DIY Thesis Theme for WordPress is an awesome framework for WordPress that provides excellent web site customization flexibilities.  One cool feature allows users to modify  custom.css and custom_functions.php files via text editor that gives almost limitless possibilities in terms of design and functionality. Although there are number of other excellent fram

But the ease of which a user can  make changes to these two files can be a double-edged sword.  Especially if one makes a single typo in the custom_functions.php file which can instantly disable the entire sit.  Furthermore, if a person makes a change that causes a fatal error, the user may not be able to correct it using the WordPress application.

In this post, I will outline detailed steps to minimize the risk and what to do about it should you encounter that problem.

Back up custom_functions.php and custom.css files

Because there are many variations between hosting providers and graphical user interfaces, I am going to assume the following:

• You have WordPress v3.1 or higher;
• You have DIYtheme v1.8 or higher;
• You have access to your hosting server via cpanel;
• You can use cpanel file manager to access web files;

Step 1: Login to your host via cPanel (fig 2.1)

Step 2: Click on the File Manager icon (fig 2.2)

Step 3: If you have multiple domains associated with your cpanel, choose the appropriate domain (fig.2.3).  By the way, you will note that by “GO” button is grayed out.  That is because my account access timed out when I took this screenshot.  Simply log out and log back in and you will be able to click on the “GO” button.

fig 2.1-cpanel

fig 2.2-file manager

fig.2.3-select domain

Step 4:  Navigate to this path (“public_html/mvirtualoffice.com/wp-content/themes/thesis_18/custom“).  Please note that cPanel file manager works slightly different than that of Windows Explorer.  To drill down the file directory, you need to click on the folder icon (fig.3.1.A).  Clicking on the file or directory name allows you to change the name of that file/directory (fig.3.1.B).

Step 5:  Create a backup directory called backup-20120204 by first clicking on the New Folder icon (fig.3.2.A) then completing the name field (fig.3.2.B).  Because I frequently change my custom_functions.php and custom.css files, I use a date (yyymmdd) format for my own tracking needs but obviously you can choose any naming convention to suit your needs

Step 6: While holding down the CTRL button, click on the custom.css and custom_functions.php files (fig.3.3). While still holding the CTRL button, drag the highlighted files into the newly created backup directory. 

Please note that dragging and dropping the highlighted files while pressing down the CTRL performs a COPY function.  If you were to do this step without pressing down the CTRL key will instead perform a MOVE function.

fig.3.1

fig.3.2

fig.3.3

 

Modifying custom_functions.php

There are two ways to modify a custom_functions.php file.   You can do it directly through cPanel or DIYtheme.  I chose DIYtheme route because it is faster to make rapid, on-the-fly changes.

Step 1: Log into WordPress

Step 2: Click on the Thesis link to expand the drop down list

Step 3: Click on the Custom File Editor

Step 4:  Select custom_functions.php from the drop down menu and click edit

fig.4.1

fig.4.2

fig.4.3

Recovering from a custom_functions.php error

There are two possiblescenarios:

Scenario 1:  File is corrupted but you can still access the WordPress-DIYtheme application
Scenario 2:  File is corrupted and you CANNOT access the website,Wordpres or DIYtheme application

For scenario 1, fixing it is quite easy.  Just open custom_functions.php version prior to the broken one in notepad, copy and paste via DIYtheme’s Custom File Editor.

For scenario 2, involving a fatal error where you are unable to access the front end (website/WordPress/DIYtheme), you need to log in using your cPanel credential and either copy & paste using cPanel’s editor, or just upload the custom_functions.php text file version that is working.

Thanks for reading!

I have been using Ubuntu 11.04 Natty Narwhal for awhile so I was able to find what I needed quickly, including my trusty command line interface application called terminal.

After upgrading to Ubuntu 11.10, I just couldn’t figure out where the terminal app was located.  After searching around a bit, I finally found it by clicking on the Ubuntu logo and typing in “terminal” in the search box.  Little bit clunky like how Windows Vista arbitrarily moved around applications from Windows XP (thank goodness Vista was retired though!)

 

 

Microsoft Visio 2010 is an excellent tool to draw various objects, including network schematics.

However, my Visio 2010 under Microsoft Windows 7 Ultimate (64 bit) kept crashing

Same here, remove the add on.

In Visio select File/Options/Add-Ins/

Manage COM Add-Ins/Click Go

Select ‘Send to Bluetooth’

Click Remove

 

Yeah finally this worked for me Tools -> Trust Center -> Add-ins-> Check “Disable all aplication Add-ins”.

 

It’s a truth universally acknowledged that public Wi-Fi hotspots aren’t secure, but they’re so convenient that most of us use them anyway. That’s why there was something of a panic last year when Eric Butler showed everyone how easy it is to hijack Facebook, Twitter and PayPal accounts on open Wi-Fi networks via his FireSheep Firefox add-on.

Of course, not everything you do in an open Wi-Fi environment can be picked up by digital eavesdropping. Secure HTTPS servers are great, but it’s likely that your e-mail account and many social networking sites don’t use HTTPS servers, or maybe just use them for logging in. Or worse, have you submit your user name and password from an HTTP page to get to an HTTPS server. {There is at least one add-on for Firefox that offers HTTPS protection, but only for certain sites.}

In the end, online transactions are only as secure as their most open link, and the most open link of all is the gap between the laptop and the wireless access point. The technology that can really close that link is a tunneling virtual private network (VPN). VPNs establish a secure tunnel between your device and the first server you connect to.

Theoretically, if you’re employed at a company that uses a VPN, you could use that corporate VPN to secure your coffee-shop connection — but most companies frown on such use of their resources. So the obvious choice is to rent a connection from a personal VPN provider.
3 personal VPNs

Introduction
HotSpotVPN
StrongVPN
WiTopia
Conclusions

Personal VPN services have been marketing themselves as hotspot security measures for almost a decade. Once you get past the initial learning hump, it’s a relatively simple and inexpensive way to lock down your communications. I looked at three of the more established players: HotSpotVPN, StrongVPN and WiTopia.
Choosing a VPN

The first step is to understand what these providers offer. For a fee, personal VPN providers provide an end-to-end secure connection to one of their servers, which can be located in a variety of places. Personal VPN providers offer some choice of servers, so you can pick those nearest to you for better response time, but some charge extra for wider choice. In addition to security, this can provide you with anonymous browsing and a virtual regional presence (so that if you’re abroad, you can appear to be logging on in the United States and retain access to regionally restricted sites like Hulu or Netflix On Demand).

The personal VPN providers reviewed here offer two basic flavors of VPN. The most basic (and slightly cheaper) is built into the operating systems of practically every computing device: point-to-point tunneling protocol (PPTP). VPN providers give you settings for their servers to plug into your operating system. It’s robust enough for most people, but is blocked in certain regions and by certain service providers. It also requires mucking around in your operating system for configuration and selection of a separate network device, which might not be feasible if you’re on the road using a company laptop for some personal surfing.

A more robust and recent development is an SSL-based technology from OpenVPN, which uses client software to manage connections. This works on Windows, Mac and various Linux and Unix platforms.

Once configured, these services all work the same way: You turn on the OpenVPN client software when you’re ready to connect to a public hotspot and make sure the OpenVPN software isn’t showing a red (not connected) or yellow (attempting to sync up) color. If it’s green, you’re connected to a VPN server that’s either owned or leased by your VPN provider, and can enter passwords in a public Wi-Fi hotspot with confidence.

Introduction

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt. For an illustration of how this is accomplished, see the following paragraph.

Let’s suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).
Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile).

BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft’s Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diffuser for additional disk encryption specific security not provided by AES.[1][2]

BitLocker is available only in the Enterprise and Ultimate editions of Windows Vista and Windows 7.[1] Users of other versions of Windows that don’t include BitLocker could use a third-party encryption program to satisfy the need for full drive encryption (see Comparison of disk encryption software). In the RTM release of Windows Vista, only the operating system volume could be encrypted using the GUI and encrypting other volumes required using WMI-based scripts included in Windows Vista in the %Windir%\System32 folder. [3] An example of how to use the WMI interface is in the script manage-bde.wsf, that can be used to set up and manage BitLocker from the command line. With Windows Vista Service Pack 1 and Windows Server 2008, volumes other than the operating system volume can be BitLocker-protected using the graphical Control Panel applet as well. [4]

The latest version of BitLocker, included in Windows 7 and Windows Server 2008 R2, adds the ability to encrypt removable drives.

 

Security concerns

According to Microsoft sources,[16][17] BitLocker does not contain an intentionally built-in backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the user’s drives that is provided by Microsoft. The lack of any backdoor has been a concern to the UK Home Office,[18] which tried entering into talks with Microsoft to get one introduced, though Microsoft developer Niels Ferguson and other Microsoft spokesmen state that they have not granted the wish to have one added.[19][20] Although the AES encryption algorithm used in BitLocker is in the public domain, its actual implementation in BitLocker, as well as other components of the software, are closed source; however, the code is available for scrutiny by Microsoft partners and enterprises, subject to a non-disclosure agreement.

Notwithstanding the claims of Niels Ferguson and others, Microsoft Services states in Exploration of Windows 7, Advanced Forensics Topic (page 70), “BitLocker has a number of ‘Recovery’ scenarios that we can exploit”, and “BitLocker, at its core, is a password technology, we simply have to get the password…”.

The “Transparent operation mode” and “User authentication mode” of BitLocker use the TPM hardware to detect if there are unauthorized changes to the pre-boot environment, including the BIOS and MBR.[21] If any unauthorized changes are detected, BitLocker requests a recovery key on a USB device, or a recovery password entered by hand. Either of these cryptographic secrets are used to decrypt the Volume Master Key (VMK) and allow the bootup process to continue.[21]

Nevertheless, in February 2008, a group of security researchers published details of a so called “cold boot attack” that allows a BitLocker-protected machine to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory.[22] The attack relies on the fact that DRAM retains information for up to several minutes (or even longer if cooled) after power has been removed. Use of a TPM module alone does not offer any protection, as the keys are held in memory while Windows is running, although two-factor authentication, i.e. using TPM together with a PIN, offers better protection for machines that are not powered on when physical access to them is obtained. Similar full disk encryption mechanisms of other vendors and other operating systems, including Linux and Mac OS X, are vulnerable to the same attack.[22] The authors recommend that computers be powered down when not in physical control of the owner (rather than be left in a “sleep” state) and that a password also be required to boot the machine.

Once a BitLocker-protected machine is running, its keys are stored in memory where they may be susceptible to attack by a process that is able to access physical memory, for example through a 1394 DMA channel.[23] Any cryptographic material in memory is at risk from this attack, which is therefore not specific to BitLocker.

 

Overview

We strongly recommend treating each virtual machine as if it was a physical machine for most activities. Virtual machines are vulnerable to most of the same things as physical machines including data loss/corruption, hardware failures, viruses, and hackers. Install and use virus scanning software. Take regular updates to your operating system, preferably via an automatic update system. Make regular backups of important data. Follow the recommended best practices for your guest operating system. In most cases, simply treat your virtual workstation as you would any other machine.

Security Recommendations

We strongly recommend you treat each virtual machine as though it is a real machine for the purposes of security.

1. Install Anti-Virus Software
   While MIT does its best to prevent virus attacks, no computer is immune to them. Anti-virus software needs to be installed separately on the Virtual Machine, even if virus protection is already installed on the Macintosh operating system itself. For more information about virus protection, distributed by MIT at no cost, see: Virus Software.
2. Exclude Virtual Machine folders from your Macintosh’s Anti-Virus Scans
   To prevent damage to your virtual machines, the virus protection software on your Macintosh must be configured to exclude the Virtual Machine’s folder from its scans. This is due to an incompatibility between VMware Fusion 2.x and 3.x and McAfee Security 1.0 for Macintosh, or VirusScan 8.6.x for Macintosh. Learn how
3. Utilize Anti-Spyware Software
   While virus protection software offers some protection from spyware, we recommend using MS Defender on your Windows virtual machines for additional protection. For more information about spyware, see: Dealing with Spyware and Other Malware
4. Choose Strong Passwords
   Weak passwords can be guessed, thus giving someone else access to your files and your system. Create passwords that are at least eight characters long, containing numbers, upper and lower case letters, and symbols. More information on creating strong passwords can be found at http://ist.mit.edu/security/passwords
5. Follow Security Recommendations
   IS&T provides platform-specific security recommendations to address security concerns with each operating system. See: Security Recommendations by Platform
6. Keep your Operating Systems Updated
   It is equally important to keep your host and virtual operating systems updated as compromises can occur in either kind of system. Install operating system security updates to keep your system current and protected from known vulnerabilities. We strongly recommend utilizing automatic updates, but note that virtual systems can only take updates when they are running. If your virtual system has not been started in some time (or is rarely left running long enough to take an update), we recommend you run a manual update as soon as you start your virtual system. For more information, see: MIT Windows Automatic Update Service, Red Hat Network.
7. Maintain Like Risk Postures for All Machines (Virtual and Host)
   Your system is only as secure as the least secure virtual or host machine. All guests on a host machine should have like risk posture – same level of accessibility, data sensitivity and level of protection. If any guest is more vulnerable than other guests or your host, it could be an entry to compromise the rest of your system.
8. Limit Host Access
   Access to the host should be limited (firewalled off).
9. Snapshots of Virtual Machines
   When taking a snapshot of a virtual machine and then branching off, make sure to save the image at the instance before the branch (the trunk) rather than at the branch level to ensure security patches are most up to date.

Best Practices

• Don’t register a virtual machine for DHCP on wireless.
• When copying or backing up a VM image:
  1. Make sure the virtual machine is powered off.
  2. Do not copy the lockfile directory (the only subdirectory that ends in “.lck”).</li>
• When restoring from backup use move, not copy. This prevents issues with duplicate Mac Addresses on the same network.
• Treat each VM as a standalone computer for security purposes. Install virus scanning software. Take regular OS updates.
• Enable “Time synchronization between the virtual machine and the host operating system” via the VMware Tools installed on the virtual machine.
• Networking: use NAT Networking. This should be the default setting for your virtual machines.
  Advanced users, particularly running Linux guests, may discover they want or need to deal with the additional complexity of setting up a Bridged network interface.
• Carefully plan your disk allocations. Do not over-allocate your disk. It is dangerous to tell VMware to make images that, if they all grew to their full size, would take up more disk space than you have free. If this happens, VMware may pop up an alert warning you when you’re about to use up more space than you have. That would give you a chance to free up disk space or exit cleanly. We don’t recommend relying on the warning. There’s no guarantee it will appear before bad things (data loss or corruption) happen.

Backups

The importance of backing up your data cannot be stressed enough. Virtual machines are at just as much risk, if not more, for data loss due to hardware failure, file corruption, system compromise, and other events. If data loss happens, a backup can make a world of difference in recovering from such an event. How you use your virtual machine (VM) will determine the best way to do backups for your VMs.

1. You have important software/data in the VM (research, data, etc):
   Install TSM within your virtual machine and have it run regular backups of the data within your virtual machine. This method does not preserve your virtual machine, just the data within it. For more information on using TSM for virtual machines, see: TSM Backup Accounts
2. Your VM is an appliance:
   We recommend that the system administrator manually makes backups. This preserves both the virtual machine and your data within it. Simply, drag and copy the VM somewhere (e.g., an external drive). Exclude your VM files from regular backups via TSM. See items 2 and 3 below for reasons. For more information, see: Q. I want to make a backup/copy of my virtual machine. What is the best way to do so?

Things to note regarding virtual machine backups:

• A virtual machine image is actually comprised of several files. All of those have to be in sync or behavior is erratic.
• From outside the virtual machine (host machine), if a backup is made when the virtual machine is running, the results are inconsistent. Backup your virtual machine files on the host machine when the virtual machine is not running.
• To backup virtual machines using Mac OS X 10.5’s Time Machine, users will need to be running Mac OS X 10.5.2 or later. When backed up using Time Machine, virtual machines are duplicated and may take up considerable space on your backup drive.

Security Risks Specific to Virtual Machines

While virtual machines are at risk of all the same things as any other machine, you should be aware of a few additional issues.

1. If a host is compromised, scripts can be run on the host that can interact with the guest at whatever privilege level the guest is logged in as. This can result in malicious trojans being installed on the host and guest machines.
2. A virtual machine that is not virus protected, compromised, and in a shared networking configuration can be used by an attacker to scan both the private and public address spaces. The other virtual machines on the host (if not patched) can also be exploited via the network, so a software firewall on each of the guests is recommended.
3. (Enterprise version) When turning on shared folders, they can be accessed through a compromised guest. Files can then be placed on the host and attackers can access other guests’ file systems.

http://kb.mit.edu/confluence/display/ist/VMware+Security+Recommendations+and+Best+Practices