The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

http://conference.hitb.org/hitbsecconf2014kul/#tile_schedule

Triple-Track Conference - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/conference-speakers/

 

Capture the Flag - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/capture-the-flag/

HackWEEKDAY - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/hackweekday/

CommSec Village - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/commsec-village/

REGISTER ONLINE NOW

WordPress Blogs at Risk Due to Plug-In Flaw

http://rack.0.mshcdn.com/media/ZgkyMDEzLzAxLzAxLzc5L1dvcmRQcmVzc0RyLjUwMWIwLmpwZwpwCXRodW1iCTk1MHg1MzQjCmUJanBn/a323acd7/69f/WordPress-Drawing.jpg

A security flaw in the default configuration of a popular plug-in for WordPress has put blogs hosted on the platform at risk of data theft.

The flaw, discovered by researcher Jason Donenfeld, is in W3 Total Cache (W3TC), a plug-in to the blog-hosting platform that caches content in order to speed up request times.

Since data are stored similarly and in searchable form, Donenfeld says it's possible to extract sensitive information like password hashes and database cache keys from any directory that has been enabled. Even directories that aren't enabled wouldn't be very difficult to guess, a Seclist.org post on the matter said.