Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Critical security hole discovered in Wordpress

Add to     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

January 2, 2011

We've been saying for a while that popular blogging software Wordpress has numerous security holes and that the software requires too many write permissions in many of its most critical folders, and now another security flaw has been discovered that can cause various issues with its users.

WordPress version 3.0.4 presents a serious security flaw which, if left unfixed, creates an easy path for potential hackers to break into existing installations of the widely used blogging software.

Specifically, the security vulnerability stems from design flaws in the 'HTML sanitation library' used by WordPress.

In the past, vulnerable installations of WordPress have facilitated the spread of worms, viruses and Trojans.

This security hole might also lend itself towards total site compromise, blog spam and can even cause the affected website to crash alltogether.

Even though attacks against the security vulnerability are yet to appear, system admins are well advised to apply the security update right away, described as critical by WordPress' developers.

Similarly, in early December, Internet security observers all over the globe warned that Facebook's latest site redesign will create even more security holes and expose more user information than the old site did.

Internet security firm Sophos cautions that, launched in beta earlier this week and due to be rolled out gradually over the coming weeks, the revamped website is designed in such a way as to encourage users to expose even more information about their daily lives to the dominant social networking site.

Security-wise, the site revamp is seen by most in the Internet community as a big step backwards. For example, the About Profile page encourages users to share experiences, discover common interests, and to highlight meaningful relationships.

That page will have the same effect of highlighting the closest relationships and keenest interest a user might have. Previously, this information would have probably been on a list, but not highlighted as especially important. Now it is, and it's a major concern, among others.

Sophos urges all Facebook users to reconsider just how much data about themselves they really wish to share using the new site, warning that it may not just be their closest friends and contacts who get access to the sensitive information but just about anybody.

“Adding new features to facilitate sharing updates, interests and photos may be appealing to some Facebook users, but people need to be concerned about how much personal data they’re willing to offer online,” said Carole Theriault, senior security consultant at Sophos.

The revamped website is one of a multitude of privacy and content-control issues that have arisen over Facebook, especially over recent months. Users have progressively been encouraged to share photos and comments among wider and broader groups, from friends only to only friend-of-friends, to anyone on Facebook by default via a series of changes, most notoriously a revamp of Facebook's privacy policy late last year.

More recently, a decision by the NHS to integrate its NHS Choices health information site into the Facebook Connect platform provoked a warning from online privacy firm Garlik that this would allow the tracking of users on the site.

“Many Facebook users are online friends with complete strangers and so we’d advise Facebook users to carefully reconsider their privacy settings, make sure they’re only sharing information with people that they know and trust and to think carefully about how much personal data they want to make public.”

Although it has never admitted as much, more detailed user information in profiles make Facebook a more attractive platform for advertisers, hence Facebook's direction of travel is always towards encouraging users to share more with a wider pool of people.

But make no mistake, Facebook isn't the only social site with security issues. Twitter and others also have their share of security flaws as well.

In September, Twitter said it identified and fixed some cross site scripting holes that led to a meltdown on August 10, only to undo this fix with a later web site update. Again.

Click here to order the best dedicated server and at a great price.

It's becoming clearer now that on average, social sites aren't secure, and these latest security flaws being discovered are troubling. And if it isn't security bugs, it's privacy issues that users seem to be facing more and more these days.

So now some users are asking: is all of this really worth it? Am I wasting my time and energy on something that isn't worth considering, given all the security issues.

Twitter's site revamp - which reintroduced a security flaw that meant JavaScript could be injected into Tweets - was unrelated to the recent introduction of the New Twitter the company claims. The cross-site scripting flaw meant JavaScript code was run when users simply rolled their mouse over a link.

But wait-- it even gets worse.

The security flaw was mostly used for mischief but there were incidents of porn and shock site redirects as well, Internet security researchers say.

A worm, without a malicious payload, took advantage of the vulnerability to cause users to retweet their original Tweets after they rolled their mouse over a link, and then creating hundreds of thousands of spam message in the process, on top of creating other issues.

Only surfers using were exposed to the vulnerability. Third party clients were unaffected, at least for now. We will keep you updated however, if the situation should change.

Add to     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

Source: Wordpress.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Do it right this time. Click here and we will take good care of you!

Get your Linux or Windows dedicated server today.