Delivering secure and reliable services has been a top priority for developers since day one. Applying the best, most reliable technologies has always been the key to securing a client’s data and traffic. But, due to multiple vulnerabilities found in some core products used to encrypt data and traffic, security practices need to be revisited.
We’re seeing reports this morning that a massive security breach associated with WordPress 4.7.0 and 4.7.1 has apparently led to the defacement of up to 1.9 million pages across almost 40,000 domains.
Upgrading to version 4.7.2 should fix the issue and WordPress urges anyone who hasn’t already updated to do so immediately. WordPress actually announced the security issue in a blog post at the beginning of February, but apparently there are still many sites that either weren’t aware or didn’t realize how serious the issue really is.
If you or anyone you know is running a WordPress site, please make sure it is updated to 4.7.2 as quickly as possible.
This past Friday, when most of the world was watching (or actively not-watching) the events in Washington, D.C., the formerly shuttered, Snowden-affiliated webmail service Lavabit announced it was re-launching with a new generation of email privacy and security.
If you’re unfamiliar with the history, here’s the gist: Lavabit formed in 2004, in part because of privacy concerns around email. They launched as an email service with significant protection and encryption capabilities and served a relatively small group of folk for almost a decade.
In the wake of the October 21st cyberattack on Dyn – an event that caused websites including Amazon and Netflix to go offline for hours – there has been a real rise in fear as to the ramifications of the Internet of Things. The Dyn attack was accomplished with malicious code that got into innumerable “smart” devices, from webcams to baby monitors, bombarding Dyn with requests and bringing its services to a halt – thereby crashing popular websites and services. But what if the goal had been to shutdown a power plant? Or to sever vital emergency communication lines? Or to bring down an airplane?
Android devices running on Qualcomm chips are at serious risk of being cracked. Apparently unlike iOS devices, Android devices store full-disk encryption keys in software, software that can be cracked – easily.
I remember the time, several years ago, that I first noticed the little piece of masking tape at the top of my developer friend’s laptop screen. “You block your camera?” I asked. “Of course! You never know…” And so it got me thinking: this guy knows a whole lot more about hacking capabilities than I do – what harm can it do? And from that moment forward I decided to play it safe: I have always put a small sticky square of a post-it note over the cam on my own laptop. So it’s been somewhat validating over the past 48 hours to see the spike in Web chatter stemming from the revelation that ZUCK BLOCKS HIS CAM!
The good folks at Engadget have distilled down 2+ hours of new product announcements from this week’s Google I/O to a manageable 12 minutes. There’s some really interesting new stuff coming soon with Google Home, Google VR, and Android N. Check out the time-saving summary video below:
Like many of you, a couple of weeks back we began closely watching the ongoing wrestling match between Apple and the FBI regarding giving the latter “backdoor” access into the iPhone of one of the San Bernadino terrorists.
If you have not yet read Tim Cook’s open letter to Apple customers with regards to the US Government’s request that the company build a “backdoor” into their iOS operating system, you really must. Cook does a great job of explaining why – even in the light of the horrible mass-shooting late last year in San Bernadino – this would be a very dangerous precedent to set.
Paul Ryan just attached the the latest version of the CISA to the huge omnibus and passed it out of the Senate. Its likely to pass the House and unlikely to be debated before the President then signs it into law. Ouch.