Rank Company site OS Outagehh:mm:ss FailedReq% DNS […]
Comment
Archive for security
987 results.
Hot on the heels of recent WordPress attacks, Netcraft has found a phishing attack which uses a script hosted on the official UGG blog at blog.uggaustralia.com. UGG — famous for its sheepskin boots — hosts its WordPress blog with Media Temple but its blog also contains a malicious PHP script which fleeces HSBC customers out […]
Certificate revocation and the performance of OCSP
Apr16
on April 16, 2013
at 9:30 am
Posted In: Uncategorized
Certificate revocation is a critical aspect of maintaining the security of the third-party Certificate Authority (CA) infrastructure which underpins secure communication on the internet using SSL/TLS. A certificate may be worth revoking when it has had its private key compromised, the owner of the certificate no longer controls the domain for which it was issued, […]
Angry Birds impersonated to distribute malware
Apr12
on April 12, 2013
at 4:29 pm
Posted In: Uncategorized
As part of Netcraft’s ongoing work in providing anti-fraud and anti-phishing services, we have recently discovered a significant number of Russian language attacks targeting users of popular pieces of software, including well known brands such as Angry Birds. This type of attack can be particularly successful as it exploits a user’s trust in a brand. […]
What’s on May 27, you ask? May 27, 2013 is the 10th anniversary of the first WordPress release! We think this is worth celebrating, and we want WordPress fans all over the world to celebrate with us by throwing their own parties. We’re using Meetup Everywhere to coordinate, and will be putting up a website […]
WordPress 3.6 Beta 1 is now available! This is software still in development and we really don’t recommend that you run it on a production site — set up a test site just to play with the new version. To test WordPress 3.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip). We’ve […]
Fake Mulberry stores promoted by hacked sites and black hat SEO
Apr04
on April 4, 2013
at 2:51 pm
Posted In: Uncategorized
Mulberry — well known for its luxury fashion accessories — is currently being impersonated by fake online stores which have successfully promoted themselves to the first page of search engine results by planting malign JavaScript on hacked websites.
Over the last few months, the Platform team of maintainers and developers have been talking about future directions. One of our goals for this year is to introduce namespacing. This has been a very large undertaking and as work has progressed, it became obvious that backward compatibility was going to be a constant battle. One of the negative side-effects of this would be that the Joomla CMS wouldn’t be able to use the planned 13.1 release of the Platform for some time if we introduced namespacing in that version.
After a lot of discussion both internally and with other developers in the community, in order to address the problem, as well as to take advantage of some new opportunities, we’ve decided to make some changes to the Platform.
Bitcoin success attracts hacking, phishing, and fraud
Apr03
on April 3, 2013
at 12:30 pm
Posted In: Uncategorized
Bitcoin, a distributed digital currency that cryptographically verifies transactions, has recently seen a large increase in usage — the total amount of Bitcoins in circulation is now well over $1B US Dollars and each Bitcoin is today worth more than $100. By way of comparison, Gibraltar — a British Overseas Territory and a conventional tax […]
cPanel & WHM Security Releases for 11.32, 11.34, and 11.36
Apr01
on April 1, 2013
at 9:47 pm
Posted In: Uncategorized
cPanel has published security updates for all supported versions of cPanel & WHM. These updates contain fixes for a problem with the Roundcube webmail application. We recommend all customers update to the latest build of each version as soon as possible. The cPanel Security Team has assigned a rating of …
As part of the normal budgeting process, the Production Leadership Team has come up with six goals for 2013. Those goals concern releases of the Joomla Platform and the Joomla CMS, continuing maintenance updates, and outreach and promotion to a technical audience.
Goal #1: Complete Three Iterations of the Joomla Platform Project.
Our goal is to release at least three new versions of the Joomla Platform in 2013. The timing of releases is not exact and only used for the benefit of planning. As such, we anticipate the following releases this year.
- Platform Release 13.1 on or about 31 March, 2013
- Platform Release 13.2 on or about 30 June, 2013
- Platform Release 13.3 on or about 31 October, 2013
The following sub-goals are also envisioned for the Joomla Platform.
1.1 Define and Ratify the Version and Deprecation Strategy for the Platform.
The release strategy for the Joomla Platform differs a little from the CMS because we generally consider work within a “year” as opposed to work within a particular “version”. However, the system is a little ad hoc and we’d like to bring some clarity to releasing the Joomla Platform. In addition, we aim to ratify the deprecation policy.
1.2 Implement Tools to Assist with Collaboration
We aim to look at tools that can be used to assist people working collaboratively on features within the Joomla Platform, and also help people work out what they can do, be that in the area of development, documentation or even general administrative maintenance. Possible outcomes could include a better policy by which we use Joomla Platform’s issue tracker on Github, or looking at other tools like Jira.
1.3 Introduce Namespacing
We aim, this year, to introduce namespacing to the Joomla Platform and to bring the core source tree in compliance with PSR-1. Doing so will allow the Joomla Platform to be integrated with other PHP projects and give developers using the Joomla Platform more options.
1.4 Lift Code Coverage for Each Package to a Minimum of 50%
We want to challenge the Joomla development community to raise our code quality and, this year, to ensure that all packages in the core platform have no less than 50% code coverage (lines of code).
1.5 Add Complete Documentation for 5 New Packages in the Platform Manual
We want to encourage the Joomla development community to add complete documentation for at least five package that currently do not have documentation.
Goal #2: Complete two full iterations of the Joomla CMS project.
We will release new versions of the Joomla CMS according to this schedule:
- CMS Release 3.1 in March, 2013
- CMS Release 3.2 in September, 2013
We will use PLT summits to discuss issues regarding the releases, supplemented by virtual meetings. We will examine and discuss ideas from the Joomla Ideas Pool, the Joomla Feature Patch Tracker and other sources. We will use these to announce visions or themes for CMS releases.
To accomplish this, we need volunteer developers, documenters, and translators. We will facilitate Pizza, Bugs and Fun (PBF) events, code and documentation sprints, working group meetings, Student programmes, Roadmap Sessions and other such events.
The following sub-goals are also envisioned for the Joomla CMS.
2.1 Lift Code Coverage for the CMS Libraries to 30%
We want to challenge the Joomla development community to raise our code quality and, this year, to ensure that the CMS libraries (the code found under /libraries/cms) have no less than 30% code coverage (lines of code).
2.1.1 Expand Test Coverage to Additional Code
In addition to unit testing the CMS libraries, unit test coverage should be expanded to other areas of the code, with a future goal of all PHP classes being testable. Prime candidates for unit testing would be the classes in the various /includes folders (application classes) and the FinderIndexer classes (administrator/components/com_finder/helpers/indexer).
2.2 Enforce Joomla Coding Standards in All CMS Files
Presently, the CMS is only enforcing a small subset of the Joomla Coding Standard, and excludes numerous files from being scanned for the various rules. Developers are encouraged to assist in bringing all files in compliance with the Joomla Coding Standards. This recognizes that the Joomla Coding Standard has different rules for alternate syntax in layout files.
2.3 Enforce Test Compliance Pre-Commit
The Joomla! CMS has numerous automated testing tools to assist in maintaining a high quality of code, however, patches to the CMS are not tested for compliance with these tests prior to being merged into the code base. Determine a method to enforce automated test compliance (unit and system testing, code standard compliance) without making the user contribution process more difficult.
Goal #3: Release maintenance updates to the current LTS and STS releases as required.
While the fun part is new features and releases, a major part of our responsibility is to the existing releases. Normal maintenance releases of an existing long term support release will be made until 3 months after the general availability of the next long term support release. Ongoing support of the short term releases continues until a month after a superseding release. The number, timing, and nature of the maintenance releases depends on the circumstances.
The Joomla Bug Squad and the Joomla Security Strike Team are the main volunteers spearheading this effort.
Goal #4: Outreach and promotion of Joomla to a technical audience.
The PLT aims to expand its outreach and promotion of Joomla to technical audiences, both those within and outside the Joomla project. We will do this by attending technical conferences and events, and speaking about current and future development within the project.
Members of the Joomla community will be invited to speak about and promote Joomla at events worldwide.
4.1 Participate in Google Summer of Code program
The Google Summer of Code program 2012 edition was very sucessful with several contributions to the Joomla Project (see http://conference.joomla.org/speakers/sessions/session/session/83-joomla-and-google-summer-of-code-2012.html). This year the Joomla Project plans to maintain support of this initiative and encourages the community to actively participate in the program.
4.2 Review and improve developer.joomla.org
We will be asking the development community to help us review the developer.joomla.org site to ensure that information is up-to-date, relevent and accurate. Our aim is that when people have questions about Joomla development, there is an easily found link on developer.joomla.org that they can be directed to that answers their question, or at least directs them to a place where they can find answers.
To do this, we will need a team of volunteers to help identify areas of the site that are missing content and need content modified.
Goal #5: Improve processes in Translating the Joomla Software and support the enhancement of the Joomla CMS multilingual system.
5.1 Support the creation of at least 3 new features on internationalization in Joomla CMS
Support the production teams in implementing improvements in the language areas of the project (“multilingual” and “language packages”). See these examples from 2012:
- News in Languages in Joomla 3.0.3: http://community.joomla.org/blogs/community/1714-languages-in-303-what-is-new.html
- News in Languages in Joomla 3.0.2: http://community.joomla.org/blogs/community/1695-multilanguage-in-302-whats-new.html
5.2: Halve the dedicated time needed by a Translation Team member to provide a language package for Joomla.
In agreement with the Translation Team, dedicate resources on improving processes and tools to automate the creation of translation packages and uploading them to the Joomla Languages Server.
5.3: Meet 3rd party developers needs by translating their Joomla extensions and find ways to improve and cooperate together.
Projects like Facebook (http://www.insidefacebook.com/…), RememberTheMilk (http://www.rememberthemilk.com/…/) or other projects using https://www.transifex.com are taking advantage of their communities in order to localize their software. Joomla is being translated by its community into 64 languages but there is plenty of space for more languages and more community participation. At the same time many Joomla 3rd party developers are searching for a solution on how their communities can contribute in the translation of their extensions. It is a goal for 2013 to study and identify common needs between the Joomla project and 3rd party developers interested in joining efforts to plan a solution for increasing the international community involvement in the translation of software. Some tools already exist that can be improved:http://extensions.joomla.org/extensions/languages/language-edition/17755
Goal #6: Refine and improve the user contribution process.
Since transitioning from SVN to Git in late 2011, the PLT has recognized that there have been struggles with the contribution process, particularly towards the CMS. Much of this headache exists in the issue/feature tracking processes, which are not connected to GitHub at present. The PLT aims to improve this process in 2013 by investigating ways to improve the existing Joomlacode infrastructure or evaluating the potential of implementing a new tracking system which suits the project requirements and improves the native integration with GitHub.
Community feedback requested
Feedback, comments, and discussion on the 2013 production goals are welcome. In order to facilitate communication, we encourage users to respond with their feedback on this thread on the Joomla General Development mailing list – https://groups.google.com/d/topic/joomla-dev-general/6K-mnKwzC2E/discussion.
Important: cPanel & WHM 11.36, 11.34, and 11.32 Security Releases
Feb26
on February 26, 2013
at 4:34 pm
Posted In: Uncategorized
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having important security impact. Information on …
Netcraft’s toolbar community has reported a sudden increase in the number of malicious scripts which direct webmail and online banking traffic through rogue proxy servers.
Following are the meeting notes from the Production Leadership Team meeting held in February 2013.
Version 12.3 of the Joomla Platform released
Feb05
on February 5, 2013
at 10:36 pm
Posted In: Uncategorized
Version 12.3 (“Curiosity”) of the Joomla Platform was tagged and released on 20 December 2012. It is the third release of the 12.x series. In addition to numerous bug fixes, documentation updates and it also brings new features, the main ones: 
- Platform manual converted from DocBook to Markdown to improve readability and enhance contribution.
- Extensive additions to the platform documentation.
- Easier query construction with JDatabaseQuery::format
- Support for composite keys in JTable
- Improvements to the JGitHub API
- Improvements to JLog around excluding categories and features for syslog
- Improved Windows support for testing and building
- PHPMailer updated to 5.2.2
The full list of commits is available here https://github.com/joomla/joomla-platform/commits/12.3 and the api doc here http://api.joomla.org. The Joomla! Platform Manual is available at http://joomla.github.com/joomla-platform/.
Project size
- Classes: 305 (300 in platform 12.2)
- Methods: 2187 (2136 in platform 12.2)
Summary of code quality
- Check style: 123 warnings (124 in platform 12.2)
- Test Coverage: 39.4% (38.16% in platform 12.2).
Feedback wanted for Joomla Compatibility Check Feature
Feb05
on February 5, 2013
at 10:21 pm
Posted In: Uncategorized
If you are a Joomla extension developer, your feedback on a proposed new method of checking extension compatibility with Joomla, before a Joomla upgrade takes place, is needed. This is your chance to influence a major Joomla feature which will stay with us for years to come.
Providing your feedback is very simple. There is a forum thread where you can voice your concerns or express your support. All arguments will be carefully considered. The discussion will be open until 2 January 2013. Now is the time for your voice to be heard.
The Joomla Platform Maintainers would like your feedback about whether, as a community, we want to change the license under which the Joomla Platform is released to the LGPL. It is felt that in moving to the LGPL, we will be able to allow more people to integrate the Joomla Platform with their software solutions, and that will translate to an increase in support for the Joomla project overall.
Please give your feedback via the Joomla Platform LGPL Survey. This survey will remain open until the 2 January 2013. After the feedback is collected and reviewed, we will publish the results in a consolidated form and make a determination about what the next steps, if any, will be.
Please note, the feedback relates only to the license of the Joomla Platform. There is no proposal to change the license of the Joomla CMS.
The Joomla Platform Maintainers thank you in advance for your valued feedback.
Version 12.2 of the Joomla Platform released
Feb05
on February 5, 2013
at 10:11 pm
Posted In: Uncategorized
Version 12.2 (“Neil Armstrong”) of the Joomla Platform was tagged and released on 21 September 2012. It is the second release of the 12.x series. Joomla Platform 12.2 was also included in the Joomla CMS 3.0 release. In addition to numerous bug fixes, it also brings new features, the main ones: 
- New (and generic) web application routers
- New password hashing interface and basic implementation
- Basic PHARchive support
- New JInputJSON class
- Allowing override of the xx-XX.localise.php
- Composer support
With the addition of Composer and PHARchive support in this release, the Joomla Platform extends its available distribution channels and formats.
The full list of commits is available here https://github.com/joomla/joomla-platform/commits/12.2 and the api doc here http://api.joomla.org
Project size
- Classes: 300 (309 in platform 12.1)
- Methods: 2136 (2122 in platform 12.1)
Summary of code quality
- Check style: 124 warnings (142 in platform 12.1)
- Duplicate code: 27 warnings (27 in platform 12.1)
- Programming Mess Detector (PMD): 801 warnings (702 in platform 12.1)
- Test Coverage: 38.16% (39.70% in platform 12.1).
Version 12.1 of the Joomla Platform released
Feb05
on February 5, 2013
at 9:52 pm
Posted In: Uncategorized
Version 12.1 (“Louis Landry”) of the Joomla Platform was tagged and released on 9 May 2012. It is the first release of the 12.x serie. In addition to numerous bug fixes, it also brings new features, the main ones: 
- Simplified foundational classes for Model, View and Controller
- Database iterator
- PostgreSQL driver
- New Crypt package
- File patcher
The full list of commits is available here https://github.com/joomla/joomla-platform/commits/12.1 and the api doc here http://api.joomla.org
Project size
- Classes: 309 (270 in platform 11.4)
- Methods: 2122 (2000 in platform 11.4)
- Lines: 28540 (25970 in platform 11.4)
- Comments: 56837 (62155 in platform 11.4)
- Blank lines: 10472 (11877 in platform 11.4)
Summary of code quality
- Check style: 142 warnings (199 in platform 11.4)
- Duplicate code: 27 warnings (26 in platform 11.4)
- Programming Mess Detector (PMD): 702 warnings (1002 in platform 11.4)
- Test Coverage: 39.70% (41% in platform 11.4). The decrease is due to the move of some classes to the legacy folder.
WordPress 3.5.1 Maintenance and Security Release
Jan24
on January 24, 2013
at 10:23 pm
Posted In: Uncategorized
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. For a full list of changes, consult the list of tickets and the changelog, which include: Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare […]
Netcraft removes phishing attacks in less than half the industry average time
Jan24
on January 24, 2013
at 3:48 pm
Posted In: Uncategorized
Netcraft’s phishing site countermeasures service helps organisations targeted by phishing attacks remove the fraudsters’ forms as quickly as possible. Recently we became aware that our median times for takedowns are very much better than the industry average calculated by the Anti-Phishing Working Group (APWG) in its most recent Global Phishing Survey. The APWG found that phishing […]
Another year is coming to a close, and it’s time to look back and reflect on what we’ve accomplished in the past twelve months. The WordPress community is stronger than ever, and some of the accomplishments of the past year are definitely worth remembering. Software Releases We had two major releases of the WordPress web […]
cPanel recently released EasyApache 3.16. This version of EasyApache contains an updated version of ModSecurity that has an important change to Rule IDs which will affect you. In addition to the RuleID change, another change in ModSecurity that affects directive names will be incorporated into EasyApache 3.18. Unique Rule IDs …
Netcraft’s new phishing attack map provides a real-time visualisation of the phishiest countries in the world.
It’s the most wonderful time of the year: a new WordPress release is available and chock-full of goodies to delight bloggers and developers alike. We’re calling this one “Elvin” in honor of drummer Elvin Jones, who played with John Coltrane in addition to many others. If you’ve been around WordPress a while, the most dramatic […]
Case 60203 Summary Password hashes truncated by 0×80 characters Security Rating cPanel has assigned a Security Level of “Moderate” to this vulnerability. Description cPanel & WHM relies on the Crypt::Passwd::XS Perl module to perform password hashing. This module suffers from the same vulnerability disclosed in CVE-2012-2143 where passwords with the …
Case 59926 Summary Multiple privilege escalation vulnerabilities due to the use of Storable for serialization Security Rating cPanel has assigned a Security Level of “Important” to this vulnerability. Description The Perl Storable module provides support for serialization and deserialization of Perl data structures. In cPanel & WHM this functionality is …
Case 61251 Summary Arbitrary code execution via translatable phrases due to the use of Locale::Maketext Security Rating cPanel has assigned a Security Level of “Important” to this vulnerability. Description The Perl Locale::Maketext module is used to render translatable phrases into a user’s chosen locale. cPanel & WHM uses this module …
Case 60970 Summary Privilege escalation vulnerabilities due to the use of YAML::Syck for serialization Security Rating cPanel has assigned a Security Level of “Important” to this vulnerability. Description The Perl YAML::Syck module provides support for serialization and deserialization of data structures using the YAML format. In cPanel & WHM this …
Case 62230 Summary Shell code injection via translatable phrases in Cpanel::Locale Security Rating cPanel has assigned a Security Level of “Important” to this vulnerability. Description The Cpanel::Locale module wraps around Perl’s Locale::Maketext module and extends it to provide additional Maketext tags and functionality. Locale::Maketext is used to render translatable phrases …