How to secure your CMS with out patching

In as little as four hours, the bad guys can reverse engineer a software patch for an open-source content management system (CMS) and build an exploit capable of turning millions of websites into spammers, malware hosts or DDoS attackers.  “There’s just not enough time for normal site owners to apply the updates,” said David Jardin,

Continue Reading

Even weak hackers can pull off a password reset MitM attack via account registration

At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, “The Password Reset MitM Attack” (pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures. They dubbed the attack:

Continue Reading