See also:
See also:
See also:
This is a translated article that originally was written by Chio, published on websitebaker.at
WB in Gym
Above all XSS vulnerabilities are currently on the focus. Although XSS in itself is relatively harmless it can be a conuit in conjunction with others not yet discovered weaknesses. And as XSS weaknesses can be checked easily by both, developers and hackers, it is not a bad idea to start from this point this time.
Cross-Site Scripting (XSS) means that content will be inserted (usually via Javascript) that way, that the new content appears to the browser in a trusted environment. Specifically, for example Javascript is inserted in guest books that way that the script is running.
Some small things have already been discovered. There is no reason to panic, but for site operators it is worth looking into AMASP, for there are constantly published screwed modules.
In addition there is a "structural" weaknesses, such as some remaining old code from previous WB versions that is maybe a risk because it is no longer respected. Therefore it can easily happen that in future releases some older versions of modules will no longer work correct. A risk that can easier be accepted than the risk posed by possible vulnerabilities. In the first case the site operator will immediately notice if something is not working (any more) , in the second case, he will notice it when it is too late.
One week after "meltdown"
I am maintaining a lot of sites for customers; and as well as many other WB-user, I had to uninstall check, change passwords, send mails etc the last weekend ... And was afraid of the reactions from my customers on Monday.
But I have to say: the reactions were very positive. Not that the people had joy in the gap, but they were pleased that it was reacted immediately. This is not the "normal" way and they really appreciate the good service. And I am once again came into conversation with my customers, looking on their own to their sites itself, and therefore rarely call me.
New Passwords
There are some tools on the web with which you can check the security of a password. I also must admit that I have dealt too careless with it; a condition which I now change everywhere.
The new consciousness let appear many free service on the web (password-check?) in a new light: what the operators actually live from? The advertising alone does not a weed in bold. And even assuming no evil to them: free service companies open and close but what actually happens to the collected data?
Only those who sometimes change their password, can be reasonably sure that it is not already flogged off in a collection along with name, address and anything else on DVD.