This is the third of 3 posts; this post describes how I audited the auditors and my perspective on the whole thing.
Read the first post (background) and the second post (audit results).
This is the third of 3 posts; this post describes how I audited the auditors and my perspective on the whole thing.
Read the first post (background) and the second post (audit results).
Filed under ACL, Audit, Case Files, Data Analytics, Scripting (ACL)
On 4/13/11, WordPress announced it suffered a root-level hack of their servers and that “anything on those servers could have been revealed.”
Nothing is said about WHEN the hack occurred. From experience, I can tell you that you generally don’t announce a security incident until you’ve investigated it thoroughly, and that can take at least a day, sometimes more, depending on whether you have experts in-house or can get them in a hurry.
This attack directly affects only blogs or accounts hosted by WordPress (in other words, your blog URL ends with “wordpress.com”. If you host your own WordPress blog, you are indirectly affected. How? Since WordPress source code may have been compromised, attackers may be combing through it to find vulnerabilities that will allow them to attack any blog running WordPress, regardless of where it’s hosted.
If you have a blog or account that is hosted at wordpress.com, at least do the following immediately:
A couple of weeks into a new job, I was told that I was now in charge of the Internet firewall. I suddenly realized I had two major problems:
Filed under Security, Security Scout
Having a system go down is no laughing matter. But if you’re going to notify your users, why not do it with a little humor? It will work as long as you don’t flash the message too often.
I received the following pop-up message below from Yahoo today.
Filed under Humor/Irony