Do you access a WordPress installation on a web server without HTTPS? If so, your passwords are sent in plaintext every time you login, register for accounts, add new users through the admin interface, and change user passwords.

Unfortunately, if you use a professional web host, there is a good chance that you are stuck in a situation where you use WordPress for your blog or website but cannot use HTTPS to secure your access to your WordPress installation. This can be caused by anything, such as: HTTPS is simply not offered, HTTPS costs quite a bit extra to have enabled, your WordPress installation is in a shared hosting environment, or multiple domains you own are tied to your hosting account in a way that complicates the issuing of certificates and setup of HTTPS.

Fortunately, there is a solution (actually, one of many) for WordPress fans to improve the sending of passwords over HTTP.

Semisecure Login Reimagined is a plugin for WordPress that implements client-side (browser-side) encryption in JavaScript, complete with the use of nonces to prevent against replay attacks (note that this plugin is NOT designed to necessarily protect against session hijacking). My installation instructions are at the bottom of this post.

Plugin Details:
About link: WordPress Plugins Directory/Semisecure Login Reimagined
Requires WordPress version: 2.7 or higher
Tested with WordPress version: 2.8.6 by me
Plugin homepage link: Moggy’s Website/Semisecure Login Reimagined v3
Author homepage link: Moggy

Description of plugin from the WordPress plugin directory:

“Semisecure Login Reimagined increases the security of the login process by using a combination of public and secret-key encryption to encrypt the password on the client-side when a user logs in. JavaScript is required to enable encryption. It is most useful for situations where SSL is not available, but the administrator wishes to have some additional security measures in place without sacrificing convenience.”

Automatic installation instructions:

1. Login to your WordPress installation through the admin interface as one of your administrator-privileged users (http://your-site-url-here/wp-admin/), and be sure to do this from a trusted, non-public Internet connection, on a private network and not over a wireless connection.
2. Click on Plugins on the left navigation bar.
3. With Plugins selected, there should now be an Add New link just beneath Plugins in the left navigation bar. Click on Add New just beneath the word Plugins.
4. On the Install Plugins page under Search, be sure that Term appears in the drop-down (else click the drop-down arrow and select Term) and then enter in the search box to the right of Term “semisecure login reimagined” exactly as shown (but without the quotes). Click Search Plugins.
5. In the search results, Semisecure Login Reimagined should appear. All the way on the right-side of that result should be an Install link. Click on Install.
6. In the box that appears, click on the (red) Install Now button.
7. On the results page, click on Activate Plugin. You now have secure login wherever available, but we can do better (so keep reading the following steps).
8. Click on Plugins on the left navigation bar.
9. Under Semisecure Login Reimagined, click Settings to edit that plugin’s settings.
10. Note the Wikipedia quote stating, “RSA claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030. An RSA key length of 3072 bits should be used if security is required beyond 2030.” In the Number of bits drop-down, select the number of bits you wish for the encryption to use. 1024 is the default (faster performance) but is likely to be easily-crackable by the end of 2010, 2048 is considerably better at present, and 3072 might be even better (but will have slower performance). You should pick what you feel most comfortable with, or if you are unsure and this is for a blog that you and possibly a few others manage I would recommend picking 2048 for better security and a slight performance decrease (only during authentication).
11. Click the Generate Key button.
12. Click Misc Settings up near the top of the page.
13. Check the box next to Encrypt passwords when managing users?. Congratulations! Now not only are your initial login passwords encrypted, but also passwords entered when adding new users, changing passwords, etc.
14. (If you experience problems logging in, likely due to caching issues, set the Nonce setting to Asynch (Ajax). Otherwise, you can probably just leave this setting as-is.)
15. Click the Update Options button.

Log out, log back in, and on the login page you should see a little message stating, “Semisecure Login is enabled,” just below the Password entry box. Congratulations, your passwords are no longer being sent in plaintext!

If you like this tutorial, please share it with others, link to this post, and let me know!

http://www.freedomfromaddiction.org/site/Mike.html

Start: Maple Street, Potsdam, NY 0310 hours
Destination: Mount Arab, near Piercefield, NY at 44.203889, -74.584444 (near fire/ranger tower)
Return: Maple Street, Potsdam, NY before 1000 hours

Roster: Rajiv N., Omkar D., Krunal B., Wenjin H., Erin K., Pat W. (me)
Equipment: Water canteens, flash lights, fire starters, VX-7R ham radio

Phone tracking: iPhone, GPS Tracker (dependent upon cellular coverage)
Radio tracking: OpenTracker+ SMT, Yaesu VX-7R HT (experimental, alpha test)

Driving Map:

As my grandfather always used to say…

Grandfather: “An ounce of prevention is worth two in the bush.”

So, the folks over at IBM have a few new contests aimed at XML-, XQuery-, and DB2-related projects.  If you’re a U.S. citizen, you can check them out here:

http://antoniocangiano.com/2008/12/01/ibms-xml-challenge-lots-of-prizes-inside/

Hopefully I can find the time to work on a project for this.  I have a really good (and funny) idea for the porting contest ;-D.

Until next time, keep the home fires a burnin’, Sallie.

Ever since our shower faucet was leaking and caused both our bathroom walls and ceiling to grow mold and our drain to clog with mineral deposits, my roommate and I have been without a usable bathroom for over a week and have been referring to our campus’s gym facilities for bathing and going to the bathroom, awaiting even acknowledgment of the problem by our landlord.

This experience has made us very fortunate because we have once again discovered our loves of swimming while sneaking a dip whenever we use the pool showers. We’ve enjoyed a normal swim for several visits now; however, one day, our naive vision of a perfect amphibious Utopia was suddenly shattered by the discovery of this little fellow who was not also a member of our supreme species:

My roommate dove to the very bottom of twelve leagues of sea at the deep end to scare him to the surface. When this little fellow saw my roommate quickly approaching, he let out a huge gasp–which proved to be his ultimate mistake. He subsequently had to rise after letting out all if his air supply in terror, where we flopped him out of the pool using my roommate’s flippers and scooped him up in a cup.

Afraid he might escape in the interim, we brought our new friend along to Wal*Mart while we bought preparations for his new living quarters. In a kind-of reverse-Stockholm Syndrome manner, we have fallen in love with our little captive.

We now get great thrill watching him hunt flies that we capture for him.

I am.
Neither my father nor my mother, but of both.
I am small
But like my brothers, I am my own.

I grow.
It’s a race against the clock, and I was made eager to grow.
I am alive
And like others in my race, taste human rights.

I dream.
Not in thought, but my heart beats the rhythm of the human spirit,
Freedom’s song.
The passion of humanity and individuality flows through my veins, it’s how I was made.

Ask why.
My mother could be unwilling to care for me, or might have been raped,
I do not know.
But I do know I’m not to blame.

Ask why.
My only protection from the world has turned on me.
Turn away
You won’t protect me from my kin, though I have no fighting chance.

Ask why!
I wish I could understand how the world could be so cruel as to blame me.
In this world
That promotes this and only this way out, I wish I wasn’t made guilty.

I cry.
I might be incapable physically, but I’d try.
The heart that
Is still in formation, oh how it can feel heartache.

I cry.
This is how it feels to be forsaken, and now I’ll never meet my first love, laugh with friends, or chance the American Dream.
I think little
But if only I’d been given the chance for after-thought, these are what I’d say.
Yes, if I had a voice before my death sentence, these are what I’d plea.

I die.
If only I was given the chance to forgive you and this world, then I could have tried.
But I die,
I die.

http://trixter.wordpress.com/2008/09/28/the-diskette-that-blew-trixters-mind/

Last week I had the exciting opportunity to fly out to Wichita, Kansas for three nights. The first thing I noticed while getting off the plane was how flat the terrain was all around me, with not a single hill anywhere in sight, and, of course, how windy it was as a result. The hotel I stayed at was fairly nice, with approximately eleven floors, three dining areas, and a number of interesting guest services. My room was also nice and very comfortable.

On my first night, I dined in one of the hotel eateries where I ate a delicious rib eye steak, my favorite cut of meat. The steak was perfectly prepared naked, medium-rare, and thick-cut (over one inch thick). Cut from Midwestern Aberdeen Angus (Black Angus), fresh and never frozen, it was the best rib eye I have ever eaten. In addition to being freshly cut, its succulent tastiness was helped by the fact that Midwestern cattle consume different minerals as they graze than Northeastern cattle do, which produces a flavor that some people prefer. Kansas definitely knows its beef.

On my second night I went out for fantastic barbecue with those that I was meeting in Wichita. We went to Two Brothers Barbecue, where I ordered a combination dinner that included shredded loin, Kansas City-style burnt tips, and pulled pork. It was a great taste of the best of barbecue from three different regions–Southern, Midwestern, and Northeastern styles, respectively. The meat was delicately smoked very well, and several different barbecue sauce condiments were available.

On my final night, I ate in the hotel’s sports bar eatery where I had a strip steak. It was also cut from Midwestern Aberdeen Angus and was very flavorful and tender, and fairly juicy, the way strip steak should be, and much unlike the average strip steak in the Northeast nowadays. Apparently, strip steaks used to be much better in our region back in the old days, but for some reason or another tend to be dryer and less appetizing these days.

My flights all ran very smoothly, and getting through security at the airports was so easy I cannot imagine why people are always complaining about it. It seemed that there were plenty of checkpoint aisles and personnel  to handle all the travelers in a timely manner, but maybe that is a more recent achievement at airports than it was in the past. One thing to note is that there are two airports in Chicago, and one is a lot nicer to have a long layover in than the other (one has sit-down restaurants, small shops, and entertainment opportunities, while the other has only small shops, McDonald’s, and a bar). I was offered a free round-trip flight if I volunteered to take a later flight and give up my seat on my way back, but because my ride had already left to meet me at the airport, I decided I couldn’t take it. Maybe next time.