Category Archive for: ‘News’

Vulnerability in WordPress SEO by Yoast – Upgrade Immediately

From WordFence

It looks like this may be the new normal we’re working with: Where vulnerability disclosure happens on the same day as a fix is released by the vendor. I’d love to hear your thoughts in the comments, whether your’e a plugin author, WordPress admin or anyone else involved or concerned about WordPress security.

What to do: Upgrade immediately to version 1.7.4 of WordPress SEO by Yoast which contains the fix.

The vulnerability is a SQL injection attack that needs admin access to be exploited. To the layman, this sounds like it’s unexploitable, but these kinds of security holes are usually exploited via a cross-site request forgery (CSRF) which tricks an admin into loading a link from their own website (where they’re logged in as admin) which then exploits the vulnerability using the admin’s privileges.

Yoast has an excellent user-friendly summary on their blog. Apparently the WordPress team put out an automatic update. Their blog also contains instructions on what to do if your’e using Yoast SEO Premium.

SAN FRANCISCO — The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer Web browser until a fix is found for a serious security flaw that came to light over the weekend.

The bug was announced on Saturday by FireEye Research Labs, an Internet security software company based in Milpitas, Calif.

“We are currently unaware of a practical solution to this problem,” the Department of Homeland Security’s United States Computer Emergency Readiness Team said in a post Monday morning.

It recommended that users and administrators “consider employing an alternative Web browser until an official update is available.”

Read more…

We recently learned about a serious vulnerability in OpenSSL Certificates, known as the Heartbleed Bug. This vulnerability  compromises the security of passwords, credit cards, and other sensitive information.

Since this has widespread implications on the Internet, we wanted to inform you of this issue and assure you that Khimaira-GreenEarthHost makes every effort to keep our systems patched to limit the impact of security vulnerabilities. Updates have been made to our systems to ensure that we remain unaffected by this vulnerability.

As a precaution, we recommend that all users change their account passwords; especially if you use the same login information for other services.

We’re in the process of completing a new look for our website!

We ask for your patience as we complete the finishing touches.Khimaira-GreenEarth Host

Ok…we know a website is ‘never done’, but we’re moving along…and enjoying the journey!

Let us know what you think.

A huge thanks to Eleanor Ames who has helped jumpstart the process and who has been a tremendous help in the much needed facelift (actually a ‘whole body’ lift!)   We highly recommend her web development services.  She’s amazing!  Send us a note if you would like her contact information!