security

Another Reason to Enable Private IP Addresses on Google Cloud SQL

Google Cloud SQL recently introduced the capability for an instance to have an IP address within the private address space of your VPC network. Previously, all Cloud SQL instances had IP addresses within the address space of the public Internet. Obviously, the public IP was a security and privacy concern, as well as a potential …

Another Reason to Enable Private IP Addresses on Google Cloud SQL Read More »

Updating to WordPress 5 on a Linux Host: Requesting FTP Credentials

WordPress 5 didn’t install automatically on sites hosted on my CentOS 7 WordPress hosting server. That’s by design, because I’m selfish and I’d rather wait for a few bug-fix releases before making a major upgrade. When I chose to upgrade manually on a test site, WordPress asked for my FTP credentials: If you’re hosting WordPress …

Updating to WordPress 5 on a Linux Host: Requesting FTP Credentials Read More »

Protecting a RESTful JSON API from a CSRF attack

“Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated” (OWASP definition) CSRF is related to Cross-Site Scripting (XSS), but does not require the execution of Javascript or any other front-end code. In fact, APIs are increasingly vulnerable to CSRF …

Protecting a RESTful JSON API from a CSRF attack Read More »

Upgrade Ubiquiti UniFi Access Points (WAP) now to avoid KrackAttack

On October 15, 2017, security researcher Mathy Vanhoef announced the discovery of KrackAttacks, a serious flaw in the WPA2 encryption protocol that encrypts most WiFi connections. Using this method, an attacker can decrypt traffic from almost any wireless access point (WAP) and clients. Every WiFi access point will need to be upgraded with patch that prevents …

Upgrade Ubiquiti UniFi Access Points (WAP) now to avoid KrackAttack Read More »