Actualización urgente a WP 2.6.3

Debido a una importante vulnerabilidad en la librería Snoopy, se recomienda una actualización de WordPress a la versión 2.6.3

Si aún no sabes como actualizar, te recomiendo este post de Helektron, que lo explica perfectamente, con estos pasos:

Pasos para actualizar nuestro WordPress (máxima seguridad)
Se recomienda leer todos los pasos antes de comenzar a actualizar.

1er Paso: Sacar un backup de tu base de datos (Users, Posts, Pages, Links, and Categories). Si no sabes cómo hacerlo, puedes leer este tutorial.

2do Paso: Sacar un backup de todos tus archivos WordPress. Para ello, puedes hacer uso de cualquier cliente FTP de tal manera que puedas copiar todos tus archivos desde el servidor hacia tu PC incluyendo tu archivo .htaccess.

3er Paso: Verificar que ambos backups hayan sido creados correctamente y estén completos. Esto es súmamente importante.

4to Paso: Desactivar todos los plugins desde su panel de administración ya que durante el proceso de actualización se podrían generar algunos conflictos, así que mejor es desactivarlos.

5to Paso: Verificar que los 4 pasos anteriores se han llevado a cabo con éxito. Cualquier problema consultar aquí.

6to Paso: Descarga y extrae el paquete de WordPress http://wordpress.org/download/

7mo Paso: Borrar los viejos archivos de WordPress, teniendo en cuenta lo siguiente:

NO BORRAR

  • El archivo Wp-config.php;
  • La carpeta wp-content; (excepto: wp-content/cache y wp-content/plugins/widgets);
  • La carpeta wp-images;
  • La carpeta wp-includes/languages/ si utilizas un archivo de idioma
  • El archivo .htaccess
  • El archivo robots.txt
  • SI BORRAR
    Todos los demás archivos que no sean los de arriba. Esto quiere decir:

  • Las demás carpetas wp-* y los archivos readme.html, wp.php, xmlrpc.php, y license.txt (recuerda! excepto los mencionadas arriba);
  • wp-content/cache;
  • wp-content/plugins/widgets;
  • wp-includes;
  • wp-admin;
  • 8avo Paso: Sube los nuevos archivos que descargaste en el paso 6 a la misma carpeta donde se encuentraba tu antiguo WordPress.

    9no Paso: Ejecuta el programa de actualización de WordPress escribiendo en tu browser lo siguiente: http://www.tudominio.com/wp-admin/upgrade.php y sigues las instrucciones que aparecen en pantalla.

    10mo Paso: Aprovecha aquí para activar los plugins necesarios (Panel de Administración->Plugins) y algún nuevo theme si lo deseas.
    Wordpress.org te brinda una lista de plugins compatibles para descargar desde aquí y una lista de themes o plantillas compatibles también que puedes descargar desde aquí.

    11avo Paso: Activar los plugins y seleccionar tu nuevo theme si es que descargaste y subiste varios. Eso es todo!

    Como obtener la clave de una red wifi WLAN_XX – How to get wifi key on WLAN_XX (Telefonica Spain)

    En este artículo explican como conseguir una clave WEP Wifi.

    Naturalmente se explica para casos en los que nos hayamos olvidado de nuestra propia clave, o similares.

    Si lo usas para otros fines, como acceder a la red de otro usuario, debes saber que es un delito.

    Que el sistema de cifrado WEP, tiene fallos que permiten obtener la clave gracias a los vectores de inicialización, no es ningun secreto, asi como tampoco lo es, que las redes WLAN_XX (siendo XX un byte en hexadecimal) del proveedor de ADSL Telefónica tienen por defecto la clave WEP configurada como una letra identificativa por marca de router seguida de la mac del adaptador WAN.

    Es este último caso es en el que vamos a profundizar.

    El por que se obtienen tan facilmente estas claves, es gracias a que en las direcciones MAC, los 3 primeros bytes identifican al fabricante, y por lo tanto entre diferentes adaptadores de red de un mismo fabricante los 3 primeros bytes de sus MAC, van a ser identicos. por ejemplo poniendo el caso del fabricante Zyxel, cuyos 3 primeros bytes son 00:13:49 tendriamos un ejemplo similar a esto:

    ADSL – WAN MAC => 00:13:49:11:22:33
    WIFI – LAN MAC => 00:13:49:44:55:66
    ESSID => WLAN_33

    Donde la clave por defecto sería una letra que haría referencia a la marca seguida de 001349112233.

    Escaneando mediante un adaptador wifi que pueda ponerse en modo monitor, deberiamos de capturar vectores de inicializacion, ademas de visualizar el BSSID que es la MAC del adaptador wireless del router. En el caso del ejemplo seria 00 13 49 44 55 66. Gracias a esto ya tendriamos gran parte de la clave:

    La letra que comienza la clave, ya que por cada marca Telefónica les asigno una determinada letra, los 3 primeros bytes, ya que van a ser los mismos para el WAN que para el BSSID y el último byte, ya que en WLAN_33 ese 33 es el último byte del adaptador WAN. Así que solo deberíamos sacar por fuerza brutal 256^2 (2 bytes) lo que atacando a un vector de inicialización es bastante sencillo y rápido.

    Lo que debemos hacer es capturar al menos 1 iv (vector de inicializacion) para esto hay numerosos procesos a poder seguir, no obstante yo os recomiendo que useis una distribución livecd de Linux que ha sido pensada para realizar auditorias de seguridad, se llama BackTrack. Una vez arranque seguiremos unos pasos:

    1º Identificar la tarjeta wifi
    2º Ponerla en modo monitor
    3º Escanear hasta tener al menos 1 iv de la red WLAN_XX que deseemos (os recomiendo que al menos sean 4 o 5 iv)
    4º Copiarlos a un pendrive u otro dispositivo para poder acceder a ellos

    Aquí os dejo un video que he grabado realizando estas acciones para que no os quede ninguna duda de como se realizan estas acciones.

    Tendremos 2 archivos, uno con extensión txt y otro cap, dentro del txt tendremos los datos referentes a la red wifi, mientras que en el cap tendremos los datos capturados.

    Para continuar deberemos bajarnos el WlanRipper. Es una utilidad para Win32 que nos automatiza la tarea de probar las 256^2 posibles claves.

    Copiamos el archivo .cap a la carpeta donde tengamos el WlanRipper y lo lanzamos de este modo: WLAN_RIPPER.bat 00:01:38:70:93:06 WLAN_21 file-01.cap

    Total valid packets read: 5
    Total packets read: 19135
    
    Statistical cracking started! Please hit enter to get statistics from John.
    Weplab statistics will be printed each 5 seconds
    
    It seems that the first control data packet verifies the key! Let's test it with
     others....
    Right KEY found!!
    Passphrase was --> X000138712321
    Key: 58:30:30:30:31:33:38:37:31:32:33:32:31
    
    This was the end of the dictionnary attack.
    
    Gracias por usar el WLAN_Ripper 1.1!!!

    Y ya tendremos la clave WEP.

    Como ampliar los lectores RSS de tu blog

    Lo publican varios sitios, entre ellos Fernand0.

    11 Ways to Find New RSS Subscribers for Your Blog

    1. Promote Your Feed Prominently

    Copyblogger-RssOne mistake that some blogs make is have their RSS feed link appearing too far down in the footer of the design.

    As with anything you want to promote (ads, key posts, contact form, about posts etc) the higher on the page you have it the more attention it will have.

    Check out how Copyblogger does it for a great example. He has he two buttons pictured to the left right at the top of his sidebar. As a result his feed counter has steadily grown over the past year.

    2. Promote Your Feed with an Image

    Similarly promoting your feed with something a little more eye catching than a text link tends to get it more noticed.

    Rss-Buttons

    The little testing that I’ve done shows that the feedburner counter/button can work well, as can the orange RSS button that many bloggers use. You have just a few seconds when a reader first hits your blog to convince them to come back again – RSS is an ideal way to get them coming back – so you’ll want to do everything you can to get their eyes on a way of subscribing.

    There are many buttons that can be used (check out a few at this button maker). While there’s nothing wrong with using more than one (see below) I’d recommend not going too crazy with all the buttons out there as one well placed image link can be just as effective (if not more so) than multiple buttons cluttering your sidebar.

    3. Use Multiple Methods to Promote Your Feed

    There is no rule on how many times you can link to your feed on a page. If converting readers to RSS readers is a priority for you consider a variety of subscription points.

    For example here at ProBlogger I have my Feedburner counter (which has a little animation and draws the eye), I have a bloglines subscriber button (as I know bloglines readers make up the majority of those following this blog) and I also have a subscribe page link which I know many readers use. Different readers will be attracted to different subscription methods – so experiment a little (without overwhelming them).

    Techcrunch

    Another good is TechCrunch (with 178,000 subscribers as of today) who have the three options pictured (above).

    4. Educate Your Readers

    EducateIt is difficult to have a high RSS subscriber count if the majority of your readers don’t understand what RSS is or how to use it.

    If your blog is on a non techie topic with a readership who doesn’t have much awareness of RSS write a post that explains what RSS is and how it can help them follow your site. Then add a link to that post under your RSS button to help educate them.

    5. Offer RSS to Email Services

    Rss To Email
    Some of your readers won’t get (or will refuse to use) RSS no matter how much you educate them. Don’t ignore them – but offer them a service that will convert your RSS feed into email for them. In this way you effectively still have RSS readers and they will get your content in a way that is familiar to them.

    I offer this on my subscribe pages here at ProBlogger and at DPSoffers this service as does FeedBlitz (and others). and get a good response. The number of people using it will vary a lot (for example at DPS it’s a much higher take up in proportion to RSS subscribers than here at ProBlogger where I have a more RSS savvy readership). Feedburner

    6. Promote Your Feed in Off-Blog Communications

    Promote-Rss-Feed
    I’m seeing more and more bloggers promote their RSS feeds along side their blog’s homepage URLs in forum and email signatures as well as on other sites. Maybe it’s time we started putting our feeds on business cards also!

    For example in a recent guest post here at ProBlogger Glen Stansberry asked for his feed URL to be included in his byline.

    Get into the habit of not only giving out your blog’s URL but also include your RSS feed and you might just pick up some new readers. As RSS continues to grow we’ll see more and more of this – so get in early.

    7. Make sure Your Feed is discoverable

    Discoverable-RssI learnt this the hard way a few months back when I did a redesign at one of my blogs and didn’t think to check whether the feed was discoverable (it wasn’t). As a consequence I lost at least a couple of months of new subscribers.

    More and more people use auto discovery via their browsers – make sure yours can be found and that it’s working to make this a more seamless subscription experience for potential readers.

    8. Full Feeds

    Full-FeedsThe debate over full versus partial feeds rages on but my own findings having made the switch to full feeds here at ProBlogger is that my subscriber numbers went up significantly in the weeks after giving my readers my full posts.

    While there are a small number of readers who do prefer partial feeds – I find that the majority of readers prefer a full feed and that as a result most who provide them notice an upswing in subscriber numbers. Of course there are downsides in full feeds (for one they become more attractive to scraper sites) so make your decision carefully – but if it’s subscriber numbers that you’re after full feeds will be something to consider.

    9. Give Your Feed Readers a Bonus

    Bonus
    Something I’ve seen more bloggers doing of late is giving their readers an incentive to read. For example Chris Garrett offered a free ebook to any subscribers. From what I hear it’s worked well for him.

    I’ve seen others talk about putting exclusive information for subscribers into their feeds (how they did this I’m unsure) and putting subscribers into a prize draw for a giveaway.

    Of course keeping people subscribed is another matter and a certain percentage would no doubt subscribe and then unsubscribe after the incentive disappears – that’s where having quality content and an engaging feed comes into play (see the rest of this series for this).

    10. Promote your Feed at Key Entry Points

    Welcome Mat
    Where do people enter your blog? Are there some pages that bring in more traffic than others via search engines, referral links, social bookmarking sites etc? If so – consider these pages as key points to give your RSS feed a special plug.

    For example if you’re fortunate enough to get some mainstream media attention or one of your posts gets on the popular page of Digg or Delicious – why not add a quick link on the page everyone’s arriving on to promote your feed?

    Put out the welcome mat at key points and help your readers find a way to make themselves at home.

    11. Run an Ad Campaign


    One blogger that I worked with last year ran an AdWords campaign to promote his feed (with some success).

    He created a landing page for his blog that had the one goal of converting those who landed on it into loyal readers via RSS and his newsletter. The results were really encouraging and a great way to launch his new blog. In fact it was so worthwhile that he continues to put a few dollars a day into a simple AdWords campaign to promote his blog.

    Similarly – other bloggers have done the same thing using other ad systems like Blogads.

    These are some of the ways that I’ve used to get readers to subscribe to my RSS feed – how do you do it?

    ROMPIENDO CONTRASEÑAS WEP CON AIRCRACK EN UNA RED WIFI

    Interesante artículo donde explica como se puede saltar la seguridad WEP con programas de libre acceso y sin demasiados conocimientos.

    Mas adelante explicarán como resolverlo, al menos en parte.
    En cualquier caso hay que dejar claro que no hay programa , software o seguridad 100% fiable. El éxito de una red inalámbrica está basado en el uso y diseño con conocimiento y aplicando varias reglas la mayoria de las veces muy asequibles y que conjuntadas dan una mayor estabilidad. Poner solo encriptado WEP, no sirve de mucho, pero si se le añaden otras características, será mas que suficiente para disuadir a gran parte de los atacantes.

    Actualización: Muy recomendable también este otro artículo:

    Como obtener la clave de una red wifi WLAN_XX – How to get wifi key on WLAN_XX (Telefonica Spain)