Interested In Security And Running WordPress?

WordPress is currently (and has been for a long time) 1 of the most popular tools for creating blogs and web sites on the internet. Due to the level of popularity that WordPress has gained it has been a target for hackers looking to deface the website, send spam or make the site a part of a bot net (and of course many other things).

The attackers use vulnerabilities that are found in the core code, plugins and yes even themes.

There are many plugins that try to help mitigate the risks but they are fighting a lost cause and really cannot combat all vulnerabilities. Continue reading “Interested In Security And Running WordPress?”

Java Revocated SSL Certificate?

Recently there have been many SSL certificates revocated due to the heartbleed issue. Yesterday, for the first time, I came across a warning advising the information for a certificate was not available. Once reading and accepting the revocation I continued on my merry way.

Today however I received another revocation notice when using the java updater.

Revocated Java Certificate

Has Java forgotten to remove a revocated certificate from their servers?

Interestingly I had carried out a search simply for sjremetrics.java.com (the certificate was created for this URL) and lo and behold the very first response was for a post on the Oracle Forum which detailed Java having exactly the same issue back in 2010.

Side note. On looking at the details of the SSL certificate I see that it was issues on 17th September 2013 and was due to expire on the 17th November 2014. A 14 month certificate? I did not know that was possible. Or was it revoked in 2013 as well?

P.S.

I have tried to submit a bug for this issue however Oracle’s bug reporting process is atrocious.

I have received an email stating that the report “will be evaluated”.  Don’t think I will bother next time.

The Danger Of Expired Domains

When thinking about domain name security I have always tended to think about ensuring that a domain name is not stolen. On reflection this really is not our only concern. Yahoo have recently announced that they are opening up email accounts that are no longer used (wired article). As you can imagine this has caused a bit of furore about the potential of emails these accounts may still be receiving.

So how does this relate to domain names? Continue reading “The Danger Of Expired Domains”

WordPress Full Path Disclosure issue.

PLEASE NOTE THIS FINALLY APPEARS TO HAVE BEEN FIXED UNCLEAR WHICH VERSION RESOLVED THE ISSUE.

I am quite interested in security so I recently installed BackTrack on 1 of my spare pc’s so that I could have a proper play about. 1 of the tools that I have played with is WPScan which is a tool for scanning wordpress blogs to try to find security holes.

Continue reading “WordPress Full Path Disclosure issue.”

Free IPv6 Magazine 27th July 2012 ONLY

I am always a fan of freebies and of course I am always eager to learn new things so when I saw a post by Admin Magazine on Facebook to advise that to celebrate Sysadmin day  2012 they have partnered with Splunk to offer a free IPv6 download special.

The special covers numerous subjects covering what IPv6 is and how it works through too how to programme using IPv6. Be aware however the download is only available today.

You can download the special here.

On a related note those interested in the free download may also be interested in a guide that Burst.net have provided regarding IPv6 as well which you can download from here.

You never know, one day the world might be ready for IPv6 and we will need to know this stuff.

Potential Security Issue With iPhone App

I recently decided to purchase an app from the iPhone app store. I do not do this often but I believe that this app would be extremely useful.

The app I decided to download was SSH Term Pro. As the name suggests this is a SSH terminal app for the iPhone and iPad. Of course this makes it extremely easy to manage your server on the move. The application allows you to add unlimited amount of servers details so you can quickly and easily connect up to a server that you manage. The application also allows you to lock it down so that you can only access the application fully once you have entered a password that you had set up.

Unfortunately on investigation everything is not as good as I had hoped: Continue reading “Potential Security Issue With iPhone App”