WordPress and the World Cup

Naturally, I am a loyal WordPress user as I and millions of others use the platform regularly. With World Cup fever the past few weeks (except the USA), it’s no surprise that botnets and spammers have taken advantage of the opportunity to push advertising and traffic revenue through unsolicited comment links.

I haven’t seen the issue pop up on my two blogs, but perhaps WP’s spam filter is doing a bang up job.

Advertisements

Return

I took a longer hiatus than I expected. As noted on my other blog, I was away due to health issues and needed to take a break. Prior to that was a bunch of school-related events, so it has been over a month since my last post. I’m looking forward to writing about tech, code, and security in more detail again soon (along with the python training I’ve doing the past year). There is so much to catch up on and I’m behind.

Alas, I do have a couple of doozies to share for tonight:

https://www.bleepingcomputer.com/news/security/every-android-device-since-2012-impacted-by-rampage-vulnerability/ (RAMPAGE!)

https://www.bleepingcomputer.com/news/security/all-radio-427-portable-cant-be-removed-then-your-pc-is-severely-infected/ (Miner, trojan, rootkit, and spammer all in one!)

Spectre-NG

As we learned the beginning of this year, securing our computers has become a more difficult and murky process.

Recently, additional security flaws found in Intel processors were discovered by Google’s Project Zero. These new flaws are called “Spectre Next Generation” or “Spectre NG.” Four of the flaws are considered “high risk” whereas the rest are considered “medium.”

Additional architectures and chipsets, such as ARM or from AMD respectively, are still being investigated for similar flaws.

Chipset security is going to be a rollercoaster ride for the coming years as we come to grips with a design and market history of raw performance over security concerns.

PSA: Change Your Twitter Passwords

Maintaining strong security on any publicly accessible platform is incredibly difficult. Sometimes it’s just a matter of human error and bugs that expose sensitive user data. Case in point, Twitter noticed that user passwords were stored in plain text in a user log (I’ve seen a similar bug happen first-hand in my last job). Therefore, they highly advise changing existing passwords, even though no evidence of a breach was discovered.

I went ahead and changed mines today. It’s a sound idea.