SecurityRatty: tag: wordpress

Number One Wordpress Security Step

2008-03-31 02:53:02 by Erik T. Heidt in Art of Information Security

...Wordpress blog secure Keep the software up-to-date This may sound almost patronizingly obvious, but hold on a second. Every day hackers use unpatched servers or services of one kind or another as the bread and butter of their trade (stealing data, creating Bot networks, selling hacked server access to phishers, etc So, why are there so many...

Tags: wordpress, step, wordpress security step, wordpress automatic, wordpress development feed, wordpress community, security, wordpress blog secure, blog

WordPress 2.5 Cookie Forging Explained

2008-04-25 21:46:49 by Chris Eng in Zero in a bit

WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded into a client-side token (as...

Tags: cookie, wordpress authentication cookie, authentication cookie, cookie integrity bug, hash, hash hmac, user, user identity, maintain cookie uniqueness

Wordpress 2.5 cookie integrity protection vulnerability

2008-04-25 16:03:19 by Steven J. Murdoch in Light Blue Touchpaper

...Wordpress, which I had just upgraded to version 2.5. Unfortunately, I found a rather nasty security hole, which has now been disclosed. If a Wordpress installation is configured to permit account creation, the vulnerability allows an attacker to gain administrator access The problem is to do with how cookies are generated. The authentication...

Tags: cookie, time, user expiry time, wordpress, secure cookie protocol, expiry time, vulnerability, username, maintain cookie uniqueness

New Features, Security Improvements And Above 194 Bugs Fixed In WordPress 2.6

2008-07-15 11:23:58 by CyberInsecure in CyberInsecure.com

WordPress has shipped a new version, 2.6, with fixes for almost 200 bugs and a major security-related change to disable remote publishing protocols by default. WordPress 2.6 is supposed to be more secure by default after fresh installation, includes SSL support and the ability to force SSL for security. In the new version the Atom

Tags: wordpress, includes ssl support, force ssl, bugs, fresh installation, disable remote, version, default, security

WordPress 2.6.2 Released Due To PHP Weakness That Might Lead To Attack

2008-09-09 03:24:16 by CyberInsecure in CyberInsecure.com

New WordPress version, 2.6.2, was released today to mitigate a new attack vector discovered by PHP security researcher Stefan Esser. According to an advisory from WordPress blog, Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt rand(). Blogs that allow users registration should be upgraded as...

Tags: sql column truncation, stefan esser recently, weakness, wordpress blog, users registration, wordpress version, attack vector, blogs, rand

Fake Wordpresz.org Site Distributes Backdoored WordPress Package

2008-11-06 23:47:03 by CyberInsecure in CyberInsecure.com

Wordpresz.org is a malicious website that is distributing a purposely backdoored, fake 2.6.4 version of Wordpress. The fake package allows the theft of cookies from those who have installed it, potentially leading to hijacking of their WordPress blogging platforms for malicious purposes. The fake Wordpresz.org domain registered several days ago...

Tags: fake wordpresz, fake, org, wordpresz, wordpress, fake package, org domain, days ago, malicious purposes

WordPress Security Plugins

2007-11-30 03:00:24 by Editor in Help Net Security - Articles

WordPress is a powerful publishing platform that is easy to use and offers anyone the possibility to start a blog in no time. Because of its versatility and a large quantity of third-party plugins, Wo

Tags: wordpress, third-party plugins, time, quantity, blog, easy, offers, powerful, platform

DoS attack prevents access to WordPress.com blogs

2008-02-19 00:00:00 by HASH0x8b20fe0 in Network World on Security

The WordPress.com blog-hosting service suffered a denial-of-service (DoS) attack that began Saturday and was still preventing users from logging in or posting to their blogs on Tuesday Fundamental Principles of Network Security Advertisement Protect the organization. Learn the 'Need To Know' aspects of network security. Free paper from APC

Tags: network security, attack, blogs, wordpress, dos, fundamental principles, free paper, advertisement, protect

A Diverse Portfolio of Fake Security Software - Part Thirteen

2008-11-12 16:57:26 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...Wordpress accounts promising to remove competing software antiviruspro2009.wordpress .com ultraantivirus2009.wordpress .com smartantivirus.wordpress .com antiviruslab2009.wordpress .com antivirusvip.wordpress .com personaldefender2009.wordpress .com malwareremoval.wordpress .com Naturally, it didn't take long before blackhat SEO farms were...

Tags: security software, software, fake security software, popular software, diverse portfolio, wordpress, wordpress accounts, proactive threat intell, net

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo