{"id":3294,"date":"2017-02-13T10:13:33","date_gmt":"2017-02-13T17:13:33","guid":{"rendered":"https:\/\/www.whitefirdesign.com\/blog\/?p=3294"},"modified":"2017-02-13T10:13:33","modified_gmt":"2017-02-13T17:13:33","slug":"trend-micro-thinks-their-continued-failure-to-take-a-basic-security-measure-shouldnt-define-them","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2017\/02\/13\/trend-micro-thinks-their-continued-failure-to-take-a-basic-security-measure-shouldnt-define-them\/","title":{"rendered":"Trend Micro Thinks Their Continued Failure to Take a Basic Security Measure Shouldn&#8217;t Define Them"},"content":{"rendered":"<p>Back in May of last year <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2016\/05\/10\/trend-micro-running-outdated-and-insecure-version-of-wordpress-on-their-blog\/\">we noted that cyber security company Trend Micro was failing to keep the installation of WordPress on their blog up to date<\/a>. What stuck out about this was that this shouldn&#8217;t have happened, as WordPress has an <a href=\"https:\/\/codex.wordpress.org\/Configuring_Automatic_Background_Updates\">automatic background update<\/a> feature that would normally have done the updates without requiring any interaction by someone at Trend Micro. So either there was some incompatibility between their hosting environment and that feature or they unwisely disabled the feature without making sure to promptly do the updates manually instead. If it was the former, then they could have probably helped not only themselves, but others by working with WordPress to fix the cause of those updates not occurring.<\/p>\n<p>Fast forward to last week where it was <a href=\"http:\/\/www.silicon.co.uk\/security\/trendmicro-blog-security-205197\">reported that another one of their blogs\u00a0was attacked<\/a> due to a vulnerability in WordPress that\u00a0would have not been possible to exploit on the website if they either had gotten automatic background updates working or if they had started promptly updating manually.<\/p>\n<p>The response from the company&#8217;s &#8220;Global head of security research&#8221;\u00a0makes it sound like the company has no idea what they are doing:<\/p>\n<blockquote><p>\u201cWe got reports from many researchers, regarding attacks using this vector and we deployed a custom policy to block the attacks,\u201d he explained.<\/p>\n<p>\u201cUnfortunately there are many different URLs attackers can use to carry out the same attack, so a couple of fake \u2018articles\u2019 ended up posted on CounterMeasures. We have responded and shut down the vulnerability completely to resolve the issue<\/p>\n<p>\u201cJust serves to demonstrate something that I have often repeated in presentations, we are all a potential victim of digital attacks and we can\u2019t afford to take our eyes off the ball at any time. The best way to respond to any attack of this nature is with honesty and alacrity, and that\u2019s what we have endeavoured to do.<\/p>\n<p>\u201cOf course technology and best practice can mitigate the vast majority of intrusion attempts, but when one is successful, even one as low-level as this, you are more defined by how you respond than you are by the fact that it happened.\u201d<\/p><\/blockquote>\n<p>The really simple solution to prevent this vulnerability from being exploited is to make sure you updated from WordPress 4.7.0 or 4.7.1 to 4.7.2, but there is no mention of that. Instead they make some mention of\u00a0a &#8220;custom policy to block the attacks&#8221;, which is not necessary if you just updated to 4.7.2.<\/p>\n<p>Amazingly as of this morning the\u00a0<a href=\"http:\/\/countermeasures.trendmicro.eu\/\">blog<\/a>\u00a0is still running WordPress 4.7.1, as can easily be seen by viewing the source code any page on it:<\/p>\n<p><a href=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2017\/02\/trend-micro-countermeasures-outdated-wordpress.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3300 size-full\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2017\/02\/trend-micro-countermeasures-outdated-wordpress.png\" width=\"730\" height=\"75\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2017\/02\/trend-micro-countermeasures-outdated-wordpress.png 730w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2017\/02\/trend-micro-countermeasures-outdated-wordpress-300x31.png 300w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 61vw, (max-width: 1362px) 45vw, 600px\" \/><\/a><\/p>\n<p>The main <a href=\"http:\/\/blog.trendmicro.com\/\">Trend Micro blog<\/a> doesn&#8217;t contain a meta generator tag, which makes it easy to spot what version is in use, but if you look at the CSS and JavaScript files being loaded on it you can see repeated use of &#8220;4.7.1&#8221; in the URLs, which tells you it is also on WordPress 4.7.1:<\/p>\n<p><a href=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2017\/02\/trend-micro-blog-outdated-wordpress.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3298 size-full\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2017\/02\/trend-micro-blog-outdated-wordpress.png\" width=\"930\" height=\"290\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2017\/02\/trend-micro-blog-outdated-wordpress.png 930w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2017\/02\/trend-micro-blog-outdated-wordpress-300x94.png 300w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2017\/02\/trend-micro-blog-outdated-wordpress-768x239.png 768w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/a><\/p>\n<p>Defining Trend Micro by their response to getting attacked rather than their failure to take best practices doesn&#8217;t seem to make things better here, since they still have failed to properly respond to the situation by updating WordPress. Since they can&#8217;t handle the basics, you really would have to wonder about their handling of more serious things. Or you would if the <a href=\"http:\/\/www.zdnet.com\/article\/trend-micro-password-manager-had-remote-command-execution-holes-and-dumped-data-to-anyone-project\/\">wasn&#8217;t already evidence they can&#8217;t<\/a>.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Back in May of last year we noted that cyber security company Trend Micro was failing to keep the installation of WordPress on their blog up to date. What stuck out about this was that this shouldn&#8217;t have happened, as WordPress has an automatic background update feature that would normally have done the updates without &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2017\/02\/13\/trend-micro-thinks-their-continued-failure-to-take-a-basic-security-measure-shouldnt-define-them\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Trend Micro Thinks Their Continued Failure to Take a Basic Security Measure Shouldn&#8217;t Define Them&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,35],"tags":[60],"class_list":["post-3294","post","type-post","status-publish","format-standard","hentry","category-bad-security","category-outdated-web-software","tag-trend-micro"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3294","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=3294"}],"version-history":[{"count":5,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3294\/revisions"}],"predecessor-version":[{"id":3302,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3294\/revisions\/3302"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=3294"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=3294"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=3294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}