Freelance Word Punk

[THIS SITE IS NO LONGER BEING UPDATED - IF YOU HAVE ENDED UP HERE YOU ARE IN THE WRONG PLACE, PLEASE CLICK WWW.HAPPYGEEK.COM TO VIEW NEW CONTENT BY DAVEY WINDER]

Sunday, October 05, 2014

White hat hacker warns CMS plugins are leaving the security door wide open

As well as being CEO of penetration testing specialists High-Tech Bridge, Ilia Kolochenko is also perhaps unsurprisingly a white hat hacker of some repute. Equally unsurprising is the fact that he has warned that security vulnerabilities in leading CMS platforms such as Drupal, Joomla and WordPress are effectively leaving the security door wide open for hackers to walk through. Kolochenko refers to the threat posed by old plugins, passwords and extensions as being the 'Achilles heel of popular CMS' and for good reason. High-Tech Bridge regularly tests popular CMSs via the ImmuniWeb online penetration testing service and equally regularly, sadly, discovers vulnerabilities therein. It follows a strategy of responsible disclosure, which I'm all in favour of, whereby any vulnerabilities are reported to the vendor with immediate effect but no public disclosure (other than a broad statement without exploitable details) is made for three weeks. This gives the vendor ample time to do something about it, and should encourage those who are a bit slow off the mark to focus attention on a fix. All without alerting the bad guys as to how to create code to exploit the hole.
Newer Post Older Post Home

Blog Archive




Co-founder of IT Security Thing Ltd, Davey Winder is a three time winner of the Information Security Journalist of the Year award (2006/2008/2010) and received the prestigious Enigma Award for his lifetime contribution to information security journalism in 2011.



Simple theme. Powered by Blogger.