BlogSec News Update

Posted by DK
September 11, 2007

Lorelle wrote a really cool article giving some cool tips to secure your WordPress blog. If this wasn’t enough, keep a look out, for BlogSecurity’s official whitepaper which has actually been ready for a month or more, but I just haven’t spent time with Phil to get it done, sorry Phil.

I gave a talk with pdp at an OWASP conference in Belgium last week on automated web application scanner weaknesses and discussed a project I have started called TSF. Check it out at GNUCITIZEN, my slides are there too.

I have had two emails from BlogSec friends who claim to have found some interesting XSS vulnerabilities in WordPress, details to follow soon, but this is just to give you a heads up.

We have an exciting project coming up, written primarily by Phil which implements PHP-IDS into WordPress. This will allow WordPress users to detect when there blogs are under attack… I cannot wait for the release of this project, version 1 is just about ready, so look watch out for this!

WordPress 2.2.3 has been released and available for download.

News, WordPress

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments
Comment by Bipin 3~ Upadhyay on September 12, 2007 @ 9:16 am

Yeah, I had seen the presentation and liked it. In fact I’ll be using some info from it for my Webinar (in my compnay).
I assume, it’s permitted :)

Comment by Philipp on September 12, 2007 @ 1:12 pm

Dk, no problem I have for myself enough ongoing to loose track every time…Maybe we both need something like an 48h day(or even more) and some doubles of ours….:).
Back to topic: it’s really nice to see that Lorelle writes from time to time about security issues as well. Hopefully that will open some more peoples eyes to use the latest version of Wordpress or any other Web/Soft -ware.

Comment by Lorelle on September 13, 2007 @ 12:59 am

Thanks for the mention and you know, I couldn’t have done it without you. Can’t wait for the white paper (she says, panting).

Phillipp: Thanks for the kind words. I don’t write much about security issues unless the news impacts the majority of WordPress users. There is a lot of fear mongering going on over issues that don’t impact most users. I let the fear mongers handle those. :D

I’m also finding myself passing on most of the WordPress news that I used to post on my blog to my WordPress Wednesday News on the Blog Herald. I need to start sharing the news with both blogs. Thanks for the kick in the butt reminder.

Comment by David Kierznowski on September 13, 2007 @ 8:59 am

@blipin: Thanks.. the event went really well, and I was really impressed with the venue and the guys I met over there. Regarding using ideas for your Webinar… go for it :)

@Phil: 48 hr day… mmmm … we’ll get it done :)

@Lorelle: We really like what you guys are doing as well as Blog Herald, keep it up!

Leave a comment

(required)

(required)