Security Archives - Page 19 of 19

osCommerce Under Attack – So Far 3.79 Million Pages Affected

By Christine Hall on August 1, 2011 |

The popular osCommerce ecommerce application has been under attack at least since last week, according to web application security firm Amorize. At last count the attack has affected more than three million pages. The attack, in the form of an iFrame injection, utilizes several vulnerabilities in older versions of osCommerce. The latest version doesn’t seem to be affected. Any business using an older version of osCommerce is advised to upgrade immediately.

The Zen Cart ecommerce application, which was initially a value added fork of osCommerce, doesn’t seem to be affected. Kim Elliott, one of the founding members of Zen Cart, told me, “As far as I know there hasn’t been a problem. As long as you have our latest version and file permissions set correctly you shouldn’t have any issues.”

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com

Google’s Problems with Android Apps, Webmaster Tools and Oracle – RMS Says “Don’t Go There”

By Christine Hall on July 22, 2011 |

Mobile, News, Patents and Security

Friday FOSS Week in Review

Google’s been everywhere in the news this week, so much so that I’ve considered calling this week’s column “Friday Google Week in Review.” It’s not all Google, however, but it is all interesting – at least to me.

8% of Android Apps Leak Data

On Tuesday, security site Dark Reading reported that Neil Daswani, CTO for security firm Dasient has found that about 8% of Android apps leak user data. In a study that will be released in full at next month’s Black Hat conference in Las Vegas, Daswani found that 800 out of 10,000 applications tested were found to be leaking personal data. Eleven of the apps were sending mobile spam, SMS messages, to other smartphones.

Christine Hall

FOSSForce.com

WordPress Plugins for Security & Robustness

By Christine Hall on June 23, 2011 |

Internet, Security and Software

Yesterday I wrote about how WordPress has evolved into a first rate platform that can be easily customized. One of the ways that WordPress is customized to meet the unique needs of a site is through the use of plugins that add functionality. Most of these functions are visual and offer visitors a richer experience while on your site. Others are never even seen by the visitor and only indirectly affect his or her experience.

During site design, it can be easy to become so blinded by the the former group, the plugins that add lots of gee-whiz bells-and-whistles, that we ignore the later group that does the grunt work to increase our site’s performance. However, judicious use of these behind-the-scenes plugins can make our WordPress sites more secure and help reduce server loads, making for a safer and quicker site and a better experience for our visitors.

Christine Hall

FOSSForce.com

Security Risk in Firefox & Chrome

By Christine Hall on May 10, 2011 |

Browsers, News and Security

Many of us who use Firefox or Chrome browsers do so for security reasons. Unfortunately, this lulls many of us into a false sense of security, as there’s really no such thing as “safe” browsing. This has become increasingly true in recent years, as major content providers have insisted that a feature rich web experience should trump security, with the folks at Mozilla and Google seemingly willing to lend a helping hand.

According to James Forshaw with the security firm Context, there is a new security threat to worry about in the form of WebGL, which is enabled by default in Firefox 4 and Chrome. According to Forshaw, the risk is substantial – both to your data and to your hardware. Just to give you an idea:

Christine Hall

FOSSForce.com