Verify your Apache HTTP Server configuration Apache HTTP Server issues may also be a result of a misconfigured Apache httpd.conf configuration file. Going over the whole configuration file searching for typos may be a cumbersome task, but thankfully Apache provides a way to scan your…
The Internet of Things; Technological Paranoia Brought to Life
An emerging development which is a growing risk to security is the ‘internet of things’ (IoT). This refers to appliances which are connected to the internet and can, therefore, be hacked just as a computer can be. While their functionality might be limited, there have…
Anthem Inc hack; why healthcare insurers need to raise their bar on cyber security
It’s been known for some time that healthcare information is a target for hackers, also that the motivation for these thefts has diversified. Such data is now used not only for identity theft but is believed to be targeted by countries such as China for…
WordPress Security Tips Part 10 – Secure Your Debug Logs
During development of plugins or themes, as well as during deployment of a WordPress site, developers or system administrators may enable debug logs to log any PHP errors that occur. WordPress makes use of the WP_DEBUG constant which is defined in wp-config.php. The constant is…
Don’t Let a GHOST Vulnerability Haunt Your Systems
This week a new Linux vulnerability called GHOST (CVE-2015-0235) has been published and subsequently patched, including an update to Acunetix, which can now detect the vulnerability in both its online and on-premises forms. While some cited GHOST as being as dangerous as Shellshock or Heartbleed,…
With DDoS attacks on the rise, could you be a botnet zombie?
A report recently published by Imperva has reported that more than half of web traffic comes from bots rather than human visitors. They have also noted some changes in the type of bots observed, including a predictable yet worrying trend in impersonator bots, which now…
WordPress Security Tips Part 8 – Restrict Direct Access to Plugin and Theme PHP files
Allowing direct access to PHP files can be dangerous for a number of reasons. Some plugins and theme files can contain PHP files that are not designed to be called directly because the file would be calling functions that would have been defined in other…
Obama’s State of the Union address highlights cyber security
In the aftermath of the Sony Pictures attack and now the hacking of the Pentagon’s social media accounts, the introduction of tougher cyber security laws has been inevitable. The main points to take from these new laws is that it will no longer be only the attacker…
WordPress Security Tips Part 7 – Enabling HTTPS for all logins and wp-admin
Strictly speaking, HTTPS is not a protocol in and of itself, but it is rather HTTP encapsulated in TLS/SSL. TLS, or SSL, as it is commonly referred to, provides websites and web applications with encryption of data being transmitted and authentication to verify the identity…