Posts

CVE-2016-5195 – Dirty Cow

As you may have read in the news almost all Linux systems since 2007 are vulnerable for something called Dirty Cow.

Without going into the details the machines most vulnerable to this exploit would be web facing servers; in other words; our servers.
we are glad to announce that our server park has already been patched as soon the fix was available.

Obviously we keep monitoring the situation and take action when and if needed.

Do you want to know more about Dirty Cow you may find an article here: http://arstechnica.com/security/2016/10/most-serious-linux-privilege-escalation-bug-ever-is-under-active-exploit/

 

Joomla! 3.6.4 – a security fix

A Joomla! 3.6.4 release containing a security fix will be published on Tuesday 25th October at approximately 14:00 UTC

Since this is a very important security fix, please be prepared to update your Joomla installation’s next Tuesday.

https://www.joomla.org/announcements/release-news/5677-important-security-announcement-pre-release-364.html

WordPress 4.5.3 security update

From the WordPress 4.5.3 release notes, WordPress versions 4.5.2 and earlier are affected by several security issues:

  • Redirect bypass in the customizer, reported by Yassine Aboukir
  • Two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati.
  • Revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen
  • oEmbed denial of service reported by Jennifer Dodd from Automattic
  • Unauthorized category removal from a post, reported by David Herrera from Alley Interactive
  • Password change via stolen cookie, reported by Michael Adams from the WordPress security team
  • and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.

WordPress 4.5.3 also fixes 17 bugs from 4.5, 4.5.1 and 4.5.2:

  • #35657 Image height calculation not always available on body.load
  • #36379 Saving post can remove its hierarchical terms if user cannot
  • #36531 Default image size medium_large is not generated
  • #36533 Doesn’t work browse media libary on Frontend
  • #36590 POST[‘nav-menu-data’] breaks other POST
  • #36637 Inline linking inserts `_wp_link_placeholder`
  • #36660 WP_Customize_Widgets::preview_sidebars_widgets() can return false
  • #36708 Silence ini_set() in wp_debug_mode() if WP_DEBUG is off
  • #36748 Updating tables to utf8mb4 causes some columns to change type
  • #36749 Customizer wont load: issue with site-icon control
  • #36767 oEmbed performance optimisation
  • #36793 Customizer doesn’t load in IE8
  • #36838 Invalid argument supplied for foreach() in /wp-includes/theme-compat/embed-content.php
  • #36861 The Insert into post button in the Edit Image window doesn’t work.
  • #36876 TinyMCE: inline toolbars don’t adjust position
  • #36892 Update jQuery migrate to 1.4.1
  • #36900 Media grid AttachmentsBrowser arrows navigation and restoreFocus()

Jetpack Security Update

Jetpack 4.0.3 contains a critical security update, and you should update all the sites you manage as soon as possible. You can update through your wordpress dashboard, or download Jetpack manually here.

More information about this issue can be found on the Jetpack website.

Link: https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/

Joomla! 3.4.8 is now available

Joomla! 3.4.6 is now available

Joomla! 3.4.6 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability and 2 low level security vulnerabilities. We strongly recommend that you update your sites immediately.

Security Issues Fixed

  • High Priority – Core – Remote Code Execution (affecting Joomla 1.5 through 3.4.5) More information »
  • Low Priority – Core – CRSF Hardening (affecting Joomla 3.2.0 through 3.4.5) More information »
  • Low Priority – Core – Directory Traversal (affecting Joomla 3.4.0 through 3.4.5) More information »

Link: https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html

Joomla Security Patch 3.4.5

Joomla! 3.4.5 is now available. This is a Joomla security patch for the 3.x series of Joomla which addresses a critical security vulnerability. We strongly recommend that you update your sites immediately. This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.4 release.

Security Issues Fixed:

  • High Priority – Core – SQL Injection (affecting Joomla 3.2 through 3.4.4) More information »
  • Medium Priority – Core – ACL Violations (affecting Joomla 3.2 through 3.4.4) More information »
  • Medium Priority – Core – ACL Violations (affecting Joomla 3.0 through 3.4.4) More information »

Link: www.joomla.org
Link to annoucement: Joomla! announcement 3.4.5 release.

Joomla Security Patch Pre-Announcement

Joomla has issues a pre-announcement for the Joomla 3.4.5 release containing a security fix that will be published on Thursday 22nd October at approximately 14:00 UTC

The Joomla security team (JSST) has been informed of a critical security issue in the Joomla core.
Since this is a very important security fix, please be prepared to update your Joomla installations next Thursday.
Until the release is out, please understand that we cannot provide any further information.

Link: www.joomla.org

Mozilla: Deprecating Non-Secure HTTP

So Mozilla came with the news today that it will be Deprecating Non-Secure HTTP in the future, in short this means everyone needs to upgrade to SSL sooner or later, together with the news of Google which will punish non SSL sites in their ranking it is reason the more to get a SSL set up and be ready for the the future.

Read the whole article from Mozilla here: https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

And if you missed the google announcement you can read back here: http://googleonlinesecurity.blogspot.ca/2014/08/https-as-ranking-signal_6.html

Official SSL Certificates (from Domain Validated to Extended Validation certificates) are available from 040Hosting as from EUR 10,00 per year
more information on https://www.040hosting.eu/ssl/

Why SSL

Here at 040Hosting we are proud to be able to provide you with the worlds leading brands in SSL to make our customers websites secure. But what is SSL and why would you want to install it on your site even if you don’t have an e-commerce shop.

One of the most important factors of why you should install a SSL certificate on your account is showing your visitor that you care about their security, let’s face it most clients do send far more information over the net as only payment details, a lot of privacy concerning data is shared every single day on the net, its just as important to transfer that data secure as it is for the credit-card data. In fact all sites on the net should be at least using the cheapest SSL certificates to keep information exchanges encrypted. Show your visitors you love them !

Another good reason for SSL would be SEO, Google has stated that they will rank sites which securely transmit data higher as websites which do not. So this makes it from a SEO perspective a good idea to use SSL as well.

Gain customers trust for your website, apart from the DV (Domain Validated Certificates) you also have OV (Organisation Validated) or EV (Extended Validation) SSL‘s each of them building up the trust levels of your site, they take a bit longer to issue as the CA (Certificate Authority) needs to check several aspects of your requests too, they will need to see if your details match the validation by checking the OV or EV validation process. OV’s are usually approved in 2-3 days; where as EV’s can take up to 10 days or longer. Needless to say is that the Green Bar gives your clients the most trust.

To make it easy for our clients the SSL’s can be easily requested and configured in our billing system, and if you order an SSL for your hosting account you can even use our Auto SSL Installer in your cPanel to make the installation even more smart and automated.

So next time someone asks: Why SSL? you answer SST : Security, Seo and Trust !