The blog link below tested 1000 wordpress plugins and found 103 vulnerable plugins. and some of those have not been patched (I am listing the 20 NOT PATCHED plugins below). http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html I have alphabetized the listing – and started doing some manual checks on versions at wordpress.org plugin listings. I cant find the first … Read more
UTM is an acronym for Unified Treat Management but it really is just another name for “New” Firewall. NGFW is an acronym for Next Generation Firewall – and it was the literal explanation that the marketers of Cisco/Checkpoint/Fortinet wanted to make a distinction with the older packet filter firewalls. The marketers at Watchguard wanted to … Read more
The old firewalls are port filtering devices… I.e. web is allowed out (from in your network to out the Internet and back). But is the traditional firewall enough for next year 2016? Are you really going to skate another year? these guys are pushing the envelope: “Don’t waste time worrying – spend time … Read more
The keynote speaker of Troopers15 has an interesting presentation (on youtube now ) https://www.blackhat.com/eu-15/briefings.html https://www.youtube.com/watch?v=rarpym8JJXQ Some of the good quotes: Doing something better must be better than doing nothing? “Wrong. Paddling hard in the wrong direction doesn’t help just because you want it to” “You must never confuse faith that you will prevail in the end—which you can … Read more
BlackHat2015 Europe has an interesting presentation on Backend-as-a-Service https://www.blackhat.com/docs/eu-15/materials/eu-15-Rasthofer-In-Security-Of-Backend-As-A-Service.pdf the image above explains in a picture what the backend is – i.e. an app uses the BaaS SDK (Software Development Kit) functions to connect into the cloud. Cloud can be Parse, Cocoafish, StackMob, Kinvey, Cloudmine, AmazonwebServices, BAASBOX, and mobeelizer. These “cloud services” have specific … Read more
