Don’t you love the feeling of customer inquiries in your morning inbox? So much interest in your site! You look closer at the emails and find they’re all from Michael – Michael Jordan, Michael Kors, Michael Vuitton – well, Louis Vuitton, but you get the point. Somehow, spambots found your form and blindly barraged your inbox with handbag and sneaker spam, or worse, adult content. How do you, a busy business owner, stop the spam while allowing legitimate requests? The good news is that you have a couple options – one is easy and the other, even easier.
Page 50 of 62
Open source content management systems (CMS) like WordPress, Joomla! and Drupal have become some of the most popular platforms for creating websites. So much in fact, that over 25 percent of the entire internet is powered on WordPress.
Platforms like WordPress are free and have a huge community of users and developers, providing a vast ecosystem themes and plugins. Unfortunately, since they’re so popular, open source platforms are often a large target for hackers and since much of the platform is developed by volunteers, code vulnerabilities may exist.
Data breaches are fairly common occurrences these days – in 2014 alone, nearly half (43%) of all companies experienced a cyber attack. Even worse is that most data breaches take weeks or even months to discover, which can have devastating effects on a business since the average cost of a compromised record is worth more than $194.
What can businesses do to prepare for and mitigate the inevitable cyber attack? Check out what Neill Feather, president of SiteLock, recently wrote in an article on Smart Data Collective to help businesses put the proper recovery and response plans in place.
What Is Logjam?
Transport Layer Security, or TLS, is the protocol commonly used in HTTPS connections. Logjam is the code name for a cryptographic weakness in the Diffie-Helman key exchange algorithm used by TLS. The Diffie-Helman Exchange (DHE) allows two parties – a browser and server in our case – to exchange prime numbers in a secure manner which are then used to create a shared secret used to encrypt a session.
A team of computer scientists and security researchers found that precomputing the prime number groups that DHE uses allows faster computation of the discrete logs used to find the shared secret. With academic-level resources, the researchers precomputed a 512-bit group used by 82% of vulnerable servers. The researchers posit that nation-state level resources could precompute 1024-bit Diffie-Helman groups, affecting even larger swaths of the internet.
With cyberattacks and data breaches on the rise, privacy and security compliances are more important than ever. What are compliances you ask? Generally, they’re laws designed to protect private consumer and company data from being stolen and exposed.
Privacy and security compliances span across many industries – education, government, health and technology, like cloud and SaaS. You may have even heard of a few of them, like HIPAA or SOC.
Neill Feather, president of SiteLock, recently wrote an article highlighting the top 3 privacy and security compliances that you should know, along with some tips to help organizations improve website compliance.
Websites and web applications are being hacked more than ever these days (especially with the rise of online businesses and B2B SaaS-based platforms). If a hacker gains access to the system, they can compromise financial records, medical records and other personal information such as Social Security Numbers and credit cards.
SiteLock president Neill Feather recently wrote an article on B2BNN, covering 5 security issues that many websites and web applications face, with solutions, including handling payments (PCI compliance), malware and password enforcement. For the full article, click here.
Earlier this week a security researcher reported a cross site scripting vulnerability, also known as an XSS vulnerability, in the WordPress icon package, Genericons. Genericons is an icon package that was used with the default-installed WordPress theme, Twenty Fifteen. Genericons included an HTML file, named example.html, which actually had the cross site scripting flaw.
About The Genericons XSS Vulnerablity
The XSS vulnerability was DOM, or document object model, based meaning it could potentially control how the browser handles a requested page. The victim would have to be coaxed into clicking a malicious link, reducing severity, though the exploit remains widely deployed all the same.
We teach our kids not to share anything on the internet that they wouldn’t want their grandmothers to see. We tell our employees to be mindful of private information shared via email. But are we really doing all we can to protect this method of conversation?
Cybersecurity And Your Emails
There are over 204 million emails sent each minute, yet email is one of the most overlooked technologies when it comes to cyber security. A recent study by Domo showed more than 53% of employees receive unencrypted and risky corporate data through email or an attachment. How can we help ensure that the information we’re interacting with is secure?
What Is PGP Encryption?
PGP, which stands for Pretty Good Privacy, is a great first step. PGP works by encrypting email between two people who each have unique digital fingerprints known as PGP keys.
WHD.usa (WorldHostingDay USA) is an upcoming networking event for the hosting and cloud service markets, bringing together local service providers and international IT companies. WHD.usa will be WHD’s first event in the United States, and is taking place on May 19-20, 2015 at the 7Springs Ski & Mountain Resort in Pennsylvania.
Recently, a security researcher released a zero-day stored XSS vulnerability in WordPress, meaning it was previously undisclosed and, at the time, unpatched. The vulnerability affected the latest versions of WordPress at release, including 4.2.
How Can The XSS Vulnerability Be Exploited?
The xss vulnerability involves how WordPress stores comments in its MySQL database. Comments are stored as text and the size of that text is limited to 64 kilobytes, or 64,000 characters. Given a previously approved comment, an attacker could create a malformed comment using approved HTML tags and tack on 64 kb of any character (perl -e ‘print “a” x 64000’). The 64 kb of junk is truncated and what’s left is a malicious comment in the database which will run whenever it’s viewed. And what can run is up to the attacker – creating backdoors, stealing credentials, malicious redirects and more.