Update: Seems to be working on TP-Link Routers as well (tested on TL-WR841N). Update2: Arcor EasyBox A600 also seems vulnerable. Opening a legitimate looking email on an iPhone, iPad or Mac while using an Asus router with a default or guessable password could compromise the security of…
It’s No Picnic: NBC Websites Hacked
On November 4th, Steven J. Vaughan-Nichols of ZDNet, who covers security, posted on his blog that NBC had suffered a hack on a number of its websites during the early morning of Sunday, November 4th. According to Vaughn-Nichols, as of noon Eastern Standard Time the…
Keeping Your WordPress Blog Secure
If you have a WordPress blog or website, you’ll want a regular chain of visitors. Whether you’re sharing your personal opinions on niche topics or you’re running a business, here are a few tips you can use to make sure your WordPress Blog is secure…
The Aftermath of an Online Attack
If you have a website, whether personal or business, that makes you a potential target for an online attack. After all, cyber crime is at an all time high as hackers can make a living from selling private or corporate data. Some people still don’t…
What can Developers do to Better Protect PII?
A client of mine recently asked me if I had any Web development related tips for dealing with Personally Identifiable Information (PII). With this being an information security 101 type question, I had to think about it for a bit. It then occurred to me…
One Thing That Can Buy You More Web Security Than Just About Anything Else
There is no magic bullet when it comes to web security. That said, there is one thing that can buy you more security than practically anything else. It’s your passwords. Your choice in – and management of – your web passwords can make or break…
HTML Form Found in Redirect Page Web Vulnerability
When creating a password protected section for a website, such as an admin portal for a CMS solution, typically developers check if the user session is authenticated. If the user session is not authenticated, the user is redirect to the login page. Maybe because the lack of…
How Aware Do We Have to be Not to Fall for the Bad Guys Antics?
Criminal hackers are getting more and more creative in their phishing and social engineering attacks on the web. This not only puts your website in the crosshairs but also your own personal information. A common question that comes up is: How do I stay in…
What’s the Best Way to Find Web Security Flaws?
With all of the potential ways the bad guys can exploit websites (literally thousands), many people want to know what the best way is to actually uncover these flaws. Well, there’s no magic bullet answer, however, generally speaking Web flaws can be discovered in one…