“Zero Day Exploits”, “Window of Vulnerability” and what they have to do with your site.

Zero Day exploits generally refer to a security hole in some software which someone, somewhere has found, but the software developers don’t know about it yet. They have literally had zero days to fix it.

A Window of Vulnerability in terms of the world of security research exists from the time that the security hole is discovered by someone – be it the software developer, a security researcher, or a malicious player – until the time in which a fix has been released. During this time the ideal scenario is that the software vendor is made aware of the problem and feverishly works to fix it. Software developers are typically very quiet about exploits for which there is no fix yet.

Note that this does not mean that nobody’s computer is vulnerable when the Window of Vulnerability closes and a fix is released. In fact, the period immediately after the Window of Vulnerability is probably one of the more dangerous times, as all the bad players can find out about the security hole and will attempt to use the exploit against those sites and systems which have not yet applied the fix.

Our goal at ProtectYourWP.com is, of course, to make that period of time between a fix being released and it being applied to your website as short as possible!

That’s why we check for updates to WordPress and its plugins and themes on a daily basis and apply the updates right away. The vast majority of hacked WordPress websites are those which have been lackadaisical about updates and left problems remain unpatched on their sites.

May ’18 news bits

It’s been a busy month and my twitter feed isn’t working right tonight as I write this, so I’m not going to be able to put in direct links or accurate quotes.

But it has been an interesting month in the security world! You may have heard about some of these in the news. Some highlights (and lowlights):

Major DDOS cyber crime website shut down –computerweekly.com

“Drupalgeddon” touches off arms race to exploit powerful web servers (the bug was patched in March, but many have not installed the patch).

Site linked to bank hackers is closed down. Site was responsible for selling a tool which enabled some 4 million cyberattacks.

Adobe patches four critical bugs in Flash, Indesign. (do your updates!)

Full article: https://threatpost.com/adobe-patches-four-critical-bugs-in-flash-indesign/131097/

Podcast: How millions of apps leak private data https://threatpost.com/roman-unuchek-on-apps-leaking-private-data/131332/

That’s it for this month! Stay safe out there!