With Autoptimize 2.7.7 released on August the 23rd and having been pushed to all sites that were still on 2.7.0-2.7.6 by the WordPress plugins team on Aug. 30th and 31th, resulting in just under one million downloads in 8 days time, it is now the moment for a small debrief of the security issues that […]
Autoptimize 2.7.7, which was release earlier today, has misc. improvements, but more importantly comes with 2 security fixes (one XSS, one malicious file upload, both for authenticated users), so please upgrade sooner rather then later.
[Updated 23/06 to reflect newer versions 2.1.2 and 2.2.1] Heads-up: Autoptimize 2.2 has just been released with a slew of new features (see changelog) and an important security-fix. Do upgrade as soon as possible. If you prefer not to upgrade to 2.2 (because you prefer the stability of 2.1.0), you can instead download 2.1.2, which […]
A couple of days ago I had another look at Content Security Policy, a technology that allows a site to tell a browser resources are allowed to be loaded to protect against XSS and some other types of web application vulnerabilities. CSP was originally devised by the Firefoxians, but is in the process of being standardized […]
Just a couple of small updates on previous stories to keep you posted really. We’ll start of with Ubuntu Natty Narwhal; beta 2 has been released earlier today. I’ve downloaded a lot of updated packages over the last few days, so I guess I’m on the second beta as well. The Unity launcher now comes […]
A few weeks ago I received the following in a mail from Google; As a small token of appreciation for helping keep Google’s users safe and secure, we’d like to credit you on our website. And indeed, yesterday my name was added to the “Honorable Mention” paragraph on Google’s Security Hall of Fame. I don’t consider […]
I just received confirmation from the Google Security Team that the bug I discovered in the iGoogle Facebook Gadget which allowed attackers to log into an other user’s Facebook account bypassing all authentication, has been fixed. So now that the hole has been closed, let’s look at what was happening, shall we? The gadget uses […]