Wordpress

(get it in RSS or Atom)

TimThumb plugin for WordPress - zero-day remote code execution hole disclosed, quickly fixed

thumb-250

WordPress sites with the TimThumb image thumbnailing plugin could be taken over by attackers.

Paul Ducklin looks at what went wrong and explains how to fix the hole...

Skype's Twitter account compromised by Syrian Electronic Army

Microsoft's reading Skype messages

Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?

SSCC 121 - WordPress, OS X, iCloud, smartphone tracking and medical devices [PODCAST]

sscc-121-thumb-250

By popular demand, the Chet Chat has gone back to a weekly format, so your favourite security podcast will now be appearing twice as frequently!

Listen to Chet and Duck in the latest episode...

WordPress 3.7 with automatic security updating is out now

Wordpress 3.7

Wordpress 3.7 isn't important because it fixes any particularly devilish vulnerabilities but because, for the first time, it will automatically update itself with the latest maintenance and security releases - something that could change the security of the whole Wordpress ecosystem.

SSCC 119 - Happy 10th, Patch Tuesday - Adobe "goes open source" - Dread Pirate Roberts [PODCAST]

sscc-119-250

A wild ride this week, with Patch Tuesday turning 10, Adobe "going open source" by losing 40GB of code, and Silk Road operator Dread Pirate Roberts getting locked in the brig.

Chet and Duck turn their amusing but insightful attention to the latest security stories...

How to avoid being one of the "73%" of WordPress sites vulnerable to attack

How to avoid being one of the 73% of WordPress sites vulnerable to attack

Researchers have concluded that 73% of the 40,000 most popular websites that use WordPress software are vulnerable to attack. But they admit they might be wrong. Even so, they still highlight an important security issue which isn't diminished one iota by their sketchiness.

Monday review - the hot 24 stories of the week

Monday review

Missed anything last week? Catch up with everything we talked about with our weekly roundup.

WordPress issues security fixes, advises "update your sites immediately"

wp-logo-250

Mega-popular blogging and content management system WordPress has just put out version 3.6.1.

This includes a patch for a remote code execution hole, so you are advised to update ASAP.

SSCC 116 - Google Authenticator, Apple bugs, Facebook data probes, WordPress phishing [PODCAST]

sscc-116-250

Here you are! Episode #116 of the Sophos Security Chet Chat.

News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular podcast.

Monday review - the hot 17 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Anatomy of a phish - a "generic mass targeted attack" against WordPress admins

wpphish-250

Naked Security reader Lisa Goodlin is a website designer and a WordPress user.

She was recently targeted by cybercrooks trying to phish her WordPress credentials, and though the phish ended up being comical rather than threatening, there were some useful lessons to be learned...

Sophos Techknow - Two-factor Authentication [PODCAST]

techknow-logo-250-150

To some of us, two-factor authentication (2FA) is a welcome aspect of online security; to others, token or SMS-based login codes are just extra online hassle we'd rather do without.

Duck and Chet help you evaluate the risks and rewards of 2FA in this enjoyable quarter-hour podcast.

Monday review - the hot 21 stories of the week

Monday review

In case you missed anything, here's everything we wrote in the past seven days.

WordPress blogs and more under global attack - check your passwords now!

If you have a web service that supports remote users, you will know that malevolent login attempts are an everyday occurrence.

But hosting providers worldwide are reporting an onslaught at well above average levels...

SSCC 106 - US DoD and BYOD, "scanner" malware, 2FA, and browser wars revisited [PODCAST]

sscc-106-250

For your listening pleasure, here's the latest episode in our popular "Chet Chat" series.

Senior Security Advisor Chester Wisniewski discusses the latest security news with regular guest Paul Ducklin in an entertaining and easily-digested quarter-hour podcast.

Monday review - the hot 17 stories of the week

Monday review - the hot stories of the week

Catch up with everything we've written in the last seven days - it's weekly roundup time.

WordPress.com boosts security for bloggers with two-factor authentication

With WordPress.com powering more than 60 million websites worldwide, anything to improve the safety and security of its users is to be welcomed.

Paul Ducklin tries out the new WordPress 2FA service on his Naked Security account...

Monday review: the hot 31 stories of the week

Monday review: the hot 31 stories of the week

It's time for this week's Monday review: all our stories from the past seven days.

Enjoy!

"Im getting paid!" - Websites hosted on WordPress hacked due to users' poor password security

"Im getting paid!" - Websites hosted on Wordpress compromised due to sloppy password security

Millions of blogs hosted on WordPress.com can breathe a sigh of relief - although a hacker did manage to break into thousands of sites and publish a make-money-fast advert, it wasn't because of any vulnerability on the WordPress.com site.

Instead, it seems users had simply been careless with their password security.