Archive for September, 2007
WordPress Hardening Project Update
As some of you already know, the BlogSec team have been working on a WordPress hardening plugin for some time now, and I thought we’d give you guys an update.
The start of the WP Hardening project started a long time ago and in a far away land! David Kierznowski initially started the wp-securify project which [...]
BlogSec web dev team member needed
We are currently looking for a talented individual(s) to come up with a new, fresh look for BlogSecurity. If you have skills in this area and would like to contribute to BlogSec and become a member of the team, we could really use you! :)
Ideally, we are looking for someone who can put in the [...]
Social networking privacy – where are your details stored?
This post follows on from two previous social networking posts:
Social networking privacy and data issues
Social networking privacy issues – signing up
Interestingly, out of the eight sites that I looked at, six process and store data in the US, where data protection laws are notoriously lax compared to the UK. For a start, the Privacy [...]
Dangerous WordPress Exploit Made Public
Although, I have not looked into the exploit in detail, the popular online exploit archive Milw0rm contains an exploit that claims to be able to exploit multiple versions of WordPress:
# Tested with Wordpress 2.2, 2.2.2, 2.0.5, 2.0.6, 2.1, (…), PHP/5.2.4 for
# Apache 2.0.58 on Gentoo GNU/Linux. magic_quotes on and off for the different
# exploits.
It is [...]
BlogSec News Update
Lorelle wrote a really cool article giving some cool tips to secure your WordPress blog. If this wasn’t enough, keep a look out, for BlogSecurity’s official whitepaper which has actually been ready for a month or more, but I just haven’t spent time with Phil to get it done, sorry Phil.
I gave a talk [...]
