Month: September 2013

“Zero-Day” exploit affects IE users

By Dave Haygarth   September 19, 2013  
Anyone who is using Internet Explorer (especially IE8 and IE9) needs to be aware of a "zero day" exploit that is "in the wild" and affecting users, downloading malicious code to their machines automatically.The episode has prompted the first Microsoft emergency fix-it patch for many months.Along with the patch, there are also several pieces of advice or settings that users should user as a matter of course to protect themselves against the rising tide of hackers and exploits.  These include things like not using a user account on your PC with Administrator rights for day-to-day activities and ensuring that you have an up to date virus scanner installed.There are many articles on the subject out there, including http://www.bbc.co.uk/news/technology-24142934.

WordPress – get yourself updated!

By Dave Haygarth   September 13, 2013  
An important update to the popular WordPress platform was released yesterday, and webmasters were urged to update immediately. It's not unprecedented for Wordpress to strongly word releases like that, but this fix addresses a number of important security issues and vulnerabilities.  WordPress.org’s official announcement says that this release helpsBlock unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij. Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and PreventionWe immediately updated all our clients on the Wordpress Security Updates package, and strongly urge anyone else running a Wordpress site to update immediately.