An ongoing discussion of web design and web security.
When looking at the poor state of the security industry one of the things we have noticed is that far too often you can get better information from the Wikipedia than you can from many in the security industry. One re-occuring issue we see is people in the security industry referring to dictionary attacks, which … Continue reading “Checkmarx Fails the Wikipedia Test”
Back in November over at the blog for our Plugin Vulnerabilities service we discussed the fact that the security company Checkmarx was making a claim that a number of WordPress eCommerce plugins had severe vulnerabilities without providing any evidence, even what the name of the plugins was, to support that. That didn’t stop security journalists from … Continue reading “Checkmarx Running Outdated and Insecure Version of WordPress”
In yet another sad sign of how bad internet security is these days, a security company named Checkmarx released findings on security vulnerabilities in WordPress plugins (PDF) while running their own website on an outdated an insecure version of WordPress: Checkmarx has failed to apply the last two security update releases of WordPress. WordPress 3.4.1, … Continue reading “Checkmarx Website Running Outdated and Insecure Version of WordPress”
When it comes to why website security is in such bad shape there are lots of parties that play a role. Journalists could play a critical role is shining a light on what is wrong with the security industry, but for the most part they instead act as stenographers for claims made by security companies … Continue reading “Security Journalist’s Bad Focus and Flashpoint’s Questionable Business Risk Intelligence”
We were recently contacted by Comodo about some sort of a partnership with their cWatch service. From the homepage of that service, things immediately seemed questionable. They are offering “Free Instant Malware Removal”: To properly remove malware or some other hacking issue, you can’t do it instantly. If you do it properly it will take … Continue reading “Comodo and Melih Abdulhayoglu don’t secure their own websites, why would trust them to secure yours?”
The Russian security company Kaspersky Lab has been in the news a lot recently in regards to questions about its relationship with the Russian government, but what deserves to get some focus is how their news website, Threatpost, helps to spreads unfounded claims about security threats coming from others in the security industry. Back in … Continue reading “Kaspersky Lab’s News Website Threatpost Spreads Unfounded Claims About Security Threats”