Securing Your WordPress Site: Top Plugins

Mon, Mar 11, 2013

WordPress is huge. It is currently the most popular blogging system in use, and it manages 22% of all new websites. We use it for our site, and I would personally recommend it to anyone thinking of creating a new website.

However, because it is so popular, it becomes a target for hackers. Right now, automated bots are crawling the web looking for WordPress sites to attack. If you take some time to protect yourself, you can greatly reduce your chances of having a problem. With that, I decided it would be useful to share some of the tips and tricks I have learned to protect our site.

The Motivation Behind Malware

Tue, Jan 8, 2013

Last night I came across a sobering article from Brian Krebs of KrebsOnSecurity. The article talked about a specific crimeware author that is advertising that he is in the market to buy fresh new browser exploits, but the article had much more information than just that.

Light Point Web Now Supports PDFs and Office Formats

Fri, Jul 6, 2012

Recently, we released an update to our servers that allow our users to view many popular document types through Light Point Web. To accomplish this, we are using the Google Docs Viewer. The Google Docs Viewer is a nifty little service from Google that can turn documents into normal webpages.

The new plugin viewer works automatically. Now, when you click a link to a supported file, such as a PDF, you will be sent to the Google Docs Viewer for that file. This gives you the ability to read the file without it ever touching your computer.

Windows Live and Hotmail Account Upgrade Email Phishing Scam

Fri, Jun 22, 2012

There’s a Windows Live and Hotmail email phishing scam going around. The email attempts to trick victims into disclosing their Windows Live credentials and other personal information by claiming that a Trojan has been detected in the user’s Windows Live folders. The fraudulent email claims that the personal information is needed to upgrade the user’s email account with a 1024-bit RSA key anti-virus firewall, and that if the user does not comply, their email account will be terminated.

How Facebook’s Pay to Highlight Feature Can Lead to Scams

Tue, Jun 19, 2012

Facebook is testing a new feature, which I believe will only increase the already huge number of scams and malware present on the social networking site.

The new feature would allow users to pay to “highlight” their status updates in their friends’ news feeds. Currently the Highlight option is only being tested with a small sample group of users. And, it is only available for personal accounts, not brand pages. Highlighted posts may appear higher in the news feed, stay visible for longer, and appear to more friends and subscribers.

The Highlight feature would open the door for scammers to explore new twists on the old favorite, Facebook Will Start Charging scam, by creating confusion around a known Facebook feature.

Light Point Web 2.0 Released

Tue, May 22, 2012

Light Point Security has just released Light Point Web 2.0. The 2.0 release was basically the completion of the scrolling work started in the 1.2 update. Where 1.2 added client-side scrolling, 2.0 provides scroll-caching. Additionally, there were some client-side bug fixes to correct issues with the newest versions of Firefox.

Twitter Now Supports Do Not Track Privacy Feature

Mon, May 21, 2012

Twitter announced that it now supports the Do Not Track privacy feature in web browsers.

Do Not Track is a privacy feature introduced by Mozilla and Stanford researchers that users can set in their web browsers. When Do Not Track is enabled, your browser will tell advertising networks and other websites and applications that you want to opt-out of tracking. It does this by transmitting a Do Not Track HTTP header every time your data is requested from the web.

How to Botch a Security Vulnerability Discovery – WooThemes Case Study

Mon, Apr 30, 2012

Jason Gill disclosed a bug in the WooThemes WooFramework that allows any website visitor to run and see the output of any shortcode.

This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. WordPress installations with unsecured shortcodes (such as [php] which allows raw PHP code to be run) are vulnerable to serious attacks if WooThemes are installed, even if they are not the selected theme for the site. It would be trivial to identify common insecure shortcodes and then attempt them against common WooThemes to attempt to run malicious code on the remote server.

The response from the WooThemes folks to this security vulnerability was less than stellar. This is a case study into the mistakes made by WooThemes during this incident that should hopefully serve as a model for what not to do.

Light Point Web 1.2 Released

Mon, Jan 23, 2012

Light Point Security has just released Light Point Web 1.2. The main focus of this update was the addition of client-side scrolling. Additionally, there were some improvements involving the keyboard focus when switching between tabs.

Verizon Phishing Scam Email Alert

Fri, Dec 16, 2011

I came across a Verizon email warning customers about phishing scams, and decided to share it. I found it interesting since a lot of companies don’t take such proactive measures to warn their customers of the dangers of online scams. Most of the time these emails are sent after the fact – after a company is aware of an ongoing phishing scam. So here’s an attaboy to Verizon!

Continue reading to see the Verizon email, in its entirety.

Page 1 of 41234Next Page »

Get Bulletproof Web Security

Learn More
Start your 14 day free trial now

Search

@LightPointSec on Twitter

  • CryptoLocker: the comeback -- #malware reemerges ready to steal your money http://t.co/HcCmF1pJui 2 hours ago
  • New Citadel Trojan Targets Your Password Managers http://t.co/U77xhE94o2 4 days ago
  • Congrats to one of our developers for winning the Traitify category at the #BaltimoreHackathon! He won a cool drone! http://t.co/FdMuCjmXvb 7 days ago
  • Gartner's top 10 security technologies for 2014 includes isolation! http://t.co/UyBOlqB6j4 Contact us abt our isolation-based secure browser 1 month ago
  • Gartner: "Containment/isolation a top 10 #security technology for 2014" http://t.co/UyBOlqB6j4 Our isolation tech can help you. Contact us! 1 month ago