When I installed WordPress on this site, one thing that concerned me is that login and administrative functions were not using SSL by default. OK, I didn’t have an SSL certificate installed at that point, fair enough. But once the SSL certificate from Let’s Encrypt was installed, I set about learning how to secure these functions.
It is very simple.
In the same directory where WordPress is installed you’ll find a file named “wp-config.php”. Add the following line toward the bottom, right above the “That’s all” comment:
Save the file and you’re good to go. Assuming that an SSL certificate is properly installed on your web server, login and administration will now go over SSL.
I ran it against this site and found that my user accounts could be enumerated. This is clearly information leakage that should be avoided. The solution is to enable a WordPress plugin that stops this behavior. The plugin can be found here.
Download the plugin and copy it to the plugins directory as described in the Installation section of the above page. Using the plugins menu of the WordPress administration console, activate the plugin.
Run the scan again against your WordPress site and you’ll see that this issue has been resolved.
One of the best things I learned at Hope XI is that we no longer have to pay for SSL certificates. In an effort to make web encryption universal, the Internet Security Research Group (ISRG) has started Let’s Encrypt. Lest you think that this is an evil hacker plot to steal your encryption keys and data, you may feel better to know that the Technical Advisory Board is comprised of representatives from Akamai, Cisco, Electronic Frontier Foundation, Mozilla, and the Internet Society. This project is on the level and taking off.
My first certificate will be used to encrypt connections to this site. I’m sure that it will be the first of many. One downside is a short validity window (90 days) but Let’s Encrypt is offering automated tools to make the entire installation process simple and transparent. Unfortunately, this site is my free Optimum 60 website and I have limited control over the server, so I must wait for Optonline tech support to install my certificate.
Remember the Voice of America? It presented an American point of view to the world and helped the West to win the cold war in Europe. Well, VOA is still transmitting and is embracing modern technology to stay relevant.
Kim Andrew Elliot produces a weekly “VOA Radiogram”, which uses audio tones to send digital information that can penetrate jamming and get through adverse reception conditions. You don’t need anything too sophisticated to start playing with this technology, just a radio that can receive shortwave, a computer with a sound card input, a patch cord, and a free program called FLDIGI.
Much of the content is transmitted in MFSK32, which provides good results. Some transmissions include pictures as well as text. Some folks have even reported decoding content by holding their smartphone up to the radio speaker, although I have not tried this approach myself.
Give “VOA Radiogram” a listen this weekend. Here’s the schedule information:
Here is the lineup for VOA Radiogram, program 177, 20-21 August 2016, all in MFSK32 centered on 1500 Hz:
1:31 Program preview (now)
2:42 China launches hack-proof satellite*
8:32 Twitter closes terror-linked accounts*
13:59 Why is Washington’s subway system falling apart?*
26:40 Closing announcements
29:09 Flmsg surprise (with audio)
* with image
Please send reception reports to email@example.com .
VOA Radiogram transmission schedule
(all days and times UTC):
Sat 0930-1000 5745 kHz
Sat 1600-1630 17580 kHz
Sun 0230-0300 5745 kHz
Sun 1930-2000 15670 kHz
All via the Edward R. Murrow transmitting station in North Carolina.
I reserved an automotbile rental for the June stay in Friedrichshafen with Dollar. The rental was actually fulfilled by Hertz. I expected to pay about €92 for a weekend rental, including taxes.
The vehicle dropoff was on a Sunday morning at the sleepy Bodensee Flughafen and was unattended. I dropped off the keys as instructed. The vehicle was left in perfect condition.
When the charge came through about a week later, it was for over US $400. I was mystified and miffed. I had not (yet) been contacted by Hertz about any issues.
I contacted Dollar via their customer service web form, referencing my initial reservation number. No one from Dollar bothered to return my contact request about the billing discrepancy. When I returned home, about a week after the car was dropped off, I contacted Chase to dispute the excess charge.
Then, after a few more days, a letter arrived from Germany. The letter claimed €290 in damage to their vehicle. Nonsense. I probably did not drive it more than 15 km during the whole stay and there were no incidents. So, I reported the claim to Chase’s car rental insurance program.
I finally, after some weeks, received a photo of the damage. Just nonsense. As you can see, it is a minor scuff that a US car rental company would never be concerned about.
Be careful. If you rent a car in Germany, do a complete walk around and either take their insurance or have your own. Kudos to Chase and their United Explorer Card for having my back and paying the claim on this one with no trouble at all.
In June I attended the Ham Radio 2016 show in Friedricshafen, Germany. I had the opportunity to purchase a nice, compact digital transceiver. The Hytera PD365 cost surprisingly less than it would in the USA. And, as a bonus, I could get the 19% Value Added Tax (VAT) refunded once I brought it home.
There are shops around the world that are setup to make the tax refund easy and will rebate it directly to your credit card. Not so with Difona Communications GmbH, but they were able to provide a tax refund form at the show. I had to get it stamped by customs upon leaving the European Union and then mail it back to the vendor in Germany. They paid the refund via international wire transfer.
Here is where the fun began. I received about $14 less than expected and set about trying to find out where the difference went. It was not easy. There is no transparency in such transactions. I had to call my bank more than a handful of times before I could get to someone knowledgeable enough to assist.
Early calls revealed that the funds came in as US dollars via the Automated Clearing House (ACH). The ACH received the funds from Fed Global. What is Fed Global? The Federal Reserve Bank. The Fed suffers from a complete lack of transparency and will not speak to the consumer at all. Kudos to those in Congress who want to audit the Fed. I’m with you.
Fees were deducted from the amount that the vendor paid to me. The vendor — Difona — indicated that this is what should be done at the time of the transfer. Difona did not disclose this to me when I sent them an inquiry asking for documentation on the transaction. Had this been disclosed, it would have saved me and others a lot of time spent on calls and emails to research the discrepancy.
Still, I purchased a good piece of merchandise at less than 2/3 of the USA cost. I learned that in the case of a VAT refund, it is better to deal with Global Blue particpating merchants. Otherwise, expect to pay an undocumented and substantial fee for a wire transfer and expect no documentation or transparency.