By popular demand, the Chet Chat has gone back to a weekly format, so your favourite security podcast will now be appearing twice as frequently!
Listen to Chet and Duck in the latest episode...
Wordpress 3.7 isn't important because it fixes any particularly devilish vulnerabilities but because, for the first time, it will automatically update itself with the latest maintenance and security releases - something that could change the security of the whole Wordpress ecosystem.
A wild ride this week, with Patch Tuesday turning 10, Adobe "going open source" by losing 40GB of code, and Silk Road operator Dread Pirate Roberts getting locked in the brig.
Chet and Duck turn their amusing but insightful attention to the latest security stories...
Researchers have concluded that 73% of the 40,000 most popular websites that use WordPress software are vulnerable to attack. But they admit they might be wrong. Even so, they still highlight an important security issue which isn't diminished one iota by their sketchiness.
Mega-popular blogging and content management system WordPress has just put out version 3.6.1.
This includes a patch for a remote code execution hole, so you are advised to update ASAP.
Here you are! Episode #116 of the Sophos Security Chet Chat.
News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular podcast.
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
Naked Security reader Lisa Goodlin is a website designer and a WordPress user.
She was recently targeted by cybercrooks trying to phish her WordPress credentials, and though the phish ended up being comical rather than threatening, there were some useful lessons to be learned...
To some of us, two-factor authentication (2FA) is a welcome aspect of online security; to others, token or SMS-based login codes are just extra online hassle we'd rather do without.
Duck and Chet help you evaluate the risks and rewards of 2FA in this enjoyable quarter-hour podcast.
If you have a web service that supports remote users, you will know that malevolent login attempts are an everyday occurrence.
But hosting providers worldwide are reporting an onslaught at well above average levels...
We've written recently about Apple and Automattic starting to offer two-factor authentication (2FA) for online accounts.
Word on the street says that Microsoft will soon be doing the two-step, too...
With WordPress.com powering more than 60 million websites worldwide, anything to improve the safety and security of its users is to be welcomed.
Paul Ducklin tries out the new WordPress 2FA service on his Naked Security account...
Millions of blogs hosted on WordPress.com can breathe a sigh of relief - although a hacker did manage to break into thousands of sites and publish a make-money-fast advert, it wasn't because of any vulnerability on the WordPress.com site.
Instead, it seems users had simply been careless with their password security.
A major malware campaign has been spread via spam email and compromised self-hosted WordPress blogs, attempting to infect computers using the notorious Blackhole exploit kit.
The news giant is suspected of falling prey to attackers who took advantage of its running news operations on an insecure, out-of-date WordPress version.