WordPress 4.9.1 Security Release

by

WordPress 4.9.1 is now available. This is a security release for all previous versions since WordPress 3.7, and it is strongly recommended that you update your websites immediately.

WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.8.3 Security Release

by

WordPress 4.8.3 is now available. This is a security release for all previous versions, and you must update your websites immediately.

WordPress versions 4.8.2 and earlier are affected by an issue where unexpected and unsafe queries can lead to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but special hardening has been added to prevent plugins and themes from accidentally causing a vulnerability.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

Do You Have Permission to Use That Image?

by

Finding images for your website or brochure can be tricky. There are confusing stock sites, tempting free collections, there is also a Google image search that may look like an easiest option. How to make sure you don’t have to regret your choice later? Theresa Jennings can help with a clear, to the point presentation.

Not a fan of presentations? A downloadable PDF is also available.

Cloudflare now offers unmetered DDoS attack mitigation

by

Cloudflare turns seven this week and it wants to give your network a present. Should your website come under Distributed Denial of Service (DDoS) attack, it will never charge you additional fees, or (and this is important) kick you off the network.

Cloudflare CEO Matthew Prince has pledged unmetered DDoS mitigation, regardless of the size of the attack and no matter what level of service you have from the free tier all the way up to the enterprise level.

This is wonderful news for small business owners. Take advantage of it if you haven’t done so yet.

WordPress 4.8.2 Security and Maintenance Release

by

WordPress 4.8.2 became available today. This is a security release for all previous versions, and you need to update your websites immediately. The update fixes 9 security issues.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

Next steps toward more connection security

by

Google has sent out a warning that HTTP sites that contain forms and other input fields will be marked Not Secure staring this October.

The search giant gave a notice of this a few months ago but has now takes the next step to formally notify those who will be affected with the upcoming change.

The notification states: “Beginning in October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”

The original Google Chrome post can be found here: https://blog.chromium.org/2017/04/next-steps-toward-more-connection.html

WordPress 4.7.5 Security and Maintenance Release

by

WordPress 4.7.5 became available today. The new version addresses 6 security issues affecting WordPress 4.7.4 and earlier releases. It also includes 3 maintenance fixes to the 4.7 release series.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

This Site Will Show You All Nearby Cafes with WiFi Hotspots

by

Available as both an iOS app and a web-based service, with an Android app currently in the works, Cafe Wi-Fi is a map that shows off any available Wi-Fi hotspots at any given area.

Much like the Airport Wi-Fi map, Cafe Wi-Fi relies on a combination of user contributions and third-party sources like FourSquare to populate its map with Wi-Fi hotspots.

Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

by

There is a phishing attack that is receiving much attention today in the security community.

A phishing attack happens when an attacker sends you an email with a link to a malicious website. You click on the link because it appears to be trusted and may either infect your computer or be tricked into signing into the malicious site with credentials from the real website. The attacker then has access to your username, password and any other sensitive information you may inadvertently provide.

This particular phishing attack uses malicious registered domains that look identical to real domains in your browser.

WordFence, the force behind of one of the best WordPress security plugins set up a test case to demonstrate how this attack works in case you are interested in technicalities, but the most important thing to do if you are using Chrome or Firefox is staying safe, and the easiest thing to do when you are about to log into a website you trust is this.

Copy the URL in the location bar and paste it into any program on your device that allows to paste as plain text.

A fake domain will appear as starting with https://xn--. A real website will look exactly as in your browser’s location bar.

In Chrome, you can even copy the domain and paste it right back into the location bar and the fake website’s domain will reveal itself.