Mediaboss Marketing

Alan Shimel | June 25, 2013

Can you trust what you download from marketplaces?

WordPress is the open source content management system (CMS) that powers more than 60 million web sites or about 18% of all of the sites on the web. One of its biggest advantages is the large number of plugins written by thirdparties that allow authors to use advanced features within WordPress.Checkmarx, makers of an automated code review solution, recently looked at the top 50 plugins for WordPress examining them for vulnerabilities. Theiranalysis, published here, found 20% of the top 50 were vulnerable to the most common web attacks. Even more frightening, 7 out of 10 of the leading ecommerce plugins were vulnerable.

To put this in perspective, this means that vulnerable plugins were downloaded to install in websites about 8 million times! I had a chance to speak with Maty Siman, CTO and co-founder of Checkmarx, and my friend Noa Bar Yosef, who is an advisor to Checkmarx and is well-known in the infosec community. Maty and Noa told me that Instances of insecure or hacked WordPress plugins have been reported before. For instance, the TimThumb LFI vulnerability compromised 1.2 million websites and the redirection of 200,000 WordPress based pages to rogue sites.

To be clear, we are talking about vulnerabilities that use the most basic type of hacks. Common SQL injection and Cross-site Scripting type of attacks, for instance. You don't have to be an evil genius to come up with these kinds of attacks.

While the Checkmarx report singles out WordPress, Maty and Noa emphasized that the same is probably true with other leading CMS programs. The problem is that organizations such asAutomattic, the makers of WordPress, put out some coding standards and recommendations, but there are no security guidance or requirements that a plugin developer needs to adhere to.

Some of the key findings of the Checkmarx report are:

1. 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks.This amounts to nearly 8 million downloads of vulnerable plugins. Namely, these plugins are vulnerable to: SQL Injection (SQLi), Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Path Traversal (PT).

2. 7 out of top 10 most popular ecommerce plugins are vulnerable to common Web attacks. This amounts to more than 1.7 million downloads of vulnerable ecommerce plugins. These plugins are vulnerable to SQLi, XSS, CSRF, RFI/ LFI and PT.

3. There is no correlation between the number of Lines of Code (LOC) and the vulnerability level of the plugins. Every line of code has the potential impact of introducing a vulnerability. But Checkmarx has found that the opposite does not hold true. Meaning, the smaller the code does not necessarily mean the safer the code. On the contrary - some plugins that included only a few thousand lines of code contained more types of vulnerabilities than plugins containing tens of thousands lines of code.

See the original post:
BLOG: 7 of 10 leading WordPress plugins are vulnerable

PHOENIX, June 26, 2013 /PRNewswire/ -- The first to market and leading provider in Managed WordPress hosting, Page.ly, has reached an agreement to acquire competing service BlogDroid in an all cash deal. Financial details were not disclosed.

(Photo: http://photos.prnewswire.com/prnh/20130626/LA38648)

As a result of the sale, customers will move from the existing BlogDroid infrastructure to the Page.ly Managed WordPress hosting platform. Page.ly will manage the BlogDroid domain name and the BlogDroid team will provide assistance during the transition process. Additionally, BlogDroid sales staff will refer future hosting clients to the Page.ly WordPress hosting platform.

"BlogDroid is a great acquisition to swell our ranks of happy customers. They will find a good home on our expanding service," said Joshua Strebel, co-founder and CEO of Page.ly while remarking on the deal. "Managed WordPress is what we do, we have future plans for the blogdroid.com domain in that regard."

Page.ly's goal when acquiring BlogDroid was to diversify their customer profile and to help more people experience their special brand of web hosting; without the needless upsells, long term contracts, and bait & switch pricing common with other providers. With the BlogDroid team's ongoing referrals, Page.ly will serve even more people with quality managed WordPress services.

BlogDroid was an attractive acquisition for Page.ly due to their impressive growth in a short period of time, a more polished brand than most competitors, and the "customer-first" approach made by Karen Jackie, co-founder of BlogDroid. She had the following to say about the acquisition:

"We are extremely excited to see our valued WordPress customers move to such a mature and well respected service like Page.ly. We want to make sure the transition is as easy as possible and will be assisting the Page.ly team in making sure every customer has a seamless moving experience."

New BlogDroid clients can expect a step up to the enterprise grade security that Page.ly offers called PressARMOR.

"PressARMOR offers best-in-class WordPress security, it's system wide and not just an add on or plugin to an otherwise unsecure and stock platform. We have refined it over the years, protecting all our many thousands of customers," said Joshua Strebel.

New BlogDroid clients can also expect managed WordPress service from the people who invented the space, trusted automatic upgrades, expert support from people with years of experience in WordPress, extremely fast load speeds, and more WordPress-focused features coming soon.

View original post here:
Page.ly Acquires Competing Managed WordPress Hosting Company BlogDroid.com

Celebrity chef Paula Deen

Celebrity chef Paula Deen appears on NBC News' "Today" show on Wednesday in New York.(AP Photo/NBC, Peter Kramer)

Has the backlash against Paula Deen been too severe?

NEW YORK Will Paula Deen go the way of Michael Richards or Charlie Sheen?

One unleashed a bigoted tirade and is no longer a lovable, easily employable clown. The other carved a brand out of crazy reported hotel N-word rant and all but is back on TV earning millions.

Her Food Network shows gone, her endorsements crumbling, is Paula Deen in a word toast?

A week after Deens admission of using racial slurs in the past surfaced in a discrimination lawsuit, pop culture watchers, experts in managing public relations nightmares and civil rights stalwarts who have tried to help other celebrities in her position see a long, bumpy road ahead.

They also see a week full of missteps and believe the queen of comfort food reacted too slowly to her latest controversy at a time when hours count. They say it could take years, if she can make it back at all to the earning power she has enjoyed.

Paula Deen has, I would say, taken an irreparable hit because she had this appearance of being more or less a nice older woman who cooks food thats bad for you. That in her own way sort of made her lovable, said Janice Min, editorial director of The Hollywood Reporter in Los Angeles.

But this presents a whole other picture of, Wow, maybe shes just an old racist white southern woman. That image is hard to shake off for a large chunk of people, Min added.

Read the original:
Is Paula Deen toast in N-word controversy?

Ann Coulter: U.S. #39;finished #39; if amnesty passes

By: teapartyorg1

Continue reading here:

Ann Coulter: U.S. 'finished' if amnesty passes - Video

Ann Coulter on Hannity President Obama links Catholic schools to segregation
Pls Subscribe and Enjoy breaking news caught on tape daily! Ann Coulter on Hannity President Obama links Catholic schools to segregation.

By: SHOCKINGNEWSCLIPZ

Read the rest here:

Ann Coulter on Hannity President Obama links Catholic schools to segregation - Video