SEARCH RESULTS
 
Showing 1-10 of 17 records
 
Expand article

Number One Wordpress Security Step

2008-03-31 02:53:02 by Erik T. Heidt in Art of Information Security
 
...Wordpress blog secure Keep the software up-to-date This may sound almost patronizingly obvious, but hold on a second. Every day hackers use unpatched servers or services of one kind or another as the bread and butter of their trade (stealing data, creating Bot networks, selling hacked server access to phishers, etc So, why are there so many...
 
Tags: wordpress, step, wordpress security step, wordpress automatic, wordpress development feed, wordpress community, security, wordpress blog secure, blog
 
 
 
 
Expand article

WordPress 2.5 Cookie Forging Explained

2008-04-25 21:46:49 by Chris Eng in Zero in a bit
 
WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded into a client-side token (as...
 
Tags: cookie, wordpress authentication cookie, authentication cookie, cookie integrity bug, hash, hash hmac, user, user identity, maintain cookie uniqueness
 
 
 
 
Expand article

Wordpress 2.5 cookie integrity protection vulnerability

2008-04-25 16:03:19 by Steven J. Murdoch in Light Blue Touchpaper
 
...Wordpress, which I had just upgraded to version 2.5. Unfortunately, I found a rather nasty security hole, which has now been disclosed. If a Wordpress installation is configured to permit account creation, the vulnerability allows an attacker to gain administrator access The problem is to do with how cookies are generated. The authentication...
 
Tags: cookie, time, user expiry time, wordpress, secure cookie protocol, expiry time, vulnerability, username, maintain cookie uniqueness
 
 
 
 
Expand article

New Features, Security Improvements And Above 194 Bugs Fixed In WordPress 2.6

2008-07-15 11:23:58 by CyberInsecure in CyberInsecure.com
 
WordPress has shipped a new version, 2.6, with fixes for almost 200 bugs and a major security-related change to disable remote publishing protocols by default. WordPress 2.6 is supposed to be more secure by default after fresh installation, includes SSL support and the ability to force SSL for security. In the new version the Atom
 
Tags: wordpress, includes ssl support, force ssl, bugs, fresh installation, disable remote, version, default, security
 
 
 
 
Expand article

WordPress Security Plugins

2007-11-30 03:00:24 by Editor in Help Net Security - Articles
 
WordPress is a powerful publishing platform that is easy to use and offers anyone the possibility to start a blog in no time. Because of its versatility and a large quantity of third-party plugins, Wo
 
Tags: wordpress, third-party plugins, time, quantity, blog, easy, offers, powerful, platform
 
 
 
 
Expand article

DoS attack prevents access to WordPress.com blogs

2008-02-19 00:00:00 by HASH0x8b20fe0 in Network World on Security
 
The WordPress.com blog-hosting service suffered a denial-of-service (DoS) attack that began Saturday and was still preventing users from logging in or posting to their blogs on Tuesday Fundamental Principles of Network Security Advertisement Protect the organization. Learn the 'Need To Know' aspects of network security. Free paper from APC
 
Tags: network security, attack, blogs, wordpress, dos, fundamental principles, free paper, advertisement, protect
 
 
 
 
Expand article

Hardened stateless session cookies

2008-05-16 12:40:30 by Steven J. Murdoch in Light Blue Touchpaper
 
...Wordpress cookie debacle was that the authors invented their own password hashing and cookie generation scheme. This is generally a bad idea, since its hard even for experts to get these right. Instead, whenever possible, a well-studied proposal should be chosen. It is for this reason that I suggested the phpass library for password hashing,...
 
Tags: scheme, cookie generation scheme, cookie, cookie authentication schemes, cookies, stateless session cookies, fake cookie, cookie authentication key, authentication database
 
 
 
 
Expand article

The ICANN Responds to the DNS Hijacking, Its Blog Under Attack

The Article has images
2008-07-07 06:27:00 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Wordpress blog has also been a target of a recent attack automatically exploiting vulnerable Wordpres blogs In a separate and unrelated incident a few days later, attackers used a very recent exploit in popular blogging software Wordpress to target the ICANN blog. The attack was noticed immediately and the blog taken offline while an...
 
Tags: blog, attack, icann, wordpress blog, icann blog, recent attack, dns redirect, redirect, software wordpress
 
 
 
 
Expand article

Minimizing the Attack Surface, Part 2

2008-07-07 21:10:25 by Chris Eng in Zero in a bit
 
...WordPress, Movable Type, etc. all the time, but how many take additional steps to harden their installations? The concept is the same as the OS hardening analogy I brought up at the very beginning of this discussion Similarly, people install third-party WordPress plugins or Joomla components without considering that most of them are written...
 
Tags: dwr-invoker dwr, dwr-invoker, dwr library, dwr, library, security, dwr dispatcher, security posture, point-in-time application profile
 
 
 
 
Expand article

blog backup

2007-04-25 15:18:45 by Liudvikas Bukys in Liudvikas Bukys
 
I participated in the public beta of BlogBackupOnline.com , and since then the service has gone live, and, for now, free. Signing up is relatively effortless, and now I have an extra up-to-date copy of my blog content without any administrative effort on my part They dont back up image content yet, but theyre working on it. I havent tried using...