Archive for August, 2007
Interview with beNi
BlogSecurity introduces an interview with Benjamin Flesch, ‘beNi’, who works as a Security Consultant in Germany.
BlogSecurity: Hello beNi, firstly, thanks very much for taking the time to do this interview with us.
You’re only 18 years old, what is your security experience so far?
beNi: ‘Security experience’ is hard to talk about. At the beginning I learned [...]
Critical WordPress Flaw Found
A critical WordPress vulnerability has been discovered by Alexander Concha.
The Remote SQL Injection vulnerability affects the latest versions of WordPress including Wordpress <= 2.2.2 and Wordpress MU <= 1.2.4.
Alexander has also written a proof of concept exploit for the vulnerability. He has contacted WordPress regarding the hole. A patch cannot be released without disclosing [...]
http versus https
As many of you know, the difference between "http" and "https", is that "https" instructs the browser to initate an encrypted session with the web server before sending any data.
I know I tend not to use https more out of laziness than anything else, however, once you’ve taken the effort to set it up, it’s [...]
WordPress Hardening article Updated
We have updated the article "Hardening WordPress with htaccess". Its now alot easier and more effective thanks to some feedback from Dustin Rue.
Although, I prefer hiding my content as well as securing it, I think the new methods discussed in this article are far more user friendly and allows you to be more flexible with [...]
wp-scanner update
A new version of wp-scanner (v1.2F Beta) has been released.
There were quite a few minor changes and bug fixes in wp-scanner, however, the two main changes were as follows:
a) Some users were complaining that could not run wp-scanner, even after enabling the wp-scanner activator plugin. We have now made wp-scanner comment a multi-line regex, [...]
