security

Updating to WordPress 5 on a Linux Host: Requesting FTP Credentials

WordPress 5 didn’t install automatically on sites hosted on my CentOS 7 WordPress hosting server. That’s by design, because I’m selfish and I’d rather wait for a few bug-fix releases before making a major upgrade. When I chose to upgrade manually on a test site, WordPress asked for my FTP credentials: If you’re hosting WordPress …

Updating to WordPress 5 on a Linux Host: Requesting FTP Credentials Read More »

Protecting a RESTful JSON API from a CSRF attack

“Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated” (OWASP definition) CSRF is related to Cross-Site Scripting (XSS), but does not require the execution of Javascript or any other front-end code. In fact, APIs are increasingly vulnerable to CSRF …

Protecting a RESTful JSON API from a CSRF attack Read More »

Upgrade Ubiquiti UniFi Access Points (WAP) now to avoid KrackAttack

On October 15, 2017, security researcher Mathy Vanhoef announced the discovery of KrackAttacks, a serious flaw in the WPA2 encryption protocol that encrypts most WiFi connections. Using this method, an attacker can decrypt traffic from almost any wireless access point (WAP) and clients. Every WiFi access point will need to be upgraded with patch that prevents …

Upgrade Ubiquiti UniFi Access Points (WAP) now to avoid KrackAttack Read More »