security

Configure SSH2 Access for Updating WordPress

May 3, 2012

WordPress is one of the most popular blogging platforms on the Internet. One of the first things I do when I setup a new WordPress installation is harden it. You can read about a number of my suggestions in the article Secure Your WordPress Installation. However, one of the more complex activities I undertake is [...]

Read the full article →

Secure your WordPress Installation

May 17, 2011

WordPress is an extremely popular web platform with about 7% of all websites running WordPress. That large a population means that attackers have a rich environment to exploit your installation. There have been historical attacks and worms written specifically to target WordPress. Even highly visible bloggers weren’t immune to the attacks. However, there are some [...]

Read the full article →

CloudEngines Plugs Security Flaw in Pogoplug with Firmware 2.1

March 25, 2010

In my original Blog Post entitled Beware the Pogoplug I pointed out a rather serious security hole in the Cloud Engines‘ Pogoplug device. That security hole allowed public SSH access into the device, as long as the device was reachable over the Internet or a Wi-Fi connection. CloudEngines’ even published the root password you needed [...]

Read the full article →

Beware the PogoPlug

January 27, 2010

Today marks a milestone for me.  I started a blog.  I have no idea how long I’ll write this, but something I found out recently compelled me to share what I know.  I was completely and totally shocked at what I found and the implications of this security hole, in my opinion, are staggering.  I [...]

Read the full article →