Although WannaCry, the massive worldwide ransomeware attack, is the biggest story these days when it comes to cyber crime, it’s definitely not the only issue causing problems for sites right now.
Last week, website security leader Sucuri identified code that appears to be WordPress API related, but is actually sending active cookie data to attackers. This is most problematic when the active user is a site admin because it gives someone the opportunity to create a new admin user which can be then used to do considerable damage to a site and/or gain access to user data.
It’s no surprise that we’re very interested in how our current administration is impacting topics like Net Neutrality and Internet Privacy. When Ajit Pai was appointed to be FCC chairman a couple months ago, we encouraged everyone to stay informed and keep an eye out for new issues. Well, this week the House voted to undo rules which prevented Internet Service Providers (ISPs) from selling user data to the highest bidder, just the latest roll back of protections that had been put in place by former President Obama. Although President Trump has not yet signed the roll back into effect, the White House has suggested that he will and the implications for Internet privacy concerns are pretty significant. (Update – As expected, President Trump did sign the bill in question on April 3rd, 2017, to repeal online privacy protections established under the previous administration.)
Delivering secure and reliable services has been a top priority for developers since day one. Applying the best, most reliable technologies has always been the key to securing a client’s data and traffic. But, due to multiple vulnerabilities found in some core products used to encrypt data and traffic, security practices need to be revisited.
We’re seeing reports this morning that a massive security breach associated with WordPress 4.7.0 and 4.7.1 has apparently led to the defacement of up to 1.9 million pages across almost 40,000 domains.
Upgrading to version 4.7.2 should fix the issue and WordPress urges anyone who hasn’t already updated to do so immediately. WordPress actually announced the security issue in a blog post at the beginning of February, but apparently there are still many sites that either weren’t aware or didn’t realize how serious the issue really is.
If you or anyone you know is running a WordPress site, please make sure it is updated to 4.7.2 as quickly as possible.
This past Friday, when most of the world was watching (or actively not-watching) the events in Washington, D.C., the formerly shuttered, Snowden-affiliated webmail service Lavabit announced it was re-launching with a new generation of email privacy and security.
If you’re unfamiliar with the history, here’s the gist: Lavabit formed in 2004, in part because of privacy concerns around email. They launched as an email service with significant protection and encryption capabilities and served a relatively small group of folk for almost a decade.
In the wake of the October 21st cyberattack on Dyn – an event that caused websites including Amazon and Netflix to go offline for hours – there has been a real rise in fear as to the ramifications of the Internet of Things. The Dyn attack was accomplished with malicious code that got into innumerable “smart” devices, from webcams to baby monitors, bombarding Dyn with requests and bringing its services to a halt – thereby crashing popular websites and services. But what if the goal had been to shutdown a power plant? Or to sever vital emergency communication lines? Or to bring down an airplane?
Android devices running on Qualcomm chips are at serious risk of being cracked. Apparently unlike iOS devices, Android devices store full-disk encryption keys in software, software that can be cracked – easily.
I remember the time, several years ago, that I first noticed the little piece of masking tape at the top of my developer friend’s laptop screen. “You block your camera?” I asked. “Of course! You never know…” And so it got me thinking: this guy knows a whole lot more about hacking capabilities than I do – what harm can it do? And from that moment forward I decided to play it safe: I have always put a small sticky square of a post-it note over the cam on my own laptop. So it’s been somewhat validating over the past 48 hours to see the spike in Web chatter stemming from the revelation that ZUCK BLOCKS HIS CAM!
The good folks at Engadget have distilled down 2+ hours of new product announcements from this week’s Google I/O to a manageable 12 minutes. There’s some really interesting new stuff coming soon with Google Home, Google VR, and Android N. Check out the time-saving summary video below: