This blog post is a follow-up to yesterday’s post: Security alert: pipdig insecure, DDoSing competitors. Firstly, to re-iterate, my accusations are as follows… pipdig did knowingly and with malicious intent: used other blogger’s servers to perform a DDoS on a competitor manipulated blogger’s content to change links to competitor WordPress migration services to point to… read more →
pipdig, WordPress theme and plugin provider, caught distributing malicious code to customers and DDoSing competitors… read more →
* sorry, I couldn’t help myself. Yesterday I opened my work inbox first thing to a panicked email from a client (Sutton Community Farm) labelled “URGENT” – their website had gone down (again) with a Resource Limit Reached error. I quickly shot off a reply to let them know that this was usually caused by… read more →
Just to confirm, my picture post guessing at a potential XSS vulnerability from over 3 hours ago proved itself to be exactly that. The vulnerability is caused by URLs not being cleaned/escaped properly. By adding JavaScript to the end of a URL, you can effectively execute whatever you like as long as it’s within 140… read more →
A security issue has come to light in FanUpdate (2.2.1 specifically but likely affects previous versions). This only affects those who are still running with register_globals turned on (a very bad idea). The problem — for those interested — lies in show-cat.php relying on an unsanitised $listingid. In an ideal world, show-cat.php should only be… read more →
Because you can never know too much, and it’s about time I wrote a follow-up to my PHP Script Checklist article. 1. Never include sensitive data in a .inc When I started my current job, one of the first things I did was move all of the database connection details (yes, that includes passwords) from… read more →
I’ve added a short note about Cutenews on my Unsafe PHP Scripts page.… read more →
It seems almost ironic that just the other day I was ranting about Tesco’s seemingly mediocre approach to password security, and today we hear that Tesco online store ‘is infiltrated by insider card fraudster’. Customers shopping at Britain’s biggest Internet store — Tesco Direct — are feared to have had their card details stolen by… read more →
Update 31st July 2012: Welcome, new visitors from The Register, Information Age, etc. If you like this post, you may also like my related posts on security. I am a PHP web dev with an interest in scripting, security (XSS, SQL injection etc) and WordPress. If you’d like to work with me, get in touch.… read more →
Six things I do to make developing gutenberg-based WordPress websites easier to develop and maintain.… read more →
Sumptious double chocolate brownies with fresh raspberries and a fruity raspberry swirl.… read more →
A very biscuity Biscoff ‘Cheesecakecake’. Layers of sponge and cheesecake filling on a buttery biscuit base topped with a Biscoff drizzle.… read more →
pipdig, WordPress theme and plugin provider, caught distributing malicious code to customers and DDoSing competitors… read more →
A review of nuud natural deodorant by a self-proclaimed ‘sweaty betty’ and follow-ups after suspicious lumps appeared in my armpits. Includes a statement from the nuud deodorant team.… read more →
The benefits of the Filofax organiser, and tips on organising your Filofax to suit your needs.… read more →
Interwebs
Personal
Home & Garden
Recipes
Work
Reviews