Browse: Home / security

security

Village Idiot wants to punish the Newark Scare guy

By Jan Dembowski on January 10, 2010

Here we go.
“He’s really an unwelcome guest,” Lautenberg told The Record of Bergen County. “He should be returned to his homeland.”
via Controversy swirls over graduate student who breached security at Newark Airport | New Jersey Real-Time News – – NJ.com.
This translates into
“I’m 85 years old but may want to get re-elected anyway. So I’m going [...]

Posted in , | Tagged , , | 2 Responses

Woo, they got the Newark Scare Guy

By Jan Dembowski on January 9, 2010

Nice to see Senator Lautenberg still goes for the sound bite. Is he up for re-election?
“This was a terrible deed in its outcome — it wasn’t some prank that didn’t do any harm — it did a lot of harm because it sent out an alert that people can get away with something like this,” [...]

Posted in , | Tagged , | Leave a response

Get your red hot WordPress 2.8.6

By Jan Dembowski on November 12, 2009

WordPress 2.8.6 is out and it’s a security release so update now.
I’m expecting the usual complaints on the support forum but so far it’s been pretty sedate. I’ve been using WordPress since version 1.5.2 and I’ve never had a bad upgrade. Of course, I have a good idea what I’m doing and have never used [...]

Posted in , | Tagged , , | 2 Responses

DNS excitement! Panic at the office!

By Jan Dembowski on July 10, 2008

Well not really panic, just your usual vulnerability patching day at the office.
When I saw Dan Kaminsky demonstrate voice over DNS, I was convinced that he dreams in BIND source code.  It was a neat demonstration.
Now he has uncovered another vulnerability in BIND regarding UDP source port prediction. It’s causing some excitement in the work [...]

Posted in , | Tagged , , , , , | Leave a response

WordPress file monitoring

By Jan Dembowski on June 16, 2008

Over a week ago I complained about WordPress users crying security wolf and not being able to recover their blog when the “Bad Thing(tm)” happens.
Since then a real brawl developed on the support forum that could be summed up like so:

One or more users is insisting that there is an XMLRPC exploit in 2.5.1.
The same [...]

Posted in , , | Tagged , , , , , , , | Leave a response

Sigh, WordPress users and hacking

By Jan Dembowski on June 3, 2008

If you are not running the latest version of WordPress and you get hacked, don’t go to the WordPress forum and tell the world.  Odds are you invited the disaster yourself.
When WordPress 2.5 came out I was disappointed to find that the old version 2.3.x was basically abandoned.  There would be no more planned patches [...]

Posted in , | Tagged , , , , , | 3 Responses

.htaccess to prevent wp-pass.php redirects

By Jan Dembowski on July 10, 2007

See the BUGTRAQ explanation here. By passing arguments to wp-pass.php, the wp-pass.php file will send the requesting browser to the URL that wp_http_refferer points to. By using a simple script the WordPress installation is easily verified as susceptible.

Posted in | Tagged , , | 1 Response

Safari 3 beta, safer and faster?

By Jan Dembowski on June 13, 2007

Security. Sweet.

Security on Safari 3 Beta. Not so sweet.
BetaNews | ‘Day One’ for Safari for Windows Becomes Zero-Day Nightmare
Speed! Sweet.

Speed. Can’t see the increase myself. Not so sweet.
Joel on Software: Apple Safari for Windows: The world’s slowest web browser
Joel updates the post a few times regarding the speed thing. I get a [...]

Posted in , | Tagged , | Leave a response

I don't blog about work

By Jan Dembowski on July 25, 2006

Or what I do for a living. But follow this link anyway:
http://www.matasano.com/log/384/oh-the-bad-crypto-youll-see-an-open-letter/
I don’t know anyone who tries to write there own crypto code (…

Posted in , | Tagged , | Leave a response