Script Kiddie Breaks Into v3.9 WordPress

What happens when an enterprising young person is in front of a computer too long?

Oh yes one thing leads to another and WordPress is something to conquer.

It does require patience and diligence.  Every day somebody is finding new vulnerabilities in new and old software (this problem was uncovered by ‘speckz’ poster on reddit).

wordpressscriptkiddieattack

So in the image above (which are snippets of the website¹ that speckz placed). I did not place the details of his analysis because I do not want to get in the weeds (php code etc).

That is what a criminal and good hacker does.  Diligently pursue code snippets until they reveal more information about the website technology.

 

 

The idea is for you to have someone that will keep an eye on your security, preform vulnerability analysis and more.

Either way you will pay some money to someone… Either to ethical hackers or as in the next point from unethical extortionist hackers.

Threatpost² has a story which tells of 30 unsolicited bug poaching incidents.  Here is where the ‘bug poachers’ are telling companies: “You have a bug in xyz software or system” on your premise. Oh and by the way we already stole all your data.

So what you need to do is give us(the poachers) $10,000 so we will tell you where the problem is and we will not use the data we stole for nefarious deeds.

So do you believe these unethical criminal elements?

Paying Extortion is bad because guess what – it will happen again.

What you really need is to spend more money and resources on fixing all IT process problems that are causing this problem in the first place.  How can I say this with certainty?

Here is a quote from the Threatpost post:

“So far, none of the cases investigated use significant zero-day vulnerabilities, but rather tactics that could easily be prevented,” wrote Kuhn
It is a shame that some IT orgs don’t have the wherewithal  to get the resources in place.
 ostrich-head-insand
Am I being too critical? Are we as humans too weak to get the right info tech help that will cause us to have a good defensive umbrella? Is management just incapable of making good long term decisions?
The right methods in my opinion are the following:
A Next Gen Firewall,
Patching your systems within 30-60 days after new patches come out –(all patches should be performed after a good test)
Testing everything even though every function has been performed – there is no way around this “testing” as stuff happens and there is too much at stake for mistakes.
The problem is 1 mistake causes problems and problems turn into breaches … and extortion, ransomware etc.  script Kiddies are coming and they are not stopping… Because they can.
  1. https://notehub.org/5zo2v
  2. https://threatpost.com/hackers-find-bugs-extort-ransom-and-call-it-a-public-service/118360/

 

Contact Us to discuss

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.