Tech Archives -

WordPress 5.0.2 is here

L3gsman — Sun, 23 Dec 2018 13:24:48 +0000

WordPress 5.0.2 is now available!

5.0.2 is a maintenance release that addresses 73 bugs. The primary focus of this release was performance improvements in the block editor: the cumulated performance gains make it 330% faster for a post with 200 blocks.

Here are a few of the additional highlights:

45 total Block Editor improvements are included (14 performance enhancements & 31 bug fixes).
17 Block Editor related bugs have been fixed across all of the bundled themes.
Some internationalization (i18n) issues related to script loading have also been fixed.

For a full list of changes, please consult the list of tickets on Trac or the changelog.

You can download WordPress 5.0.2 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

Thank you to everyone who contributed to WordPress 5.0.2:

The post WordPress 5.0.2 is here appeared first on .

Facebooks Messenger’s app lets people send their location to friends and it defaults to sending a location with all messages

L3gsman — Wed, 19 Aug 2015 10:10:53 +0000

‘Marauders Map’ lets you track friends using FB Messenger: Tool plots a precise location each time someone uses the site

Harvard student has created a digital ‘Marauder’s Map’ that uses location data from Facebook Messenger to pinpoint an individual’s movements
Relies on people sharing their location by default in messages
Map was designed to highlight how much data is leaked from Facebook

By Sarah Griffiths for MailOnline

Published: 14:02, 28 May 2015 | Updated: 16:26, 28 May 2015

Harry Potter may have had a magical paper ‘Marauder’s Map’ but now there’s a digital equivalent that can pinpoint your friends’ locations using information from Facebook.

The extension loads when the Messages tab is opened and ‘scrapes’ the page for location data to show the movement of friends with a startling degree of accuracy.

While some people may see the map as a useful tool, it serves to highlight how much data Facebook’s messaging service shares – and could leave individuals open to stalking, for example.

The post Facebooks Messenger’s app lets people send their location to friends and it defaults to sending a location with all messages appeared first on .

Mac OS is not Panacea from Viruses

L3gsman — Sat, 08 Aug 2015 20:56:59 +0000

Mac OS is not Panacea from Viruses

Added: Friday, August 7th, 2015

Mac has always been advertised as a platform that is relatively safe from malware. This was due to combination of the lower number of users, less attention from security researchers and, most importantly, fewer security holes in Mac OS than Windows. Apple always emphasized its security in the Mac vs PC ad campaign, claiming that Macs don’t get viruses.

However, OS X also has some serious vulnerabilities: for example, one of them exploits a weakness that allows a malicious program to gain access to a Mac and run as though it is the administrator of the system. Such a flaw is known as privilege escalation. By running with admin rights, it can bypass many Apples security features that limit the ability of downloaded code from affecting the deeper functions of the OS.

Security experts criticized Apple for having already patched the flaw in the beta versions of its next Mac OS, El Capitan. The problem is that Apple still hasn’t fixed the flaw in the latest current version of Mac OS, Yosemite. Today this bug has been seen in the wild for the first time: security researchers discovered a new adware installer doing the rounds, which allowed the adware to embed itself into the OS and install itself without requiring the users password.

In the meantime, another exploit will soon be revealed to researchers at the Black Hat security conference. It is known that this exploit uses a bundle of 6 weaknesses in the firmware, which controls the lowest-level functions like fans, power supply units and USB ports. It can allow to overwrite that software with the hackers own code, and 5 of those 6 weaknesses are present on Macs as well as PCs. Since learning about the flaw, Apple has patched two of them, but three still remain unpatched.

Another news is that the security researchers managed to write a proof of concept attack that uses the bug to create a worm, a virus able to spread from Mac to Mac directly. Mac can be infected through a deliberately sent email and then automatically attempt to infect other hardware connected to it. The worm is dubbed Thunderstrike 2 and looks similar to a previous proof-of-concept attack known as BadUSB, which allowed attackers to reprogram USB devices in order to attack hardware. However, even that attack hadn’t been turned into a worm, thus limiting the potential damage.

Posted by:

SaM

Date: Friday, August 7th, 2015

Comments (1) (please add your comment »)

posted by

semphys

(2015-08-08 16:13:41)

You should be using Linux if afraid of Malware. There isn’t any, unless you invite it in like a well known friend

The post Mac OS is not Panacea from Viruses appeared first on .

Adding an Admin User to the WordPress Database via MySQL

L3gsman — Mon, 01 Jun 2015 18:10:06 +0000

How to Add an Admin User to the WordPress Database via MySQL

Few days ago, we ran into an issue where a user’s site got hacked and their admin account was deleted from the database. This locked them out of their site without any other entry. We went in to the phpMyAdmin and created a new admin user to grant them access. In this article, we will show you a step by step guide on how to create an admin user in WordPress Database via MySQL.

Note: You should always make a backup of your database before performing any MySQL edits. This tutorial requires basic understanding of how phpMyAdmin works.

First, you need to login to phpMyAdmin and locate your WordPress database.

Once inside phpMyAdmin;

Once you are in, we will be making changes to the wp_users and wp_usermeta tables. Lets go ahead and click on wp_users table.

phpMyAdmin wp_users table

We need to insert our new admin user’s information, so click on the Insert tab like it shows in the image above. In the insert form, add the following:

ID – pick a number (in our example, we will use the number 4).
user_login – insert the username you want to use to access the WordPress Dashboard.
user_pass – add a password for this username. Make sure to select MD5 in the functions menu (Refer to the screenshot below).
user_nicename – put a nickname or something else that you would like to refer yourself as.
user_email – add the email you want to associate with this account.
user_url – this would be the url to your website.
user_registered – select the date/time for when this user is registered.
user_status – set this to 0.
display_name – put the name you like to display for this user on the site (it can be your user_nicename value as well).
Click on the Go Button

The post Adding an Admin User to the WordPress Database via MySQL appeared first on .

9 Dollar computer made in Oakland Ca Usa

L3gsman — Sat, 23 May 2015 23:44:00 +0000

CHIP – The World’s First Nine Dollar Computer

What can you do with a $9 computer? Just about anything.

A new microcomputer called Chip is hot on crowd-funding site Kickstarter. It promises an easy way to learn how to program with a tiny board that packs Wi-Fi, Bluetooth, and internal storage — something you don’t find in another popular microcomputer, Raspberry Pi.

Watch Update to learn more what the Chip can do, along with news on Google’s Map Maker woes and reports on self-driving cars getting dinged up in California.

The post 9 Dollar computer made in Oakland Ca Usa appeared first on .

WordPress Security Alert

L3gsman — Mon, 13 Apr 2015 20:26:39 +0000

WordPress Security Alert – WP Super cache

Credit: Wikipedia

Upgrade immediately

ITWorld|April 8, 2015

Security firm Sucuri revealed on their blog this week that they had uncovered a persistent cross-site scripting vulnerability in the popular WordPress plugin WP Super Cache. The effects of this vulnerability can be severe as an attacker can potentially insert malicious code into WordPress pages without your knowledge. Anyone who has experienced this type of attack due to a plugin security flaw knows how difficult and time consuming remediation can be.

Cypress North

WP Super Cache is deployed across all of the WordPress sites we host in our data center, and for good reason. The excellent plugin dramatically boosts the performance of WordPress sites while simultaneously reducing load on the web servers. The code for this plugin is mature and stable, rarely requiring updates. That’s part of the reason why it’s trusted by over 7 million websites. It’s popularity makes this security flaw a big concern for site owners.

Cypress North

The update process is quick and easy so you should take the time to log in and click the update now link as soon as you’re able. If you’re fortunate enough to maintain your sites under a multi-site install you’ll be able to take care of this issue in one shot. Otherwise, like us, you’re stuck logging into each installation and manually updating each site like we spent all yesterday doing.

According to the blog post by Marc-Alexandre Montpas:

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

The nonce requirement lowers the odds of the backdoor taking effect since the cached page gets purged periodically, but still, better safe than sorry. The scale of the vulnerable sites makes exploitation an inevitable event. Do your part to protect the web and get updating.

The post WordPress Security Alert appeared first on .

NSA backdoors in majority of computer hard drives around the world

L3gsman — Mon, 13 Apr 2015 17:19:16 +0000

Shopping for Spy Gear: Catalog Advertises NSA Toolbox

By Jacob Appelbaum, Judith Horchert and Christian Stöcker from www.spiegel.de/international

https://youtu.be/b0w36GAyZIA

taken from – InSerbia.info

DPA

Entering through the back door: A State Trooper truck is seen in front of the Fort Meade, Maryland headquarters of the National Security Agency.

After years of speculation that electronics can be accessed by i

A 50-Page Catalog

These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives — from computing centers to individual computers, and from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.

This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets’ data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.

SPIEGEL ONLINE

Interactive Graphic: The NSA’s Spy Catalog

In the case of Juniper, the name of this particular digital lock pick is “FEEDTROUGH.” This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive “across reboots and software upgrades.” In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH “has been deployed on many target platforms.”

Master Carpenters

The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA’s department for Tailored Access Operations (TAO). In cases where TAO’s usual hacking and data-skimming methods don’t suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such “implants,” as they are referred to in NSA parlance, have played a considerable role in the intelligence agency’s ability to establish a global covert network that operates alongside the Internet.

Some of the equipment available is quite inexpensive. A rigged monitor cable that allows “TAO personnel to see what is displayed on the targeted monitor,” for example, is available for just $30. But an “active GSM base station” — a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones — costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.

‘Persistence’

The ANT division doesn’t just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer’s motherboard that is the first thing to load when a computer is turned on.

This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this “Persistence” and believe this approach has provided them with the possibility of permanent access.

Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of the latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.

Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are “remotely installable” — in other words, over the Internet. Others require a direct attack on an end-user device — an “interdiction,” as it is known in NSA jargon — in order to install malware or bugging equipment.

There is no information in the documents seen by SPIEGEL to suggest that the companies whose products are mentioned in the catalog provided any support to the NSA or even had any knowledge of the intelligence solutions. “Cisco does not work with any government to modify our equipment, nor to implement any so-called security ‘back doors’ in our products,” the company said in a statement. Contacted by SPIEGEL reporters, officials at Western Digital, Juniper Networks and Huawei also said they had no knowledge of any such modifications. Meanwhile, Dell officials said the company “respects and complies with the laws of all countries in which it operates.”

Many of the items in the software solutions catalog date from 2008, and some of the target server systems that are listed are no longer on the market today. At the same time, it’s not as if the hackers within the ANT division have been sleeping on the job. They have continued to develop their arsenal. Some pages in the 2008 catalog, for example, list new systems for which no tools yet exist. However, the authors promise they are already hard at work developing new tools and that they will be “pursued for a future release.”

The post NSA backdoors in majority of computer hard drives around the world appeared first on .

WordPress 4.0.1 Security Release

L3gsman — Fri, 03 Oct 2014 09:54:13 +0000

Posted November 20, 2014 by Andrew Nacin. Filed under Releases, Security.

WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours.

If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure.

(We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)

WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:

Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team.
A cross-site request forgery that could be used to trick a user into changing their password.
An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavković of ManageWP.

Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos. Reported by Chris Andrè Dale.

We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 4.0.1 or venture over to Dashboard → Updates and simply click “Update Now”.

Already testing WordPress 4.1? The second beta is now available (zip) and it contains these security fixes. For more on 4.1, see the beta 1 announcement post.

The post WordPress 4.0.1 Security Release appeared first on .