My Journey From InfoSec to Web Dev and back to InfoSec

28th February 2019

My journey started back in 1999, I was 15 years old, and I just double-clicked the file “picture.jpg.exe” which was sent to me by a friend over either Yahoo or MSN messenger. Nothing seemed to happen at first, then the next minute the tray for my cd drive opened and then my screen flipped upside […]

Read Post...

WordPress urges installations from version 3.7 upwards to be updated ASAP!

15th December 2018

WordPress have pushed version 5.0.1 which is a security release and are urging anybody from version 3.7 upwards to update to this. The update includes several vulnerability fixes, mostly privilege escalation attacks for already existing WordPress users but also XSS attacks as well. For more information please click here for the official WordPress release notes.

Read Post...

Facebook bug exposes 6.8 million users private and unpublished photos

This weeks theme seems to be API bugs and broken access control. Earlier this week Google announced it accidentally made accessible peoples private information through their Google+ API ( see article here ). Now it’s facebooks turn, Facebook developers announced that an error in their Photos API allowed external app developers to access photos that […]

Read Post...

phpMyAdmin Critical Security Update

12th December 2018

phpMyAdmin has just recently released a critical security update and is urging their users to update as soon as possible ( https://www.phpmyadmin.net/news/2018/12/11/security-fix-phpmyadmin-484-released/ ) The three main vulnerabilities it fixes are a local file inclusion bug, cross-site request forgery ( CSRF bug ) and lastly a cross-site scripting bug ( XSS ). Another strong recommendation is […]

Read Post...

Google+ to shut down earlier due to security issues

11th December 2018

Google+ has announced it’s going to shut down 4 months earlier in April 2019 rather than August 2019 due to a security concern that could affect the personal data of over 52 million users. Google engineers discovered the flaw in their API on the “People – get” endpoint. The issue was that data was available […]

Read Post...

7 security recommendations for keeping your WordPress site secure

27th November 2018

Plugins and Themes  Keep it updated New vulnerabilities are found every day and as soon as they come out your website is at risk. Good software developers will get straight on it and release updates to keep you secure. Don’t delay and update your site straight away. You need to login to WordPress every day […]

Read Post...