SecurityRatty: tag: wordpress

Number One Wordpress Security Step

2008-03-31 02:53:02 by Erik T. Heidt in Art of Information Security

...Wordpress blog secure Keep the software up-to-date This may sound almost patronizingly obvious, but hold on a second. Every day hackers use unpatched servers or services of one kind or another as the bread and butter of their trade (stealing data, creating Bot networks, selling hacked server access to phishers, etc So, why are there so many...

Tags: wordpress, step, wordpress security step, wordpress automatic, wordpress development feed, wordpress community, security, wordpress blog secure, blog

WordPress 2.5 Cookie Forging Explained

2008-04-25 21:46:49 by Chris Eng in Zero in a bit

WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded into a client-side token (as...

Tags: cookie, wordpress authentication cookie, authentication cookie, cookie integrity bug, hash, hash hmac, user, user identity, maintain cookie uniqueness

Wordpress 2.5 cookie integrity protection vulnerability

2008-04-25 16:03:19 by Steven J. Murdoch in Light Blue Touchpaper

...Wordpress, which I had just upgraded to version 2.5. Unfortunately, I found a rather nasty security hole, which has now been disclosed. If a Wordpress installation is configured to permit account creation, the vulnerability allows an attacker to gain administrator access The problem is to do with how cookies are generated. The authentication...

Tags: cookie, time, user expiry time, wordpress, secure cookie protocol, expiry time, vulnerability, username, maintain cookie uniqueness

New Features, Security Improvements And Above 194 Bugs Fixed In WordPress 2.6

2008-07-15 11:23:58 by CyberInsecure in CyberInsecure.com

WordPress has shipped a new version, 2.6, with fixes for almost 200 bugs and a major security-related change to disable remote publishing protocols by default. WordPress 2.6 is supposed to be more secure by default after fresh installation, includes SSL support and the ability to force SSL for security. In the new version the Atom

Tags: wordpress, includes ssl support, force ssl, bugs, fresh installation, disable remote, version, default, security

WordPress 2.6.2 Released Due To PHP Weakness That Might Lead To Attack

2008-09-09 03:24:16 by CyberInsecure in CyberInsecure.com

New WordPress version, 2.6.2, was released today to mitigate a new attack vector discovered by PHP security researcher Stefan Esser. According to an advisory from WordPress blog, Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt rand(). Blogs that allow users registration should be upgraded as...

Tags: sql column truncation, stefan esser recently, weakness, wordpress blog, users registration, wordpress version, attack vector, blogs, rand

WordPress Security Plugins

2007-11-30 03:00:24 by Editor in Help Net Security - Articles

WordPress is a powerful publishing platform that is easy to use and offers anyone the possibility to start a blog in no time. Because of its versatility and a large quantity of third-party plugins, Wo

Tags: wordpress, third-party plugins, time, quantity, blog, easy, offers, powerful, platform

DoS attack prevents access to WordPress.com blogs

2008-02-19 00:00:00 by HASH0x8b20fe0 in Network World on Security

The WordPress.com blog-hosting service suffered a denial-of-service (DoS) attack that began Saturday and was still preventing users from logging in or posting to their blogs on Tuesday Fundamental Principles of Network Security Advertisement Protect the organization. Learn the 'Need To Know' aspects of network security. Free paper from APC

Tags: network security, attack, blogs, wordpress, dos, fundamental principles, free paper, advertisement, protect

Hardened stateless session cookies

2008-05-16 12:40:30 by Steven J. Murdoch in Light Blue Touchpaper

...Wordpress cookie debacle was that the authors invented their own password hashing and cookie generation scheme. This is generally a bad idea, since its hard even for experts to get these right. Instead, whenever possible, a well-studied proposal should be chosen. It is for this reason that I suggested the phpass library for password hashing,...

Tags: scheme, cookie generation scheme, cookie, cookie authentication schemes, cookies, stateless session cookies, fake cookie, cookie authentication key, authentication database

The ICANN Responds to the DNS Hijacking, Its Blog Under Attack

2008-07-07 06:27:00 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...Wordpress blog has also been a target of a recent attack automatically exploiting vulnerable Wordpres blogs In a separate and unrelated incident a few days later, attackers used a very recent exploit in popular blogging software Wordpress to target the ICANN blog. The attack was noticed immediately and the blog taken offline while an...

Tags: blog, attack, icann, wordpress blog, icann blog, recent attack, dns redirect, redirect, software wordpress

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo