Thinking Outside of the Box
Following up on my post this morning, talking to my experience on WPLate Night, WPCandy released last nights live recording this afternoon, so go check it out.
Oh and special thanks to the guys at WP LateNight for getting my good side in the banner:
Look forward to feedback. I always feel funny listening to myself, but don’t think it came out too bad.
After my most recent Review of the WordPress WordFence Plugin post I felt it was only fair that I take time to review the effectiveness of other similar security focused plugins in the WordPress.org repository.
It’s important to understand that while I work for an InfoSec company my focus is not on whether its a competitive product, but rather how useful it is to end-users and how effective it is at detecting malware. The goal is to establish an unbiased review, leveraging the large repository of web-based malware variants I haveĀ at my disposal.
I stumbled on the AntiVirus plugin while crawling the repository and was naturally curious. The plugin repository description is not very exhaustive, but appears to succinctly articulate what it was designed to do.
[Read more...]
As of late I have been seeing a lot of traffic on various mediums, WordPress.org, Twitter, and Facebook about this new plugin – WordFence. It hasn’t been around for too long I don’t think, maybe 6 months or so, and I have been getting a lot of questions around its effectiveness, etc…
I get this a lot and more often than not my answer is usually pretty neutral, “You know, I’m not sure I have not personally tried them, but I encourage you to and let me know how it works” or “Nope, no thoughts on it, but I hear good things.” Well today, for whatever reason I decided to give them a whirl. If you know what I do then you know web security is a bit of my life these days. Like many others I often obsess over would be competitors and its good to understand what might be chomping at the heels.
With that being said, this post will hopefully serve as an unbiased, hopefully, review of a plugin that is getting a lot of positive remarks from end-users. The focus will be to measure its effectiveness in detecting web-malware on a basic WordPress website.
Full Disclosure (Update 20120704): It’s important to note that I am an executive at Sucuri Security and this is my personal review, not performed by my company. By all rights, this would be categorized as a competing product and its important to note that. I hope to be objective and rational in my review and hope that the readers keep me honest. Arguments can be made as to whether I should or shouldn’t write this post, but its an interest of mine and I choose too. If you feel strongly about it one way or another feel free to let me know.
[Read more...]
I am what most would consider to be a new adopter of Apple machines, less than 6 months, other than the obvious iPhone that is. It’s important to note though that this hasn’t been my first try, I attempted the conversion about 14 months ago and failed miserably. I found myself secretly getting my Windows fix without letting my colleagues know and that eventually led me into withdrawals and finally back on a Windows box, but I digress…
Then came the day I went full-time as an entrepreneur and my partners, being the security freaks that they are, banned me from using Window’s products on our network. My option was a distro of Linux, and as fun of an experience as that was, cough, I found the need for what I would consider a more robust UNIX based products – in enters Apple again.
It just so happens that I made the conversion just as the Flashback / Flashfake outbreak hit the streets. Oh you know, that little outbreak that got every one up in arms over Apple’s security policies and rumored to have over 600,000 MAC’s infected world-wide.
So naturally, my obvious reaction was, “WTF!!!!”
[Read more...]
Back in February I put out a post talking about Web Security: Managing Your Passwords, with the recent compromises on sites like LinkedIn, eHarmony and Last.fm I felt it was appropriate to go back and look at some of the technical aspects of the LastPass solution. Specifically on whether it is secure.
This week I was sent a podcast, Security Now with Steve Gibson, that supposedly talked to whether LastPass is secure so I figured why not give it a go. I learned a few things from it and thought I’d share it in a quick post, especially being how relevant a topic it is right now. Password management that is..
Recent Comments