Wordpress comes up regularly when people think about hosting a website or blog.  It’s popular what is the problem?  Netcraft has some data that will show you the problem.  Security.

WordPress is the most common blogging platform and content management system in the world: Netcraft's latest survey found nearly 27 million websites running WordPress, spread across 1.4 million different IP addresses and 12 million distinct domain names. Many of these blogs are vulnerable to brute-force password guessing attacks by virtue of the predictable location of the administrative interface and the still widespread use of the default "admin" username.

But remarkably, not a single phishing site was hosted on Automattic's own WordPress.com service in February. WordPress.com hosts millions of blogs powered by the open source WordPress software. Customers can purchase custom domain names to use for their blogs, or choose to register free blogs with hostnames likeusername.wordpress.com.

If you are going to use wordpress try hard to use wordpress.com.

Vulnerable WordPress blogs can also be used for other nefarious purposes. A botnet of more than 162,000 WordPress blogs (less than 1% of all WordPress blogs) was recently involved in a distributed denial of service (DDoS) attack against a single website. Attackers exploited the Pingback feature in these WordPress blogs (which is enabled by default) to flood the target site with junk HTTP requests, causing it to be shut down by its hosting company.

Snowden is in Russia.  Wouldn’t it be ironic if he got access to the surveillance data from Sochi?  

Here is a post on the spying at the Sochi Olympics.

But as is often the case, the bigger threat to visitors may be the one they can’t see. As athletes, journalists, and spectators arrive in Sochi, their every electonic move is being watched. All information transmitted in the country via phone and Internet, including text messages and e-mails, is flowing through the Russian System for Operational-Investigative Activities, according to the U.S. State Department’s Overseas Security Advisory Council. The council is warning American travelers that the system, known as SORM, has had an upgrade in Sochi just in time for the games, allowing the Federal Security Service (formerly known as the KGB) enhanced access to communications.

VIDEO: Olympic Games Begin Whether Sochi Is Ready or Not

“The system in Sochi is capable of capturing telephone (including mobile phone) communications; intercepting Internet (including wireless/WiFi) traffic; and collecting and storing all user information and data (including actual recordings and locations),” the U.S. council, which operates as a joint venture with the private sector, wrote in an assessment for its members ahead of the Olympics. “Deep packet inspection will allow Russian authorities to track users by filtering data for the use of particular words or phrases mentioned in emails, web chats, and on social media.” Of course, the terrorist threat at the Olympics is a real one, and the Russian system is authorized under local law, the report says.

There are two data centers in Sochi.  

Rostelecom Commission Sochi 2014 Secondary Data Center

23 March 2012 / Partners News

A Secondary Data Center (SDC) has been provided by Rostelecom for the Sochi 2014 Games. Its purpose is to guarantee the absolute reliability of the main information systems used by the Sochi 2014 Organizing Committee offices in Moscow and Sochi.

The SDC is one of the key elements of the Unified Information & Telecommunications Infrastructure for the Games and provides the complete backup of email systems, MSDynamix ERP systems, MSOCS systems (Office Communications Server), and DocsVision documentation systems, as well as Organizing Committee catalog services. The equipment included in the SDC is located on platforms at the Rostelecom data processing center in Moscow.

Seems like Snowden would have a lot to keep him busy if he got access.

Washingtonpost discuss the problem of the NSA data center being flooded with SPAM.

The NSA's data-collection activities are so resource-intensive, the agency can't complete its new server farms fast enough. But when it does, a significant share of what gets held on those servers could wind up being worthless spam.

We now know the NSA collects hundreds of thousands of address books and contact lists from e-mail services and instant messaging clients per day. Thanks to this information, the NSA is capable of building a map of a target's online relationships.

The abundance of SPAM is probably one of the top reasons so many users try not to use e-mail.

The writer closes making the point that part of what is stored in the NSA data center is lots and lots of SPAM.

Industry reports show spam accounts for an overwhelming share of all e-mail. Other internal NSA documents obtained by The Post's Barton Gellman appear to agree. If what the NSA is downloading is at all reflective of the broader Internet, then it's fair to conclude the agency collects a significant amount of spam and has little choice but to store it — meaning that of the "alottabytes" of storage the NSA brags about in its Utah data center, a heap of them will be filled with junk.

Adobe has a blog post on a recent security breach of their creative cloud.

 

Important Customer Security Announcement

POSTED BY BRAD ARKIN, CHIEF SECURITY OFFICER ON OCTOBER 3, 2013 8:08 AM INEXECUTIVE PERSPECTIVES

Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident. We’re taking the following steps:

And now it looks like it is getting worse.

Ruh-roh: Adobe breach is just the beginning, researcher says

by Barb Darrow

 

51 MINS AGO

1 Comment

• A
• A

SUMMARY:

Other as-yet-unnamed companies have also been compromised, security whiz Alex Holden tells The ThreatPost blog.

tweet this

The Adobe source code breach disclosed last week was scary. Perhaps scarier still is that the perpetrators have hit other as-yet unnamed companies.