Tech News Websites Not Taking Basic Security Measure With Their Websites

When it comes to improving the security websites one of the biggest problems we see is that there is so much bad information available on the Internet, especially the information coming from companies trying to sell security products and services. We would hope that news organizations would provide the public with a source for better information, but most of the security reporting we see in technology news websites is just as bad as anywhere else. Their lack of security knowledge also impacts their own websites as we see that they are not taking basic security measures with their websites and therefore leaving them vulnerable.

We found three prominent technology news websites that are running very out of date versions of the Drupal software. Keeping software up to date on a website prevents known vulnerability being exploited and we have found that when vulnerabilities in website software are exploited it almost always due to a vulnerability that has already been patched in a newer release of the software.

ITworld

ITworld is Running Drupal 6.19ITworld is running a version of Drupal that is nearly three years out of date – the next version was release in December of 2010 – and they have missed three security releases.

InfoWorld

InfoWorld is Running Drupal 6.16InfoWorld is running a version of Drupal that is nearly three and half years out of date – the next version was release in June of 2010 – and they have missed four security releases.

Network WorldNetwork World is Running Drupal 5.14

Network World is in much worse shape than the other two organizations as they are using Drupal 5, for which support ended back at the beginning of 2011. They haven’t even bothered to at least make sure they are running the most recent version of Drupal 5. In fact they haven’t updated it in over four and half years - the next version was released in January of 2009 – and they missed the last nine security releases for Drupal 5.

aidSQL – PHP Application For SQL Injection Detection & Exploitation

aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. The tool provides pen-testing capabilities for MS-SQL 2000, MySQL 5 and the author promises to add Oracle 10g support – but...

Read the full post at darknet.org.uk