How to Botch a Security Vulnerability Discovery – WooThemes Case Study

Mon, Apr 30, 2012

Jason Gill disclosed a bug in the WooThemes WooFramework that allows any website visitor to run and see the output of any shortcode.

This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. WordPress installations with unsecured shortcodes (such as [php] which allows raw PHP code to be run) are vulnerable to serious attacks if WooThemes are installed, even if they are not the selected theme for the site. It would be trivial to identify common insecure shortcodes and then attempt them against common WooThemes to attempt to run malicious code on the remote server.

The response from the WooThemes folks to this security vulnerability was less than stellar. This is a case study into the mistakes made by WooThemes during this incident that should hopefully serve as a model for what not to do.

What Bootstrapped Startups Can Learn From Rick Santorum

Mon, Jan 16, 2012

Oftentimes we look to other startups’ successes and failures as a roadmap for our own ventures. While that’s a smart strategy, I think much can also be learned from outside the startup scene – something we rarely consider. This is an unconventional case study that looks outside of startups to gather useful lessons learned.

Politics aside, Rick Santorum’s recent rise in popularity has been a great feat, and one that deserves a closer analysis. There are three important lessons for bootstrapped startups in Santorum’s story.

Get Bulletproof Web Security

Learn More
Start your 14 day free trial now

Search

@LightPointSec on Twitter

  • According to Gartner, containment/isolation is one of the top 10 security technologies for 2014 http://t.co/UyBOlqB6j4 Contact us to see why 3 hours ago
  • Gartner recognizes isolation as one of the top 10 security technologies for 2014 http://t.co/UyBOlqB6j4 Contact us to learn about isolation. 19 days ago
  • Gartner says isolation is one of the top 10 security technologies for 2014 http://t.co/UyBOlqTfxc Let us show you how isolation protects you 1 month ago
  • Firefox overwhelmingly the most trusted web browser. Followed by Chrome at a distant 27%. http://t.co/2ZQfTb02Re via @NakedSecurity 1 month ago
  • Gartner recognizes isolation as one of the top 10 security technologies for 2014 http://t.co/UyBOlqTfxc Contact us to learn how. 1 month ago