Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Full-court Press on WordPress

WordPress has come under some increased scrutiny in recent weeks after some elementary research by a concerned user discovered that the majority of Wordpress-driven sites assessed were running vulnerable versions of the blogging and publishing platform.

Coming at the same time is a report from one of the leading web vulnerability researchers, who admits to taking a virtual axe to the WordPress codebase - trimming out the modules not required for his site, and (most critically) cutting out significant areas of vulnerable code.

These sort of reports should not come as a surprise for most security-conscious Internet users. Most software has known bugs and vulnerabilities, and with no means to ensure all software users are running the absolute latest versions of each product they use, there are going to be numerous places where vulnerable code is exposed to rest of the world (even code that has long been patched).

This is why many vulnerable versions of PHP, Apache, IIS, ASP, ASP.NET, and other products and technologies are scattered across the Internet, and why attackers continue to probe and search for these systems using attacks that are ancient (by online standards) - there are enough systems available to make it worthwhile.

26 May 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.