Ryan Boren the lead developer of WordPress Team has just announced the release of WordPress 2.8.6 Security update throughwordpress logo WordPress Update WordPress 2.8.6 Security Release WP blog. The release fixes two vulnerabilities relevant only for blogs having more than one authors like my another site Hacking Discussion as they can only be exploited by registered, logged in users with posting rights. In his blog post Ryan Boren suggests webmasters having untrusted authors to switch and update to WordPress 2.8.6.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
[click to continue…]
Vista is one of those operating systems that was “good enough” for release. Some users are finding that it does not work like XP, icons have been changed, menus have been rearranged and some features are harder to find. I can see how the average home user (most of you) out there could be confused by this. This post might help you sort some of those out. The first thing is there is no more BOOT.INI file available in msconfig. So? This file was used to change your boot if you had multiple operating systems installed. Vista has something called BCEDIT which is not user friendly; I do not recommend using it. What can you do? what can you do? download Vista Boot Pro, this freeware program offers an easy to use interface, click the options you want, select the OS to Boot first and click Apply. How did the big guns at ZDNet manage to miss that? Problem number one, solved.
Next on the list is the buried display settings problem. Burying and hiding settings from users is not a good thing but I don’t really feel that this is what they have done. Sure, you have to right click on your desktop and go down to Display Settings but if you have a sufficiently large display with a resolution of at least 1024 x 768 you won’t have to scroll to find it. Yeah, it could be annoying but if you think about it, it is more logically organized.
[click to continue…]
Vista is far from perfect but it’s possible to make it a little more perfect and a little more useful by downloading and installing some free utilities for it. If you have no idea where to start or which programs to look for, here are some that will get you well on your way.
These are not listed in any particular order but are grouped by category.
Vista Optimizers
Vista may not operate the way you want, right out of the box and besides removing some startup entries, these programs will do their best to optimize and configure Vista to operate the way you want and not the way Microsoft thinks you want it to operate.
Tweak VI, this program is designed to optimize your processor, hard drive access and various other features to make Vista just a little faster. There is an “Auto Optimize” button that will take care of it for you but note that could turn off some of the more advanced features that you may actually use. Thankfully, it has a built in “Settings Restore” feature in case you don’t like the changes it makes. Available in both free and pay versions.
Advanced Windows Care is another tweaking program but of a different nature. This is kind of an “all-in-one” optimizer, malware immunizer/scanner and junk file/registry cleaner. It works as advertised and is very effective at immunizing against many common malware threats (mostly spyware and malicious cookies) and the registry cleaner not only deletes errant entries but can also “repair” and “optimize” entries that are not functioning as they should be. It will also help you optimize your startup programs. Available in both free and pay versions.
CCleaner is a rather simple utility but is nonetheless effective. It’s sole purpose is to clean out junk files and errant registry entries, however, it can only delete registry entries and cannot repair them. I have found it best to run Advanced Windows Care first to repair and delete entries and use CCleaner to catch anything that Advanced Windows Care may have missed. Completely free but the author accepts donations.
[click to continue…]
A security breach shows failings in security rules.
Tens of millions of credit cards could be at risk of fraudulent use thanks to a serious computer-security breach at financial-transactions company Heartland Payment Systems. Earlier this week, Heartland revealed that a piece of malicious software, apparently installed inside the company’s transaction-processing system last year, had compromised credit-card data as it crossed the network.
The breach was announced on Tuesday–the day of the U.S. presidential inauguration–and, according to some experts, it shows that attackers are successfully defeating the financial industry’s tough computer-security rules. “The potential is certainly there for this to be one of the biggest, if not the biggest breach we’ve seen,” says Rich Mogull, founder of computer-security consulting company Securosis. “Something huge had to have gone wrong here.”
It’s not clear precisely what kind of malicious software was used, or how many credit-card accounts were compromised. But company president Robert Baldwin has said that Heartland handles as many as 100 million transactions per month.
From a consumer perspective, the level of danger stemming from the Heartland breach is uncertain but significant. Heartland has declined to say which merchants were involved in the fraudulent transactions, or how long the malicious software was operating. But the company serves more than 250,000 locations, with a particular focus on small businesses such as restaurants and hotels.
Heartland has created a website to answer customers’ questions regarding the break-in. Some credit-card companies are already notifying subscribers, and others may simply issue new cards. But consumers have been warned to keep a close eye on their statements. Most credit-card companies will cover the cost of unauthorized activity completely, as long as the fraud is reported within several months.
Heartland executives say that their first danger sign came in the form of warnings from MasterCard and Visa regarding suspicious transaction activity related to the company’s business. Heartland hired forensic computer specialists to investigate, and last week discovered the malware on its system, according to statements issued by the company.
[click to continue…]
