One of the facts which I have written about before, is that my blog is set up in a slightly customized way, with core PHP files that come from the Debian package manager, and which do not have permission bits set, so that the Web-server can write to them, but also with add-ons – aka plugin-ins – with permission bits set so that the server can. This latter detail is a great convenience for me, because it allows me to install plug-ins from WordPress.org, as well as to install updates to those, via means that are simple for me to operate.

What I have also written, is that this makes my overall security good, but not perfect. Theoretically, there could be a corrupted plug-in available directly from WordPress.org – even though in general, they do their best to vet those – and which I could install to my blog, without knowing it. Further, even if the plug-in contains no dirty code visible to WordPress.org, the way some of them work might depend on a Web-service from their author, and then that URL could be running some sort of suspicious scripts, let us say on yet another server.

And so a reasonable question to ask might be, of what use WordFence can be in my case. One of the types of scans which this security add-on performs, is a check of all my core files, against what the versions are with WordPress.org, not with Debian. And then this scan reports 58 deviations to me, without analyzing them, just because Debian has slightly different core-file-versions. It also checks my entire plug-in directory, scans all the plug-ins, etc.. But in reality, WordFence never reported any kind of anomaly in my plug-ins, because those are the WordPress.org versions.

Continue reading WordFence

I am confident that my site is secure again.

What happens from now on, is that ‘WordFence‘ performs routine security scans of my blog. It then emails me with reports.

According to the latest report, emailed to me overnight as I slept, my blog had one issue, out of hundreds of potential issues: One of my plug-ins needed an upgrade.

Of course, I would have seen that this plug-in required an upgrade anyway, as soon as I checked my Dashboard this morning, which showed me the same result.




Smart Unlock Getting Smarter

In This Posting, I had reported to the readers, that Google Smart Lock was working for me, except for the fact that I had made a silly usage error. Well there is a component to Smart Lock, which updates itself from Google Play, and which states the Security Policy in greater detail, than the programming itself, that may not get any update until the user upgrades to a higher version of Android.

In fact, I would not rule out the possibility that this Security Policy could be personalized whenever it updates, which could lead some users to anxiety. In reality, if there is a policy update that prevents our device from just unlocking, this should be nothing to get anxious about.

It was never a part of the system, that if a Trust Condition is met – even fully – our phone is guaranteed to unlock by itself. Sometimes, even though the condition is met, mine does not unlock, once or twice. And when that happens, this has its reason for being, and may just be because Google thinks I need the extra protection.

After all, incorrectly unlocking once, can be much more devastating that incorrectly not unlocking, because in the latter case, the regular measures to unlock the phone still work. I am assuming the same holds true for the reader.

But just recently I noticed that my phone was not unlocking anymore when I was at home. It had done so before but then just stopped. There are a number of reasons why this can happen. For example, Google might replace our own definition of our home address – which looks like just a random address on their servers – with our official address. And then one thing which can go wrong, is that our official address might not be positioned exactly, where our GPS etc. places us. My phone often thinks it is located just outside my window, on the opposite side of my building, from where the street address is located…

Yet, there are certain errors which will not just go away, until they are specifically corrected by a human being. And so I went after this recent issue.

(Edit 07/13/2016 : ) I had tried to solve this problem, by accessing the fact that my phone is synced with two GMail identities, but that only one of them had a Home Address set. I set the Home Address of my second GMail, to be the same as the first.

What resulted, was that the automatic unlocking started to work again – for one day. Then, it stopped working again.

I can only interpret this in one way. Apparently, Google servers determine that my Home Address, an apartment building, is not secure. There could be other people who look – according to the GPS – as though in the same place as me, but may not be. Google took a full day to determine this a second time, for the second entry.

This strikes me as good software.



Google Smart Lock Working Properly After All

One of the features which Android offers, is called “Smart Lock”. It means that as soon as some trust condition is met – in my case, as long as I am at home – I can bypass the default unlock method, and just swipe to unlock my phone.

But there was a time, when I thought this feature was not working properly. This idea was due to a simple user error on my part.

When Android shows us its swipe-to-unlock screen, it has animated ripples of water seemingly flowing along it, and in the case of my phone, displays 3 small icons along the bottom. Two of those are features which I can generally use without unlocking the phone, while the one in the middle is just a ‘lock-icon’.

What I did not know until recently, was the fact that it is a mistake, if we try to drag that lock-icon in the middle away from itself, to unlock the phone. That exact motion is acknowledged by a growing, light semicircle which appears around the lock-icon, and acts to lock the phone.

In order to unlock this screen, we need to start at a random position – such as where the animated ripples show – and just swipe straight upward.

I guess that it was silly of me, not to know how to work the standard swipe-to-unlock screen of Android. But if I am going to make mistakes, those will be stupid ones. I think that any phone thief, would already know how this screen works…

And my Smart Lock feature was always ready and willing to work with me, even though I had actually disabled it at one point in time.