A hot topic going around in WordPress circles now is a worm making its rounds hijacking vulnerable WordPress installations, and how just a little effort on the part of administrators could have saved the trouble of cleaning up after the worm. This is the inevitable problem with IT security. No matter how hard developers try to make a software safe and secure, easy to update, and respond quickly to new emerging threats, it is never enough for some users. Someone,…
Tag Archives: IT security
SCADA Security Talk
This would be my first visit to Nanyang Polytechnic. I was there for the SCADA Security and Controls event organized by (ISC)2 and AiSP. The venue was pretty nice. I think I would have loved my JC to have been like this. The polytechnic seems to be quite serious about the H1N1 precautionary controls, with smart card readers, infra camera scanners, automatic sticker dispensers, etc. The seminar itself, however, was a little disappointing.
SecurityVision 2009 Lacks Security Vision
In the past week, I attended an IDC conference SecurityVision 2009. Something quite strange was said during the opening address which kind of surprised me. The speaker was admitting to having a virus on her computer which she could not get rid off. Her “IT people” were unsuccessful either. But it was okay, because (so she explains) the computer did not do anything dangerous except causing some annoyances on her display. What kind of IT security are you trying to…
Caring For End-Users’ Security
In the past, most companies don’t care. They do sell products with security features, but the features are turned off by default because they usually make the product more difficult to setup and use, and customers may get turned off by the complexity of getting the product to work. Fortunately, some companies are now trying to make security easy. They are putting some extra effort to take care of their customers’ interests.
IT Security Carnival
This week is IT Security Week at NUS, and so they have an IT Security Carnival held at the Forum. They have been running this for some years now, and I must commend the organizers for their excellent work all around. In my opinion, this is one of the more successful and meaningful event, and I’m not saying that just because IT security is one of my pet areas too.
Urgent WordPress Security Update
Security updates keeps us busy during festive holidays again. The last one with WordPress 2.3.2 kept us occupied prior to the 2008 New Year. Today, the new WordPress 2.3.3 release happens just prior to the Lunar New Year. The major focus of this security release is to fix a flaw in the XML-RPC implementation. Other XML-RPC problems were also plugged in the previous WordPress release. Holidays or not… you should try to upgrade ASAP! More details on 2.3.3 here.
When Your Personal Safety is Threathened by Hackers
When ZDNet reports Boeing 787 at risk of in-flight hacking, you start to worry about how your personal safety can sometimes be threatened by hackers. I wonder what was Boeing thinking about when they connected passenger Internet and entertainment networks to their on-board flight systems network. Professionals in the IT security circles already know how systems and applications must be designed with security from the start, how they need to be reviewed and audited, etc. I certainly hope aircraft manufacturers…
Urgent Security Update to WordPress
Yes it keeps us busy even during the festive season. A number of critical security issues were identified with WordPress 2.3.1 (may apply to older versions too) that necessitated an urgent security release. WordPress 2.3.2 is now available. One of the problem is a SQL Injection Vulnerability that exposes internal information about your WordPress installation. These are common problems that plague web applications. I did a brief presentation on Secure Web Programming a few moons ago. It was primarily intended…