Mon, Mar 11, 2013
WordPress is huge. It is currently the most popular blogging system in use, and it manages 22% of all new websites. We use it for our site, and I would personally recommend it to anyone thinking of creating a new website.
However, because it is so popular, it becomes a target for hackers. Right now, automated bots are crawling the web looking for WordPress sites to attack. If you take some time to protect yourself, you can greatly reduce your chances of having a problem. With that, I decided it would be useful to share some of the tips and tricks I have learned to protect our site.
Tue, Jan 8, 2013
Last night I came across a sobering article from Brian Krebs of KrebsOnSecurity. The article talked about a specific crimeware author that is advertising that he is in the market to buy fresh new browser exploits, but the article had much more information than just that.
Fri, Jul 6, 2012
Recently, we released an update to our servers that allow our users to view many popular document types through Light Point Web. To accomplish this, we are using the Google Docs Viewer. The Google Docs Viewer is a nifty little service from Google that can turn documents into normal webpages.
The new plugin viewer works automatically. Now, when you click a link to a supported file, such as a PDF, you will be sent to the Google Docs Viewer for that file. This gives you the ability to read the file without it ever touching your computer.
Fri, Jun 22, 2012
There’s a Windows Live and Hotmail email phishing scam going around. The email attempts to trick victims into disclosing their Windows Live credentials and other personal information by claiming that a Trojan has been detected in the user’s Windows Live folders. The fraudulent email claims that the personal information is needed to upgrade the user’s email account with a 1024-bit RSA key anti-virus firewall, and that if the user does not comply, their email account will be terminated.
Tue, Jun 19, 2012
Facebook is testing a new feature, which I believe will only increase the already huge number of scams and malware present on the social networking site.
The new feature would allow users to pay to “highlight” their status updates in their friends’ news feeds. Currently the Highlight option is only being tested with a small sample group of users. And, it is only available for personal accounts, not brand pages. Highlighted posts may appear higher in the news feed, stay visible for longer, and appear to more friends and subscribers.
The Highlight feature would open the door for scammers to explore new twists on the old favorite, Facebook Will Start Charging scam, by creating confusion around a known Facebook feature.
Tue, May 22, 2012
Light Point Security has just released Light Point Web 2.0. The 2.0 release was basically the completion of the scrolling work started in the 1.2 update. Where 1.2 added client-side scrolling, 2.0 provides scroll-caching. Additionally, there were some client-side bug fixes to correct issues with the newest versions of Firefox.
Mon, May 21, 2012
Twitter announced that it now supports the Do Not Track privacy feature in web browsers.
Do Not Track is a privacy feature introduced by Mozilla and Stanford researchers that users can set in their web browsers. When Do Not Track is enabled, your browser will tell advertising networks and other websites and applications that you want to opt-out of tracking. It does this by transmitting a Do Not Track HTTP header every time your data is requested from the web.
Mon, Apr 30, 2012
Jason Gill disclosed a bug in the WooThemes WooFramework that allows any website visitor to run and see the output of any shortcode.
This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. WordPress installations with unsecured shortcodes (such as [php] which allows raw PHP code to be run) are vulnerable to serious attacks if WooThemes are installed, even if they are not the selected theme for the site. It would be trivial to identify common insecure shortcodes and then attempt them against common WooThemes to attempt to run malicious code on the remote server.
The response from the WooThemes folks to this security vulnerability was less than stellar. This is a case study into the mistakes made by WooThemes during this incident that should hopefully serve as a model for what not to do.
Mon, Jan 23, 2012
Light Point Security has just released Light Point Web 1.2. The main focus of this update was the addition of client-side scrolling. Additionally, there were some improvements involving the keyboard focus when switching between tabs.
Fri, Dec 16, 2011
I came across a Verizon email warning customers about phishing scams, and decided to share it. I found it interesting since a lot of companies don’t take such proactive measures to warn their customers of the dangers of online scams. Most of the time these emails are sent after the fact – after a company is aware of an ongoing phishing scam. So here’s an attaboy to Verizon!
Continue reading to see the Verizon email, in its entirety.
