Author: wefightforsecurity

The WordPress Plugin redirect editor was unlisted due to security issues in version 1.3. Thanks to help from the WordPress plugin security team and the former owner of redirect editor we were able to patch the plugin and take over the responsibility of maintaining the WordPress plugin redirect editor and we have been doing so. Unfortunately, more people are using the outdated exploitable versions than of those who are using the updated versions. Our first release was in the 1.4  branch, which had a ton of patches.  Unfortunately, 37 percent of users still use Redirect editor 1.3, which we find quite unfortunate, since we did not have control of the code back then and because we will be releasing  more information on the vulnerabilities affecting 1.3 and below in the near future.

 

Why release information on vulnerabilities in a WordPress plugin you now maintain?

Because people deserve to know what the heck is actually in the old software before we maintained it that makes the old versions in our professional opinion to insecure to safely use. If anyone finds an issue in the version we currently maintain, we will patch it ASAP.  If you are using the WordPress plugin redirect editor and are using 1.3 or below, you need to update immediately for the safety of your site.

 

If you have a WordPress plugin and are unable to maintain it, please contact us since we are always adopting plugins.

Webcams are always a good Christmas gift, so it’s always good to know which ones let other people spy on you.  The following allow people to control your webcam, and watch your every movement. Their is no password in place, the video is simply published to a url anyone can access and easily find on a site called shodan by looking up a search we will provide later on in the post.

The Trendnet advanced pan and tilt internet camera server TV-IP400  is one of these cameras that publishes everything you do and shodan indexes it. The skyipcam250w is by airlink101.com, nonetheless it also let’s anyone in the world spy on you and your family. Let’s not forget the Dlink Dcs‑900 Internet Camera, which also allows anyone to watch you.

 

These three cameras all have something in common, they use the camera web server 1.0 whose author may be a Mr. Steven Wu, since his name shows up as author along with every use of the camera web server 1.0. Whether there is a way to password these devices is not known to us, what is known to us is that your home is currently under the control of anyone who has access to the internet. The fact that these devices use camera web server 1.0 and the author name is Steven Wu, makes it easy for people to search and watch these users via shodan, by entering the relevant information. We believe you should disconnect your webcam if you own any of the above listed nor do we think these would make good Christmas presents for people you like.

 

This is the first out of 25 articles we are releasing this month on flaws, unknown exploits, and security vulnerabilities. We believe Christmas should be a time to also strengthen your security and make smart decisions on what you let into your house.

 

Black friday and Cyber Monday are great times to get what you need and want at low prices, but we believe it shouldn’t just be two days that these sales happen, at least not for us. We are giving you low prices for the rest of this month on all of our services and products.

Our Monthly automated services are 50 percent off from 20 dollars a month to ten dollars a month. Our SEO services went from 800 dollars a month to 500 dollars a month. Also our security audit went from 2000 dollars to 1500 dollars. All prices will be going back to normal in December, so this is a deal you don’t want to miss out on.