For Internet Explorer 11 users, no update now means no security fixes

When Microsoft released the Windows 8.1 Update, IT feathers were ruffled by Microsoft's decision to make it a compulsory update: without it, Windows 8.1 systems would no longer receive security fixes. As spotted by Computerworld's Gregg Keizer, Microsoft is applying the same rules, at least in part, to Windows 7.

Windows 7 users who've installed Internet Explorer 11 are required to install the KB2929437 update. This is the Internet Explorer 11 update that corresponds to the Windows 8.1 Update; it doesn't just include security fixes for Microsoft's browser. There are also some new and improved features, including a more capable WebGL implementation and some additional high performance JavaScript features. If users don't install the update, Windows Update will not provide any more security fixes for their browser.

For the next couple of months, Microsoft is actually still making security fixes for the original Internet Explorer 11 on Windows 7 release, but anyone who wants to use them will have to either download and install them manually, or install them through Windows Server Update Services (WSUS), Windows Intune, or System Center Configuration Manager. Even this avenue will end in August. This will give conservative corporations only a limited amount of time to actually test and validate the updated Internet Explorer 11.

Read 5 remaining paragraphs | Comments

ManageWP Shows Lack of Concern for Security by Running Insecure Version of WordPress

When it comes to the security of websites, what we see over and over is that the basics are not even being handled by people that shouldn’t have a problem doing it. If you are running a WordPress website then part of Security 101 is keeping WordPress up to date, as it prevents your website from being hacked due to a known vulnerability in an older version of WordPress. Unfortunately, that isn’t being done in many cases as can been seen in the fact that only 40 percent of WordPress websites were running the latest series of WordPress in the data set we looked at in March.

You would think that providing better management tools would help this situation, though the example of one of the providers of such a tool would say otherwise. ManageWP describes its services as providing you the ability to “Manage all your WordPress sites from one place – including updates, backups, security and more.” You would certainly expect they would be keeping the WordPress installation powering their website up to date, but they’re not:

ManageWP is Running WordPress 3.5.2WordPress 3.5.2 is over ten months out of date and there have two subsequent releases with security updates (3.6.1 and 3.8.2).

ManageWP’s failure to take handle a basic security task is sharp contrast to their claims of security. For example, they claim

Securing ManageWP and the sites we interact with has always been our highest priority. We use state-of-the-art encryption and security standards that go above and beyond what WordPress, itself, offers, to ensure that your sites are protected.

On another page they make a series of claims about their security:

How ManageWP Is Secure

  • We have a full-time security specialist
  • We regularly perform penetration testing
  • No credit card information stored
  • No WordPress passwords stored
  • OpenSSL encryption
  • ManageWP is built on top of WordPress
  • Account password encryption
  • White hat reward program

If you are security specialist who fails to make sure such a basic security measure is taken then you probably should find another profession.

Another bad sign for their concern for security is their integration of Sucuri.net’s deeply flawed malware scanning into their service.

 

 

After reaching 51% network power, Bitcoin mining pool says “trust us”

The GHash mining pool says that the Bitcoin community shouldn’t worry at all about the fact that it has recently breached the 51 percent threshold of the total cryptographic hashing output on several occasions.

“Our investment, participation, and highly motivated staff confirm it is our intention to help protect and grow the broad acceptance of Bitcoin and categorically in no way harm or damage it,” Jeffrey Smith, the CIO of GHash.io, said Monday in a prepared statement to Ars. “We never have and never will participate in any 51 [percent] attack or double spend against Bitcoin. Still, we are against temporary solutions, which could repel a 51 [percent] threat.”

Smith did not immediately respond to Ars’ request for further comment.

Read 8 remaining paragraphs | Comments

SHODAN – Expose Online Devices (Wind Turbines, Power Plants & More!)

SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners. Web search engines, such as Google and Bing, are great for finding websites. But what if you’re interested in [...] The post SHODAN...

Read the full post at darknet.org.uk