Found an interesting article over at OttoPress with some in depth analysis of malware discovered in a theme on a less than reputable WordPress theme site. Seems there are some dodgey sites out there that have infected themes, both free ones and ripped off professional themes. Beware and check the reputation of your themes. It [...]
Archive by Author
w3af web application security testing framework stable released
The latest version of w3af has been released and its a “stable” 1.0 release. To fire it up on Ubuntu only a couple of steps are required: Download the latest version from here: http://sourceforge.net/projects/w3af/files/ sudo apt-get install python-nltk python-soappy python-lxml python-svn python-scapy graphviz tar jxvf w3af-1.0-stable.tar.bz2 ./w3af_gui The first thing to notice is the shiny [...]
Google Dorking WordPress
WordPress is very popular and easy to install. This very accessibility makes it a juicy target for those wanting to collect compromised hosting accounts for serving malicious content, spamming, phishing sites, proxies and web shells. How prevalent is poor WordPress Security? Our Web Tech Report showed that application updates to WordPress are reasonable. Lets try [...]
New WordPress Version Released 3.1.3
Hot on the heels of the release of our new WordPress Security Scanner is a new update to wordpress. The release includes multiple security fixes and hardening. Update your installations now. Various security hardening by Alexander Concha. Taxonomy query hardening by John Lamansky. Prevent sniffing out user names of non-authors by using canonical redirects. Props [...]
Secure WordPress
WordPress Scanner is the latest tool added to our kit. It can be used to test the security of your wordpress installation from an external perspective. No plugin installation is required, our systems will do an external passive analysis of your wordpress installation and highlight wordpress security issues along with recommendations to improve the security [...]
Brute Forcing Passwords with ncrack, hydra and medusa
Lets test some password breaking tools. Password’s are often the weakest link in any system. Testing for weak passwords is an important part of security assessments. I am focusing on tools that allow remote service brute forcing. There are also powerful tools available for cracking encrypted password hashes on a local system. The three tools [...]
New OpenVas Report Option
OpenVas is one the most popular tools we have online, and is an excellent way to perform a thorough vulnerability scan of a system to determine if there are any security issues or holes present. We have in the past couple of weeks added a new “Enhaned PDF” reporting option to our scanner, that is [...]
Web Tech 2011 – Part 2
google.load(“visualization”, “1″, {packages:["corechart"]}); google.setOnLoadCallback(drawChart); function drawChart() { var data = new google.visualization.DataTable(); data.addColumn(‘string’, ‘Type’); data.addColumn(‘number’, ‘Top 1 million’); data.addColumn(‘number’, ‘Netcraft’); data.addColumn(‘number’, ‘Fortune 1K’); data.addRows([ ['Apache', 66.3, 60.1, 28.5], ['IIS', 17.3, 20.0, 55.1], ['nginx', 7.5, 7.6, 0.5], ['Google', 3.0, 5.1, 0.1], ['LiteSpeed', 1.1, 0, 0], ['lighttpd', 0.5, 0.7, 0.1], ['IBM HTTP', 0.3, 0, 7.7], ]); var [...]
