Responsible Disclosure!

Who-is-responsible

Sucuri discovered the vulnerability, and informed the MailPoet team, gave them information and time to fix the issue. The MailPoet team did resolved it, but Sucuri disclosed the vulnerability to the wild just within 24hr of MailPoet released the update at WordPress.org.

This is not a Responsible Disclosure! We all are glad to Sucuri that they discovered the issue and informed the developer, but how on earth they expected a plugin which is downloaded more then 2 million times, and one of the most used plugin in its sector, could force their user to update to latest version within 24hr?

Result – 50 thousand WordPress site hacked using this exploit!

Who to blame? The security firm that we all love or their Responsible Disclosure?
Continue reading “Responsible Disclosure!”

How To Secure Server After Heartbleed OpenSSL Vulnerability

heartbleed

Heartbleed is probably the worst thing ever happen to internet in whole. Its old news, all server and application should be already updated. If your server is not, here I will share very basic process to fix it, should not have more then 1 min. Yes, just 1 min and your server will be secured from Heartbleed Vulnerability.

Continue reading “How To Secure Server After Heartbleed OpenSSL Vulnerability”