webddr

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download on WordPress, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.” (more)

Have you ever heard a colleague answer the phone like this: “Good afterno… Yes… What? Completely?… When did it go down?… Really, that long?… We’ll look into it right away… Yes, I understand… Of course… Okay, speak to you soon… Bye.” The call may have been followed by some cheesy ’80s rock ballad coming from the speaker phone, interrupted by “Thank you for holding. You are now caller number 126 in the queue.” That’s your boss calling the hosting company’s 24 hour “technical support” line. (more)

Google Hacking

This is by far the easiest hack of all. It really is extraordinary what you can find in Google’s index. And here’s Newsflash #1: you can find a wealth of actual usernames and passwords using search strings.

Copy and paste these into Google:

inurl:passlist.txt
inurl:passwd.txt

…and this one is just priceless… (more)

Little doubt remains that the Stuxnet worm represents one of the most sophisticated digital attacks on critical infrastructure systems that cybersecurity researchers have ever seen. The motives of whoever launched that attack is a far murkier question–but a mounting stack of theories is starting to point to a targeted sabotage of Iran’s nuclear facilities. (more)

Encryption works by encoding the text of a message with a key. In traditional encryption systems, the same key was used for both encoding and decoding. In the new public key or asymmetric encryption systems, keys come in pairs: one key is used for encoding and another for decoding. In this system everyone owns a unique pair of keys. One of the keys, called the public key, is widely distributed and used for encoding messages. The other key, called the private key, is a closely held secret used to decrypt incoming message. (more)

Restriction by IP address is secure against casual nosiness but not against a determined hacker. There are several ways around IP address restrictions. With the proper equipment and software, a hacker can “spoof” his IP address, making it seem as if he’s connecting from a location different from his real one. Nor is there any guarantee that the person contacting your server from an authorized host is in fact the person you think he is. The remote host may have been broken into and is being used as a front. (more)

A Keylogger is a program that records all physical keystrokes and stores them for later retrieval. The existence of a keylogger is usually kept a secret and is hidden from whoever it is targeting. For example, They may be used by company to monitor an employee they’re suspicious of, a keylogger could even be installed for backup purposes in case of a system crash. It could be useful to know that you always have a backup of whatever you type. keyloggers are categorized as a form of spyware, and will most likely store the keystrokes to a file (which may be encrypted) and can be accessed by the attacker, normally by the use of a password. (more)