WordPress.com, the official hosted version of WordPress have switched over to enforcing SSL, while this is mostly a political statement, there is some merit, firstly you might actually have some forms which should be secure, allowing users to …
All posts by Marc Kranat
Local man tricks upto 2000 boys into exposing themselves online
I don’t think kids are getting the message, allowing anything that you would not be comfortable for your mother to see, should never be allowed onto any digital device, from explicit text messages to embarrassing pictures, never, I don’t know …
Critical Vulnerability in Windows IIS – HTTP.sys PoC (MS15-034)
From Microsoft’s warning is not clear what the vulnerability is, but you can see that this is critical, and the vulnerability must be patched, especially on public facing Windows IIS Servers:
…A remote code execution vulnerability exists in the HTTP
DDoS on WordPress using the search feature
This fairly low tech DDoS can easily take down an under resourced WordPress website, what you will see in your logs is something like:
| /?s=SwCGbtyTPFbgIy | 19:02:40 |
| /?s=rNiwiuFckGegR | 19:02:49 |
| /?s=SwCGbtyTPFbgIy | 19:02:53 |
| /?s=SwCGbtyTPFbgIy | 19:02:56 |
| /?s=SwCGbtyTPFbgIy | 19:03:01 |
| /?s=mYwyTaXVqvlW | 19:03:12 |
| /?s=SwCGbtyTPFbgIy | 19:03:18 |
| /?s=mYwyTaXVqvlW | 19:03:22 |
Setting up a Simple VPN Server
VPN offer far more security than the proxy servers which most people are used to using, when using commercial paid for services proxy server accounts are normally much cheaper and simpler to set-up for the client which is their only …
Cyberwar on free speech and small businesses
The last month has seen an major increase in international cyber warfare, first we had North Korea hacking Sony, apart from the embarrassment caused by leaked documents, forced them to shut down their entire network, and they claim still some …
AntiCrawler, referrer spam turned nasty
AntiCrawler, referrer spam turned nasty, asking you to add potentially malicious code to your own site.
Although this is by far not the most popular blog, I do like to look in each day to check up on things, and …
Fake GoDaddy DNS Notifications
Only last week I posted about another phishing scam targeting GoDaddy clients, this client only just bought his first domain last week. He knew nothing should have been changed, so luckily when he got the email notification “Status Alert: Domain …
Highly targeted Phishing against a GoDaddy account
I do get a lot of phishing emails, we all do, but as security professionals we tend to recognise them immediately, the syntax is wrong, it’s missing a name, of course when you get them from a bank you don’t …
Adding disclaimers on blog comments
I was asked a couple of days ago to add a disclaimer to the commenting section on a WordPress Blog, something like: “Commentators are asked to be polite, stay on topic. While we do monitor and moderate comments, they are …