Author Archive
WordPress Security Whitepaper
***PLEASE BE VERY CAUTIOUS USING ANY PLUGINS/TOOLS IN THIS WHITEPAPER. SOME OF THEM ARE BETA TOOLS AND HAVE NOT BEEN UPDATED FOR SOME TIME. SOME OF THE PLUGINS ARE KNOWN TO CAUSE PROBLEMS. FOLLOW THE PRINCIPLES BUT IT IS NOT RECOMMENDED THAT YOU RUN ANY OUTDATED OR BETA PLUGINS. IF IN DOUBT, PLEASE ASK!***
This document [...]
Feedsmith Feedburner vulnerability fixed
The guys at Google have been great and have just released a brand new version of FeedSmith Feedburner (v2.3), after BlogSecurity released an advisory yesterday that allowed an attacker to hijack your feed and thereby your readers.
This does address the vulnerability released on BlogSecurity yesterday.
A random token has been added to the form to [...]
Hijacking feeds with Feedburner Vulnerability
The famour Feedsmith Feedburner plugin is vulnerable to a CSRF attack that can allow an attacker to completely hijack blog feeds.
The popular feed service plugin page says this:
This plugin makes it easy to redirect 100% of traffic for your feeds to a FeedBurner feed you have created. FeedBurner can then track all of your feed [...]
Choosing the right blogging software
In this article we examine some of the more popular open source blogging software packages available. BlogSec gets an overview picture of whats out there and whats being used.
According to Wikipedia, there are 35 listed open source, free blogging software packages, and these will be the blogs on which we focus.
This initial research will help [...]
Spambam: comments anti-spam plugin
Anyone who is familiar with blogging is more then likely familiar with comment spam. It is a well known fact that 93% of comments are spam! In this article we discuss a little about comment spammers and discuss BlogSecurity’s latest project, Spambam!
The goal behind comment spam is to ultimately generate traffic for the attackers advertised [...]
