Tag: Security

Posted on

WordPress 3.6.1

WordPress 3.6.1 is now available.

Summary

From the announcement post, this maintenance release addresses 13 bugs with version 3.6.

Additionally: Version 3.6.1 fixes three security issues:

  • Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE pending.
  • Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij. CVE pending.
  • Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE pending.

Additional security hardening:

  • Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.

A full log of the changes made for 3.6.1 can be found at http://core.trac.wordpress.org/log/branches/3.6?stop_rev=24972&rev=25345.

WordPress 3.6.1

Posted on

Impostors at Google Play

Plant vs. Zombies 2 was only available for iOS at launch. It is not yet announced when this game would be available on other platforms such as Android. As always, Android Community is trying hard to stay classy.

For some reasons there are numbers of fake Plants vs. Zombies 2 game at Google Play. Fake developers impersonating real companies.

Take a look at the screenshots from Google Play:

Impostors at Google Play 1

“Plants Vs Zombies 2” by Gameloft Ltd.
The last time I checked, Plant vs. Zombies 2 is a game by Popcap, an Electronic Arts company.

This “Gameloft Ltd” company apparently also makes games such as Minecraft Pocket Edition, Hay Day and Injustice Among Us. It is obvious that the three games mentioned are actually made by different companies.

Curiously, there’s another “Plants vs Zombies 2” by Heather Kountz at Google Play. This “Heather Kountz” also makes games such as Minecraft Pocket Edition, Clash of Clans and Injustice Among Us.

Shocking!

Impostors at Google Play 2

Few days later, both “Gameloft Ltd” and Heather Kountz” disappeared from Google Play, conveniently replaced by “Suzanne Lally” and “EA Games Apps”.

Impostors at Google Play 5

Screenshot_2013-08-26-01-52-46

Impostors at Google Play 3

Impostors at Google Play 4

Please be careful downloading Apps from Google Play. Watch for the impostors.

Posted on

Malware Alert: System Care Antivirus

Yet another Malware sighting, and this one disguised itself as “System Care AntiVirus”. I use both Malwarebytes Anti-Malware and Microsoft Security Essentials to get rid it. Internet Explorer seems to be the entry point of this Malware on this particular computer.

System Care Antivirus

Posted on

Phishing Alert: Google Apps Edition

There has been a lot of Phishing email for the past week and this one pretending to be coming from Google Apps.

Should you be receiving this type of phishing email, do not click on the link under any circumstances.

You can:

Phishing Spam Google Apps

Posted on

Apple Developer Center is Mostly Up

Apple-Developer-Center-System-Status-20130726

It has been one week since Apple took down its Developer Center Website due to security intrusion. At this point most of Apple Developer Center is back online including iOS and Mac Dev Centers. Apple developers with expiring paid memberships are given some extra time to renew since Program Enrollment and Renewals section of the website is still not operational.

Apple-Developer-Center-Message-20130726

Apple iOS team is reportedly ready to distribute the next iOS 7 beta sometimes early next week.

Proudly powered by WordPress