Category Archives: Security
Time To Say Goodbye To UPnP
Everyone who is familiar with UPnP can stop reading now, unless you’re curious, because you’ve probably already disabled it. UPnP has been a huge security issue ever since its release, with exploitable vulnerabilities showing up with alarming frequency all through … Continue reading
Mod_Security and Content Management Systems
Often times clients will begin work on a site using a content management system (CMS) such as WordPress and Magento and will run into “Permission denied” or “Method not implemented” errors when performing routine work such as uploading pictures or … Continue reading
Possible APC Vulnerability Fixed on Shared Servers
An issue was identified on newer shared servers (including shared SIP and shared OBP servers) that use PHP-FPM along with APC for an opcode cache. This issue had the potential for clients to see other users shared private data within … Continue reading
Important Magento Security Update
Magento recently posted an important security update that affects all versions prior to CE 1.7.0.2 and EE 1.12.0.2. The vulnerability is specifically in the Zend Framework’s Zend_XmlRpc module, which means that any application built on the Zend Framework is potentially … Continue reading
Let’s Talk About Basic Security
It’s never a bad idea, or a bad time, to talk about some easy methods to help ensure the security of your computer and web site. These may be common knowledge, but the failure to follow these policies are the … Continue reading
PCI, Magento, and Storing Credit Card Information
The question of whether you can store credit card information within Magento comes up a lot here at Nexcess. The answer to this question is unfortunately not very clear when looking for an answer elsewhere including on the Magento website. … Continue reading
Keeping WordPress Secure
Being one of the most widely-deployed blogging engines around, it’s no surprise that WordPress holds the interests of a wide audience. Unfortunately, not everyone is out to become the next rockstar blogger or tech pundit; the sad truth is that … Continue reading
Swaks Makes Testing SMTP Servers Easier
I have the pleasure of dealing with mail problems frequently, specifically problems getting messages delivered from our servers to other servers. When diagnosing a problem, I usually ended up telnetting directly to the server to send it some commands to … Continue reading
SSL for the Rest of Us
Recently, a certificate authority (CA) named Diginotar mistakenly issued valid wildcard SSL certificates for some major websites such as Google, Mozilla, Yahoo, WordPress and the Tor Project. Security experts and application vendors considered this a serious threat to the essential … Continue reading
Using OpenSSL to Verify Service Availability and Configuration
SSL is one of the most widely-used technologies for securing communications over the internet. It does have a few design flaws, but it’s still widely used to secure e-mail (IMAP-SSL and POP3-SSL), HTTP traffic (via HTTPS), and other communications. By … Continue reading
