Tag Archives: security

3rd DDoS attack today, beginning of a new era

4th Update: 20 min video response by Dale Drew, the chief security officer of Internet backbone company Level 3. 3rd Update: More details emerging “that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware.” says Flashpoint. I’ll continue to update with additional information and important links. 2nd Update: 3rd Attack […]

50 Top Server Monitoring & Application Performance Monitoring (APM) Solutions

Back in 2014, I compiled a list of the top 20 server performance monitoring solutions. Largely because I already had a list saved locally for my own reference. Posting that list publicly was a great way to gain feedback and recommendations on other tools available. In fact, most of the companies listed below were not included in my initial top 20 list. […]

WordPress Plugin being exploited. Delete inactive plugins

For the past few days an increasing number of WordPress websites have been infected by attackers exploiting a vulnerability in the WordPress plugin: WP Mobile Detector. The plugin with over 10,000 active installs was at one point removed completely from the WordPress repository with no patch available. However, as of today the WP Mobile Detector plugin has been patched […]

Review: GrooveHQ’s ‘Free Forever’ Plan, not free forever

Update Aug 20th 2016: You can read similar experiences by other users in the comments section below. List of free forever and paid help desk software worth a try: Freshdesk*, Desk, Help Scout*, HappyFox, Jitbit, Kayako, Deskero*, Enchant, Zendesk, SupportBee, Mojo Help Desk*, Zoho*, Helprace*, Reamaze, Keeping, Bornevia, Firehose Help Desk, Brimir*. *Truly Free Forever plan offered. If you are looking for a Help Desk solution, GrooveHQ works. But so does HelpScout and the others listed […]

OpenSSL Security Updates – Severity: High

A new set of security updates for OpenSSL were just released this morning to address various security vulnerabilities, some of which are considered to be “high” severity. Please update as soon as possible. To update keep an eye open for Linux distro updates via package managers such as yum, apt-get, etc. Control panel updates for cPanel and others will be released over […]

The Sony Hack: An Inside Job. Here’s why…

From day one, as details leaked about stolen system administrator passwords, many of us knew that the Sony Hack had to have been an inside job. The simple reason is that system administrators setup notifications for both denied login attempts and more importantly, alerts for successful logins. These hackers reportedly stole a “System’s Administator’s password” which […]

Poodlebleed vulnerability SSL version 3.0

Google Online Security blog released details of a SSLv3 vulnerability called POODLE attack. Here you’ll find links to all the important info, all in one place! Official website: poodlebleed.com (Test your website against Poodlebleed) Security advisory (PDF download) | Google Blog | Firefox Blog | OpenSSL update | Red Hat | Nice article Fedora Blog | Discussion on […]

CVE-2014-6271: Vulnerability in Bash allows remote execution of arbitrary code

Patch instructions for CVE-2014-6271 and CVE-2014-7169 are at the end of this post. UPDATE 1: Patching Bash may not be the end of this. There’s still discussion regarding if the changes completely fixed or not. UPDATE 2: Another patch being tested. UPDATE 3: From Red Hat “Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can […]

Patched Servers Remain Vulnerable to Heartbleed OpenSSL

If an attacker has already exploited the Heartbleed bug to steal your SSL private keys they can continue to decrypt all past and future traffic even after the vulnerability has been patched. A security vulnerability in OpenSSL called the Heartbleed bug (CVE-2014-0160) has been found. This vulnerability has been open for exploit for about 2 years but was only recently […]