Tag: security

  • JavaScript Attack Can Break ASLR

    Gold Padlock

    BleepingComputer has reported that security researchers discovered a new attack that can be carried out in nearly any browser just using JavaScript. Even with the protections & sandboxing of today’s modern browsers (like Google Chrome, Microsoft Edge, Opera, and Mozilla Firefox) it can break the address space layout randomization (ASLR) that most of today’s central […]

  • WordPress 4.7.2: Hidden Exploit Fix

    The WordPress logo. A "W" cut out of a dark gray circle with an outline of the same color. "WordPress" is written below the logo. "Word" is a dulled blue and "Press" is the same gray color as the logo.

    The recently released version 4.7.2 of WordPress had an additional security fix which was not disclosed in the changelog when it was released. The issue? A privilege escalation / content injection bug in the REST API that allowed for the potential that anyone could edit any post. How? Part of the REST API had an […]

  • Release: WordPress 4.7.2

    The WordPress logo. A "W" cut out of a dark gray circle with an outline of the same color. "WordPress" is written below the logo. "Word" is a dulled blue and "Press" is the same gray color as the logo.

    Last week WordPress released the second security update for version 4.7. There were 3 security issues fixed: Interface for assigning taxonomy terms in Press This was shown to users who did not have permission An SQL injection vulnerability was patched in the WP_Query class to prevent poorly coded plugins and themes from falling victim (involving post types) […]

  • Browsers’ Interfaces Are Insecure

    Browser showing example.com with the information button rolled down over the content.

    As browsers continue to add new features, many of them need to notify or request confirmation from the user. These notifications and dialogs are showing outside the browser interface and appear inside or overtop of the content window (considered to be untrusted since any content can be displayed by developers). This means that content developers […]

  • Release: PHP 7.0.15, 7.1.1, 5.6.30

    PHP (PHP: Hypertext Preprocessor) Logo

    PHP has released security updates for versions 7, 7.1, and 5.6. Since these are security releases it is HIGHLY recommended you update to them. I also heavily recommend you update to them as there are some odd bugs fixed in earlier versions for rare cases that could cause hangs or segfaults (crashes) in some cases […]

  • Release: WordPress 4.7.1

    The WordPress logo. A "W" cut out of a dark gray circle with an outline of the same color. "WordPress" is written below the logo. "Word" is a dulled blue and "Press" is the same gray color as the logo.

    WordPress, the open-source blogging and CMS platform, has released version 4.7.1, a security update to version 4.7. The update fixes eight (8) major security issues as well as sixty-two (62) other various bugs found in 4.7. Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major […]

  • Chrome Changes: Encryption Notification

    Google Chrome Browser Logo: Blue gradient circle with a thick white outline and a larger circle behind it with red, yellow, and green trisection coloring from top to bottom left.

    Google Chrome version 56 (based on the open-source Chromium web browser) is scheduled to be released at the end of the month. One of the major user-level changes is how sites without encryption will appear. Until now there has just been a lowercase letter “i” with a circle around it — this was typically an indicator […]

  • Cloudflare Trips Over Leap Second

    Cloudflare Logo: An orange cloud with a white solar flare emanating from the center-bottom with the capitalized dark-gray CLOUDFLARE printed below the cloud.

    The domain name service (DNS) and security proxy provider Cloudflare appears to have tripped over the leap second at the end of 2016. The Go programming language that is uses to build it’s DNS server apparently returned a negative number for the date in some cases which caused the random number generator to throw errors. […]

  • 2016: Banner Year for Encryption

    Bar graph from Let's Encrypt showing the massive 21 million additional certificates issued between the end of 2015 and the end of 2016.

    The Electronic Frontier Foundation (EFF) reported that the number of websites utilizing encryption (HTTPS) to secure the traffic between the browser and the web server. For the first time since the inception of the Internet, the majority (more than half) of internet traffic was encrypted! It did not matter the size: large and small websites […]

  • PHPMailer Vulnerability

    PHP (PHP: Hypertext Preprocessor) Logo

    A new Remote Code Execution (RCE) vulnerability has been reported on Christmas but details were only recently released. PHPMailer has already issued a patch (though they are not 100% confident in it), and WordPress (which uses PHPMailer) is considering issuing a security patch for current versions as well. The vulnerability allows the FROM address, when […]