By: - Independent Computer Security Analyst


Popular WordPress plugins found vulnerable to XSS attacks

April 21st, 2015

As I’ve explained before on the Optimal Security blog, cross-site scripting (XSS) flaws are a big problem on the net. Vulnerable websites can be exploited via XSS to steal user accounts, change settings or phish passwords from unsuspecting users. In fact, XSS flaws are one of the most commonly encountered security flaws found on websites. […]


Hijacking Websites for Hacktivism (part 2)

April 20th, 2015

In the first post of this series I outlined my plan for the upcoming U.S. election. I’ll find unvarnished information about the candidates from sources like public records, create a website to display that information, and then re-route web traffic from the candidates’ own URL’s to my website. So far we’ve covered setting up the […]

By: - Independent Computer Security Analyst


Minecraft learns the hard way: It’s not good to ignore vulnerability reports

April 17th, 2015

If a security researcher finds a vulnerability in your software, please don’t ignore them. Instead, be grateful that someone who has found a flaw in your product has chosen to let you know about it, rather than selling it (for probably more cash than you’ll offer them as a bug bounty) to some nefarious ne’er-do-well […]

By: - Director, Product Management


Another Big Update for April Patch Tuesday

April 14th, 2015

Another high number of updates have been released by Microsoft this April Patch Tuesday – 11 security bulletins have been distributed in all; 4 of them are critical and 7 important. This is a follow-up to last month’s big Patch Tuesday with 14 bulletins. April will be an important month for your server team, with […]


Hijacking Websites for Hacktivism (part 1)

April 13th, 2015

I mentioned in my last post about hacktivism that I had some future plans based on upcoming events. I’m confident enough in my plan that I’m going to share it here with you, of course leaving out a few specific details. If you want to avoid being the victim of a plan like this, then […]

By: - Independent Computer Security Analyst


Hackers break into Linux Australia server, plant malware, steal personal information

April 7th, 2015

Linux Australia has warned its members and conference attendees that their personal information may have fallen into the hands of online criminals, following a breach of the organisation’s servers. In a mailing list posting, Linux Australia Joshua Hesketh confirmed that a malicious hacker attacked the site between 04:00 and 06:00 local time on 22 March […]


Have You Thought About Hacktivism?

April 6th, 2015

I know you are focused on stopping cyber crime, but have you thought about hacktivism at all? It may very well affect your organization in the future – if it hasn’t already. Who Are Hacktivist Targets? A surprising variety of organization types are victims of hacktivism. You might think that your organization is immune, or […]

By: - Independent Computer Security Analyst


XSS flaws expose weaknesses on Amazon and UK newspaper websites

March 31st, 2015

Cross-site scripting (XSS) flaws are amongst the most commonly encountered security flaws found on websites, opening up opportunities for malicious hackers to hijack customer accounts, change users’ settings and phish login credentials. Unfortunately, it only requires a single web developer to make a mistake to open up opportunities which online criminals can exploit to launch […]


Will Bar Mitzvah Be The Death Knell for RC4 Crypto?

March 30th, 2015

RC4 is an encryption algorithm designed by RSA in 1987. It was attractive then because it could be implemented in a few lines of code, and wasn’t computationally intensive. PC’s were 8088 or MC68000 based at the time, and 64K was enough RAM, remember? Even today RC4 has advantages. It runs fast on small devices, […]

By: - Independent Computer Security Analyst


Android users exposed to malware by installer hijacking vulnerability

March 27th, 2015

Security researchers have warned about a widespread vulnerability in Android devices, that could see attackers sneakily modify or entirely replace seemingly benign apps with malware, without users becoming aware. In other words, a user might attempt to install a legitimate version of “Angry Birds” but instead end up with a Flashlight app that’s harbouring malware. […]

By: - IT Secured. Success Optimized.


Introducing HEAT Software

March 20th, 2015

Jonathan Temple, President & CEO, HEAT Software. Our recent merger of Lumension and FrontRange marks an important new chapter in the evolution of service and unified endpoint management. The two companies are merging to form HEAT Software and I’m thrilled to be heading the newly formed organization as CEO. I should hasten to add that the […]

By: - Independent Computer Security Analyst


Brace yourself. Mystery OpenSSL high severity vulnerability due to be fixed on Thursday

March 18th, 2015

New versions of OpenSSL, the open-source software widely used to encrypt internet communications using SSL/TLS, are due to be released on Thursday, patching a series of security vulnerabilities. And one of those security vulnerabilities, according to the software’s developers, is considered “highly serious”. Details of the nature of the security flaws are currently non-existent, but […]


To Patch or Not To Patch, Which is Riskier?

March 16th, 2015

Patching systems in an enterprise is a complex and risky activity. It’s extremely time-consuming if you do it right. It’s even more time consuming if you don’t do it right. And in either case, there is fallout to deal with after patching. The patches don’t get applied to some systems, some systems stop working after […]

By: - Sr. Director Solutions and Strategy


Open Source Security – A Change In the Wind?

March 12th, 2015

As we approach the April anniversary of the Heartbleed security defect (CVE-2014-0160), it’s an understatement to say the last year has been rough sledding for OpenSSL. Since OpenSSL is a critical building block for the tools used to initiate and manage most secured transactions on the internet (e.g. SSL and TLS,) there’s a lot riding […]

By: - Director, Product Management


FREAK Fixes From Apple and Microsoft Plus 14 Security Bulletins this Patch Tuesday

March 10th, 2015

Microsoft issued 14 security bulletins today, 5 of which are critical and 9 are important. A total of 44 vulnerabilities in all are addressed; 3 of which are known and being exploited now. If your organization uses Windows, Office, Exchange and/or IE, it will be a very busy patching month for you. Not to mention […]

IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us