• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Customer Servant Consultancy

Where we develop robust web sites with emphasis on accessibility

  • About
  • Our Work
  • Code Snippets
  • Testimonials
  • WordPress With A Screen Reader
  • Let’s Talk
  • Read
  • Note
  • Article
  • Bookmark
  • Like
  • Watch
  • Reply
  • Listen
  • Quote
  • Repost
  • RSVP
  • Issue
  • Video

WordPress 5.2: Mitigating Supply-Chain Attacks Against 33% of the Internet

8 May 2019 by Amanda Rush 2 Comments

Read WordPress 5.2: Mitigating Supply-Chain Attacks Against 33% of the Internet by Scott Arciszewski

WordPress 3.7 was released on October 24, 2013 and introduced an automatic update mechanism to ensure security fixes would be automatically deployed on all WordPress sites, in an effort to prevent recently-patched vulnerabilities from being massively exploited in the wild. This is widely regarded by security experts as a good idea.
However, the WordPress automatic update feature had one glaring Achilles’ heel: If a criminal or nation state were to hack into the WordPress update server, they could trigger a fake automatic update to infect WordPress sites with malware.
This isn’t just a theoretical concern, it could have happened if not for WordFence’s security researchers finding and disclosing an easy attack vector into their infrastructure.
WordPress 5.2 was released on May 7, 2019 and provides the first real layer of defense against a compromised update infrastructures: offline digital signatures.

Filed Under: Security


Respond

Likes

  • ?? ? ??????????

Reposts

  • Katherine Moss

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Copyright © 2022