Email
Password
Remember meForgot password?
    Log in with Twitter

article imageSerious security vulnerability puts WordPress and Drupal at risk

By Walter McDaniel     Aug 7, 2014 in Internet
WordPress and Drupal users should update their code now to seal a security hole. Users on an older framework could see their site shut down after hackers exploit holes in XML or other security vulnerabilities.
Put simply the largest vulnerability was within the XML of sites such as these. For programmers it is known as an XML Quadratic Blowup Attack. Hackers would go in and use a very small XML document which causes the server to process tons of data. One billion copies of the initial data can come out of such an intrusion, as with a "Billion Laughs" attack. Since huge amounts of data were flowing through the system, much more than usual, many servers would simply be unable to handle it and crash.
Attacks such as these have become common for hackers who want to quickly take down a system. Attacks such as these do not need cyber criminals to have your password in many cases. As such brute force methods have become popular both for shutting down sites and stealing passwords. Bots can even guess your password tens of thousands of times until they guess it. Tricking you into giving up your password is still by far the most common method though.
Many of the writers here use WordPress for their own blogs and it is the most popular platform today for bloggers. As for Drupal many use it for its flexible code which is used in many applications. Forums are by far the most popular use for it though. In both cases some extremely famous people need these for their online reputation.
Right now there is already a "security release" which can fix the problem. It stops misuse of code and several attacks related to denial of service. Cross-site scripting is also blocked for those who have had their administrator accounts compromised as well. Events spurred both WordPress and Drupal teams to work together against hackers.
More about Technology, Blogging, Forums, Wordpress, Internet
 
Latest News
Top News