It’s a Hosting Issue, Not a WordPress One
There has been some misinformation going around about an alleged security vulnerability in WordPress 2.9.2. A bunch of websites were recently compromised, and some people have tried to assign the blame...
View ArticleWordPress Administration Over SSL
Do you frequently log-in to your WordPress install over public WiFi networks? While it may seem like paranoia to some people, it’s really not a good idea to log into important sites over an unencrypted...
View ArticleClik here to view.
FireSheep: Grey Hat Security?
A scary new Firefox extension known as Firesheep came onto the scene recently. For years it has been possible for nefarious users to “sniff” unencrypted network packets for session cookies, allowing...
View ArticleWhat Everyone Missed About the Gawker Password Scandal
A few weeks ago the internet exploded with news about the servers that host the Gawker blogs (Gizmodo, Lifehacker, Jezebel, etc.) being compromised by a distributed group of crackers known as Gnosis....
View ArticleClik here to view.
WordPress Admins Can Post JavaScript in Post Comments
Here’s an interesting fact about WordPress: users with Administrator or Editor privileges are allowed to post unsanitized JavaScript or markup in Post comments. I discovered this by accident when I was...
View ArticleClik here to view.
Pandora Password Debacle
There’s a post going around on Google Plus that shows off a glaring security hole in the popular internet radio site Pandora. If you use FireBug (or the HTML inspection tool in your browser of choice),...
View ArticleProposed Secure Password Hashing API in PHP 5.5
PHP 5.5 will be gaining a simpler and more newbie-friendly way to securely hash passwords. As those who are active in the PHP community are all to well aware of, it is quite a trial to educate everyone...
View ArticleFillDisk Proof-of-Concept Demonstrates Flaw in Browsers’ localStorage...
HTML5’s localStorage API makes it possible for a web page to store 5-10MB of persistent data, much like cookies, but for more complex data—as you probably already know if you’re familiar with HTML5’s...
View ArticleClik here to view.
WordPress Security Advisory: Harden Your Admin Login
There has been news lately of a distributed attack against WordPress sites. A growing botnet has been running dictionary attacks against sites powered by WordPress, in effort to gain access to the the...
View ArticleClik here to view.
What You Need to Know About the Heartbleed Bug
If you haven’t already heard, a major exploit in OpenSSL was discovered recently. The Heartbleed Bug, which is as scary as it sounds, allows an attacker to capture potentially sensitive information...
View Article
