Content-Type: |
multipart/alternative; boundary=bcaec54fbbba66173504bc4ec66e |
Sender: |
|
Subject: |
|
From: |
|
Date: |
Wed, 28 Mar 2012 09:53:48 -0500 |
In-Reply-To: |
|
MIME-Version: |
1.0 |
Reply-To: |
|
Parts/Attachments: |
|
|
Sorry to cross post if any of you are on the comp-sec list, but I think
this was timely in light of the recent Wordpress presentations and
discussion.
---------- Forwarded message ----------
From: Alan Amesbury <[log in to unmask]>
Date: Tue, Mar 27, 2012 at 8:01 PM
Subject: Wordpress, Joomla, and similar CMSes
To: [log in to unmask]
OITSEC has been seeing reports of Wordpress and other sites being
compromised and reconfigured to serve up exploit code to unsuspecting site
visitors. In some cases, compromised sites were configured in such a way
that they only served exploit code to certain clients, e.g., responses were
based on things like the client's browser identification string. This in
itself is not new, nor are weaknesses in Wordpress.
However, in one case, Wordpress and the platform on which it was running
was completely patched and had no known vulnerabilities. What apparently
happened was the admins were very diligent in ensuring the OS, web server,
and Wordpress were completely patched... but neglected to check for
vulnerable plug-ins/add-ons. If you're running a similar CMS that allows
plug-ins, those plug-ins needed to be added to your list of
software-patched-we-look-for.
Another weakness in some of the CMSes is themes. Code included in themes
added to the CMS may not be robust, and may introduce interesting
"features" that are later used by someone else to help you "maintain" your
server.
Bottom line: If you're running a CMS, please be careful to check that
*all* the sources for features in or added to the CMS are proactively
securing their code.
--
Alan Amesbury
OIT Security and Assurance
University of Minnesota
--
Tony Thomas
Web Developer
University of Minnesota
Student Unions & Activities
300 Washington Ave SE, Ste 500
Minneapolis MN 55455
Direct: 612-626-9820
Fax: 612-624-7256
sua.umn.edu <http://www.sua.umn.edu>
|
|
|