Reporting Network Security Threats the Correct Way

Posted by Rudi in Friday, August 14th 2009   
Topics: Network Security Threats
Tags: ,
2 Comments

If you are a WordPress user you probably aware that Wordpress 2.8.4 has been launched recently.This update is something related to the loophole exists in the previous version that allowed an attacker to bypass a security check to verify a user requested a password reset. As a result, the admin account would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access but still it is very annoying because you can get this password change email repeatedly sent to you and unless you are familiar with the coding you can’t stop this attack. WordPress 2.8.4 is said to fix this problem so all of us have nothing to worry about it now.

My concern is not about the WordPress loophole actually. Network security threats can possibly be found in any platforms or programs and we might not realize they exist until somebody publicly tells us. I personally would be very happy to receive this information only from the vendors or developers – WordPress developers in this case – rather than receiving it from other people, unfortunately words already spread and people know nothing about internet coding can only hope nobody will attack their blogs while waiting for WordPress to fix this issue.

A blog author explained this WordPress vulnerability in one article of his blog, how to put it in practice and showed some examples of the results on sites he didn’t own. While the author mentioned that it was just a proof-of-concept most of the blog readers didn’t agree and put a lot of flames in the comment section. I don’t know what the author has in his mind, but if he did it to pull some comments to the blog by throwing a controversial issue then I have to admit his method worked. He got the comments with a lot of chili, scorn and flames mixed together. I guess people looked at this issue from different point of views, most of them got irritated because by that time no real solution was provided while the WordPress security issue has been publicly made. Only a small portion of them thanked the author for raising the issue.

In my opinion the better way to address the network security threats is to inform the software or websites developers / owners first. Let them take action and fix the problems before spreading the news. If no solution is provided and you have the solution you can help the community by giving the solution. You will get the rewards this way because you are providing solution to your blog readers. People would love to revisit your blog to find valuable contents.

Just my 2 cents,

- Rudi

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Diigo
  • NewsVine
  • Propeller
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • Twitter
  • Twitthis
  • Yahoo! Buzz

No related posts.

Related Post

Spread the word

Digg this post

Bookmark to delicious

Stumble the post

Add to your technorati favourite

Subscribes to this post

2 users responded to this post

Suparman said in August 18th, 2009 at 7:31 am    

Bravo Mr. Rudi. Salute to your courageoes ! Change the profession is no simple action. It should be change your mind set at all first. Good luck !

Your nex door. Thank you

Suparman

Rudi said in August 18th, 2009 at 9:11 am    

Hi Sir,

thanks for visiting my blog. Yes changing profession is not an easy decision but I guess I have to take the action anyway. Lots of people complained about their jobs but only a small percentage dare to quit.

Thanks again for your kind support.

- Rudi

Leave Your Comments Below

CommentLuv Enabled

You can add a link to follow you on twitter if you put your username in this box.
Only needs to be added once (unless you change your username). No http or @
 Twitter

«
»