MSWEB Network Solutions » security

WordPress 3.1.3 Update

marvin.salazar — Thu, 26 May 2011 12:59:14 +0000

WordPress.org announced a new update available.

Download WordPress 3.1.3 or update automatically from the Dashboard → Updates menu in your site’s admin area.

This is a security update for all previous versions. It contains the following security fixes and enhancements:

Various security hardening by Alexander Concha.
Taxonomy query hardening by John Lamansky.
Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
Improves file upload security on hosts with dangerous security settings.
Cleans up old WordPress import files if the import does not finish.
Introduce “clickjacking” protection in modern browsers on admin and login pages.

For more info please visit the WordPress change log

For all MSWEB Network Client’s if you do not know how to update your WordPress powered websites. Send us a ticket at support@mswebnetwork.net so we can update your WP installation for free!

The Philippines Best Web Hosting Provider, MSWEB Network Solutions shares awareness and security to all our friends and business partners and to all netizens to promote better and safer internet use.

Send in your comments and share your insights and thoughts about this new WordPress update. Visit us at www.mswebnetwork.net

Security Alert for WordPress Users

marleo.salazar — Mon, 04 Apr 2011 08:20:59 +0000

Dear Valued Clients,

We have received a number of hacking incidents for the past few days. We have investigated the matter and found out that unwanted plugins on a WordPress installation caused the incident. We have instructed also our server administrator to tighten the security measures on all servers.

If you’re using WordPress for your website, kindly remove/delete any unwanted plugins on your WP installation. We also suggest that make it a regular habit of checking if you’re using the latest and stable release of WordPress or any 3rd party script you are using for your website. If you’re not, please make the necessary update. If you’re not sure how this is done, please let us know and we will do it for you at no extra cost.

http://codex.wordpress.org/Updating_WordPress

Another good thing to do is to secure your username and password for your WordPress installation.

http://www.webreference.com/authoring/10-wordpress-security-tips/

Hope that the following information that we have provided you above will help you.

Please do let us know if you require further assistance.

Thanks and more power!

Sincerely,
MSWEB/8finity Management

Adobe Flash Player Denial of Service Vulnerability

marvin.salazar — Tue, 16 Nov 2010 12:02:08 +0000

Adobe Flash Player Denial of Service Vulnerability
November 15, 2010

Adobe Flash Player is web standard for multimedia player. A denial of service vulnerability is present in some versions of Adobe Flash Player. A flaw is present in the input validation condition and affects Windows, Mac OS X, Linux, Solaris, as well as Android clients. Successful exploitation could allow an attacker to cause affected systems to crash. Exploitation requires an attacker to convince a user to visit a malicious web page.

Source from McAfee Threat Feed

Keep all your password in a safe box!

marleo.salazar — Fri, 05 Mar 2010 11:14:31 +0000

One password to rule them all! Har har har! Well that is really convenient in keeping tabs on all my social networking sites as well as my emails or my hosting account! Worked so far… but until when?

Most of us uses one password. We may even have a full dozens of other variations of our nickname, our loved ones our favorite pet, etc, etc. These are still basic passwords dude! You uses that on your facebook, friendster, your gmail etc. Now would you think that is nice?

You thought to yourself, no big deal in that… Heck yah, using the same password for my facebook or my friendster would not hurt at all. Well think again! What happens if someone was able to access your facebook account and got all your contacts? What if that person traces your browsing history and found out you added farm coins and cash to your farmville account using your paypall or credit card? Not that it’s just $5 for 25 farm cash but would you like someone to see your transaction?

We normally take for granted the that, when we are using our username, email address and we are using the same passwords on dozens of sites we are relying on the encryption that site is offering. In Your master key is copied on every site you uses and that we are trusting them to keep their site secure and that our sensitive information will not be compromised? Big deal ‘ey?

How about this, one guy posted his email on a forum. Then this bad guy saw his email address then tries a couple of password combination, or then uses dictionary attack to crack the email?. After a few mins or hours, presto! Read a couple of email in your inbox and found out that you have a paypal account. Tries your email password for your paypal account, you unforunate soul uses the same password as your unified master key to all your accounts!

Dude have a strong and diverse password everytime is now necessary! It is as a necessity as your antivirus having spyware protection as well as malware dection capability! If you don’t practise strong and diversified password combination that is different on every site or application you use, then you should not complain if you get compromised because of your negligence. Plain and simple! Dude it’s your fault!

So I, like many of you pinoys out there who have short-term memory like Dory who inheritted the symptom from their father side (or is it mother side?) use a password box to store all your keys. There are hundreds out there, be it free or commercial, its a must to use one! Here’s the one I use for my home pc: www.keepassx.org try it don’t worry it’s free.

But then you say, I want to use the password manager and I then login to a computer in the corner internet cafe, then someone steals my password because I didn’t know that it has keylogger installed or tons of spyware and malware that should not be my fault? Your password manager is useless. Dude first of all you shouldn’t use any public computers for your personal transactions. It is a mortal sin to use public computer on your bank transactions! Don’t even think about it! Second most of this password manager, vault, keeper, etc has those little things called master password. So if your precious mac or dell laptop got stolen you should feel safe as long as you have backup of course. Lastly if your computer has rootkit and is zombie that is being controlled by another user and they snatched the form you completed, well your as good as dead anyway and you learned your lesson for not running a good and reliable AntiVirus protection.

Now we have learned to make good practise of strong password, good and reliable antivirus as a mandatory protection for our sensitive data and as well as our online fate. Now let us download a password manager of our liking and atleast keep our sensitive data safe, or alteast minimize the impact of the damage in the tide of a security breach.

This security tip is provided for you by The Philippines Best Web Hosting Provider www.mswebnetwork!