It all started a few months ago when I was visiting Lester Chan’s website looking for some information about one of his plugins. Lester Chan has written a good number of very popular WordPress plugins that are used by millions of people. Some of the…
What’s Your Take on Cloud Security?
One of the most common questions I get is “What’s your take on cloud security?” Well, my answer is relatively straightforward: never assume that all’s well just because someone says it is. In other words trust but verify.
Going Beyond Confirmed Web Security Flaws
As I wrote in my previous post about low-hanging fruit and the 2011 Verizon Data Breach Report, I’m a strong believer in finding out where your Web systems are bleeding and focusing on those issues first. It’s the basic principle of triage – finding, and…
Having a Secure Website Through all of your Website Properties
Having a secure website isn’t just about preventing website hackers from gaining access to your site, but preventing specific damage from the result of your site being compromised. Web hacking might be a little more serious than many people think, as it has been found…
Barracuda Networks Breached
Introduction On April 11th 2011, at nine in the evening, Barracuda Networks posted a grim entry on their blog. Their network had been hacked. Thousands of their confidential customer and employee records were stolen. In an ironic twist of fate, the company that advocates security…
Low-Hanging Fruit Becomes Big News with the 2011 Verizon Data Breach Report
The 2011 Verizon Data Breach Investigations Report is out. Yeah, yeah, yeah – yet another report telling us what a bad state of security we’re in and that we need to fix all sorts of things in IT. Okay, I’m not going to complain too…
But Compliance is Someone Else’s Job!
Regulatory ‘compliance’ – it’s a dirty word in business today. Perhaps that’s because we’re being force-fed more and more rules that various governing bodies believe are the best ways for us to run our businesses. Regardless of what side of the government growth – and…
Protecting Your Brand with a Secure Website
These days, everyone and their grandmother has a website or blog. It’s becoming more and more common for the average person to have a website, whether it’s for informational purposes or as a way to promote a product or service. Either way, there is a…
MySQL.com Victim of SQL Injection Attack
Introduction On 27th March 2011 a message was posted on the popular Full Disclosure mailing list exposing a recent hack against the website mysql.com. This vulnerability was apparently also reported by a hacker called TinKode, who also claims to have found a cross site scripting…