Security Ripcord

Login Warning Banner – WordPress Plugin

October 30th, 2007 cutaway Posted in Blogging, Login Warning Banner, Wordpress 2 Comments » 5,449 views

I have created my first WordPress plugin titled “Login Warning Banner” to address a simple security concern. From the plugin readme file:

Login Warning Banners are important aspects for system security. WordPress blogs present a unique challenge as they are designed to provide remote access to multiple users through a publicly accessible authentication mechanism. By using a pre-authentication Login Warning Banner the blog administrators can
be certain that individuals attempting to access the blog have been informed about permissible activities and potential monitoring pertaining to accessing the resource. For more information please refer to the following resources.

Resources:
– [CIAC INFORMATION BULLETIN - J-043h: Creating Login Banners] (http://www.ciac.org/ciac/bulletins/j-043.shtml)
– [Whitepaper WP-007: Login Warning Banners] (http://www.unixworks.net/papers/wp-007.pdf) by Bob Radvanovsky

You can download the Login Warning Banner plugin from the WordPress Plugin site. You can also monitor the plugin’s home page for updates and other information here at Security Ripcord.

If you have any comments or recommendations please post them in the comments section here.

Go forth and do good things,
Cutaway

Technorati Tags , , ,

Security Ripcord New Look

September 28th, 2007 cutaway Posted in Wordpress No Comments » 3,089 views

Did you notice?

I decided to update so that I could start taking advantage of WordPress Widgets. I also am following a suggestion of a web developer friend of mine. He recommended that instead of using static pages for the rest of my website I use the “Pages” feature built into WordPress.

The transition was fairly straight forward. I did have to hunt some things down, update the CSS of this theme a little, and modify the header and footer a little bit. The biggest edit was going back and updating all of the “quote” sections and converting them to the standard “blockquote.” That way I can be more consistent in the future.

Leave a comment and tell me what you think. Also, if you see something strange or experience weird behavior, let me know so I can update it quickly.

Go forth and do good things,
Cutaway

Technorati Tags

Site Taken Down For WordPress Security Problem

July 31st, 2006 cutaway Posted in Blogging, Security, Wordpress No Comments » 1,917 views

Some of you may have noticed that the site was down for a couple of days. This was because of an apparent flaw with WordPress. While I was attending the ACUTA conference in San Diego I decided to catch up on the news. I am glad that I did because I noticed that Darknet had an entry about a newly discovered security vulnerability with all versions of WordPress below 2.0.4 . Unfortunately his actual site was down and I was not able to read the full article. So I made a quick judgment call and decided to take the site down until I understood more about what was actually happening.

Now that the Darknet site is back up, and I am able to get online, I see that the problem lies in allowing anybody to register for an account. I am not actually sure of the exact problem except that it would lead to escalated privileges for the user. As stated in his article the temporary fix for the problem is to not check the "Anyone can register" box in the "Options" management tab. I have verified that I had already disabled this setting and now that site is back up. I will, however, update to the new version of WordPress which is version 2.0.4 once I get a chance (i.e. after I back everything up ). You should do this as well.

Go forth and do good things.
Cutaway

Technorati Tags , , , ,