Reflections
3 Tips to Avoid Dangerous Themes and Plugins
We all love how easy it is to install plugins and themes but how do we know there is no hidden jack in the box waiting to pop out? Viruses, worms and backdoors could be embedded into any theme or plugin and uploaded to the Internet for public consumption.
Here are three easy to use ideas [...]
Are Political Blogs More Likely to Get Hacked?
A website defacement is an attack on a website that changes the visual appearance of the site. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. – wikipedia
Web site defacements stretch back to the birth of the Internet and continue [...]
DNS dot DDoS Attack targetting the Internet
I was running tcpdump earlier this week when I noticed some odd entries queries to BlogSecurity’s DNS servers:
$ sudo tcpdump port 53
10:35:29.560870 IP 69.50.142.110.50928 > blogsecurity.domain: 43135+ NS? . (17)
10:35:29.561302 IP blogsecurity.domain > 69.50.142.110.50928: 43135- 13/0/14 NS C.ROOT-SERVERS.NET.,[|domain]
10:35:31.037729 IP 76.9.16.171.10435 > blogsecurity.domain: 58781+ NS? . (17)
10:35:31.038201 IP blogsecurity.domain > 76.9.16.171.10435: 58781- [...]
Acunetix Advanced Web Vulnerability Scanner Review
As some of you may know, our wp-scanner project looks for common WordPress XSS issues but what about testing more advanced web sites and/or CMS (content management systems)?
Acunetix is one of the leading commercial web applicaton vulnerability scanners on the market. The reason I mention it (other then the fact that they are one of [...]
Identity Theft 101
I phoned my bank to activate my card the other day. The automated voice required a date of birth and the number of digits in my Mother’s maiden name. Lets assume an attacker can get this information, lets be realistic, what could really happen?
Lets explore some ideas of what an attacker could do with enough [...]
