the topic. In the broadcast I encouraged people to use Google (or Bing or whatever) to do some research and learn at least the basics. Unfortunately people don’t generally think about cyber security except when it’s already become a problem. Nothing can completely protect any network or child but every process can work together to improve security and possibly avoid tragedy.

I’d Rather Have An Angry Child Than A Missing Child

Just do a search on “child left home to meet someone they met online”. (Don’t read this if you terrify easily.) Children aren’t the brightest creatures on the planet. They may seem like they are growing up but it’s still too easy for an adult with not even good skills to manipulate a young mind into believing the person they are connecting with is someone about their age with only their best interests at heart. One is too many children who have disappeared (forever) this way. Now I’m not about to say everything a child can do online is heinously dangerous because it’s not. But if you knew they were chatting with someone on Facebook (for example) and were planning on a rendezvous without your knowledge I bet you’d perk up. As a grandpa aged person I would encourage you to treat monitoring their activity as a safety protocol and not a spying to catch them protocol. You’ll get the same information either way!

Links  And Names From The Video

  • Router Settings – learn where yours are and how to use them.
  • Firewall Settings – this should be in your router but verify that you have one and that you know how to use it.
  • OpenDNS – helps filter and control the content your home network can access.
  • Squid Cache – requires a computer on your home network but does some powerful things for security.
  • Bitdefender – you can purchase a license through me at a discount.

Tips From The Video

  • Use wired connections instead of WiFi whenever you can.
  • Turn off devices when they are not in use.
  • Pay attention to how much data you are using. If it suddenly changes find out why.
  • Learn more about this topic and even packet capturing, filtering, and analysis.
  • Contact me at any time with any questions. If you need professional assistance I can handle pretty much any of these issues remotely and for a very fair price.

WordPress Security Compromised Through Jetpack v3.7 or Older


hire-meIf you use WordPress for your website (WP self-hosted) make sure you always keep your plugins, themes, and WP itself updated. Right now it is especially important to make certain you have Jetpack updated. Even if it’s only installed and not active go ahead and update it or delete it.

Jetpack is a single plugin that gives you the most powerful features, hooking your self-hosted WordPress site to’s infrastructure to take advantage of robust stats, easy social sharing, and a whole lot more.

Versions of Jetpack 3.7.0 and earlier are vulnerable to a cross-site scripting vulnerability in the contact form. When data is submitted using the contact form it isn’t properly scrubbed for known vulnerabilities. The newest versions, 3.7.1 and 3.7.2 do properly sanitize this input. Thanks to this discovery the security patch has been created and released. Please update all of your plugins, themes, and WP itself immediately.

If you need help phone 678-439-8683 or use the Contact Me form. Fees as low as $10.

Why Passwords Fail

Passwords are the combination to the safe containing all your secrets. But they are easier to guess - or steal.

Old Passwords Are Dangerous Passwords

Passwords are the combination to the safe containing all your secrets. But they are easier to guess - or steal.
Passwords are the combination to the safe containing all your secrets. But they are easier to guess – or steal.

In the high speed world of computers, 30 days is old. Did you read about the Russian hackers stealing 1.2 billion passwords? That means chances are fairly good they got some of yours. This also means it’s time to change passwords. Yes, it’s a pain to constantly change passwords, but it may also save your bank account, your credit rating, your business, and even your criminal future. Yes, you may become a victim of identity theft which could result in your arrest for criminal activity. It happens, and it happened to Tallie Gainer in Tampa on August 1:

Tallie Gainer III became a victim of identity theft. Adding insult to injury, police arrested him in front of his children, and he was charged with check fraud, even though he had earlier reported his wallet, identification and credit cards stolen.

While password keepers may provide a way to store all of your passwords in one location so you don’t forget them – they also store all of your passwords in one location which, if compromised, would give the hacker all of your passwords. So what’s the work around? Use long phrase passwords with numbers and punctuation. An example may be:


Of course you think this is ridiculous. I doubt you also think it’s ridiculous to change clothes every day, change toothbrushes every month, and change the oil in your vehicles every 3 months or 3000 miles. But, you do it. Why? To protect your self and your vehicles. Digital compromise now is simply a part of modern life – a part of modern life that is constantly under assault from people who would love for everyone to let their guard down. Change your passwords regularly; Every month is highly recommended. Or, leave it to chance and see if it works out okay for you…

We talk about “EDC” (Every Day Carry) so let’s talk about “EDCD” (Every Day Cyber Defense)

1. Use a different password for every site
2. Install updates on your Mac, Linux or Windows system regularly
3. Keep your browsers up to date on all systems including mobile
4. Use HTTPS Everywhere (it’s a browser extension) to connect to websites
5. Keep your Anti-Virus and other security applications up to date and scheduled to run
6. Install and use MalwareBytes or a similar application to supplement your A/V
7. Turn your device off when not in use (any connected device is a target while running)
8. Learn how to handle emails with attachments even from friends
9. Learn what to do when you encounter a security warning online (site certificates)
10. When in doubt, Google it or phone a friend (better to be embarrassed than compromised)

Here’s one extra tip: using different passwords for every site is challenging. So, use part of the name of the site somewhere in the password. Using the same example from above try this:


Questions? Ask! Comments? Give! (Please)

Hacked! What To Do When Your Website Has Been Hacked

It happens. It happens to almost everyone at some point. Usually the bigger the target and the higher the reward the more likely you are to be hacked. Or, if you are hosting on a community site which serves large numbers of people. It also happens to sites with very little traffic but low site security including old widgets which may be running on the site.

Last week my friend Danny Brown had his Facebook page hijacked and there was a lot of buzz about that in the social sphere but that’s not what I’m writing about today. In Danny’s case someone, someone he knew obviously, guessed his Facebook login and proceeded to have their way. What I am writing about today is the anonymous hacker who uses your platform to launch their attack. That attach may be a vicious attack or simply spam. Either way it’s bad for you and bad for all netizens.

When you think of hackers in this case don’t think of some pimple faced post-teen cowarded in his parent’s basement surrounded by pizza boxes and Dr. Pepper cans. In this case think about sophisticated programmers who have written automated scripts to dig for vulnerabilities and seize on them automatically when found. There is no human involvement other than turning on the application and letting it do it’s work. The target? Installations of big scripts like WordPress or Joomla with outdated plugins, themes and widgets which provide an easy hole to walk right in and take over.

What is a URL redirect hack?

The most common attack these days are URL redirects where the script finds the vulnerability and leverages that to re-write something called the .htaccess file. This file tells the browser of any visitor, human or bot, how they can interact with the server. It contains directives about the site including where clicks are directed to and how quickly. It’s very simple to write a replacement .htaccess file if you have access to the server which can be gained by finding a plugin which opens the file for writing. So happened, and is still happening, with a particular version of the timthumb.php script which is widely used in hundreds if not thousands of themes and plugins.

How do I know if I’ve been hacked?

Example of Google results on a hacked site.

If you have any level of readership they will probably tell you. If not there are a few things you can do to check. First you can go to your site and click on a link. If you end up on a squeeze page selling drugs to help you get it on or get a bigger unit you’re hacked. Unless you are a reseller for such stuff that is. You can also search Google for your site and if you have links to those types of pages show up … you’re contaminated. You can also use the free scanner at which also is a company which can help clean your site and protect you.

How do I prevent my site from being hacked?

You can’t completely. You can, however, take precautions to make it much less likely. One thing you can do is hire a professional to check your site and see if there are any open vulnerabilities. You can also make sure any installed web applications are up-to-date and compliant. Let’s face it, if you downloaded and installed a script from a Russian file sharing site you just opened the door wide without any need for a hacker. On the other hand if you’re just a casual small business website owner there really are “people out to get you”.

Listen to this short audio Take 2 on this topic:

You can always listen to social media marketing tools, tips, tweaks and tricks at Social Media Edge Radio – we’re on live every Tuesday (almost) at noon since August 2008.

How To Stop Applications From Posting To Twitter As You

Have you ever logged in to Twitter to see that you have been posting, mentioning people or maybe even sending instant messages to people but you haven’t been near your account for hours? It happens. When it does, provided you haven’t given some rogue programmer or site master your login information, you can control access to your account. There are several legitimate applications who ask for permission to access your account for varying reasons. Seesmic, for example, needs to be able to login as you, post as you and send instant messages as you. needs to be able to read as you to work and wants to post as you so it can spam all of the people it copied when it posted.

You can turn off access to your Twitter account to any application using the Twitter API by following some very, VERY simple steps. Watch this short video on YouTube for a quick walk-through showing exactly how to do this.