Auto-update convenience: WordPress upgrades itself to fix critical vulnerability

After yesterday’s upgrading of key WordPress plugins to fix a cross site scripting vulnerability, the WordPress team released version 4.1.2, which it described as a critical security release.

“WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site,” the WordPress team said in a blog post announcing the release. The release also fixed 3 other security issues including an SQL injection vulnerability in some plugins.

I got the notification of the new release at past midnight. Years back, that would have meant that I’d need to stay up very late, download the latest release, upload the files to the server and perform the upgrade for each of the site I’m running.

Wi-Fi piggybacking widespread, anti-virus firm warns

While setting up a Wi-Fi network for the PLDT myDSL connection at home earlier this week, I got a timely warning from a press release. Anti-virus company Sophos said many people now use someone else’s wireless Internet connection without their permission.

Sophos said 54 percent of 560 respondents who took their online survey admitted to using other people’s Wi-Fi connection without their permission. The survey is not scientific and I don’t see how you can see a “widespread” trend from it. But it does provide a timely warning to home users who have gone wireless.

Sophos said “many Internet-enabled homes fail to properly secure their wireless connection with passwords and encryption, allowing freeloading passers-by and neighbors to steal Internet access rather than paying an internet service provider (ISP) for their own.”

I don’t know how common Wi-Fi piggybacking is in Cebu or in the Philippines, save for anecdotal feedback from geeks I know. I’ve heard of maybe three persons who said they were able to use an unsecured wireless network.

Still, the absence of reports should not be a reason to be complacent and just leave your home Wi-Fi network unsecured. This absence of reports may be because none have been caught.

And with more mobile devices like phones having the capability to use Wi-Fi, the risk will only get higher.

Usernames, passwords of IT employment site revealed

ISAW or Internet Security and Warfare alerts users of a page in ITPros.ph that contains a listing of its members’ account details, including passwords, in plain text. ITpros.ph is designed to be “the Philippines’ key employment facilitator for the ICT industry.” The page is searchable through Google and when I went over its listings, I […]