April 2015

ISO: WordPress 4.2 stored XSS vulnerability

Colleagues,

Over the weekend a cross-site scripting (XSS) vulnerability in WordPress was publicly disclosed that affects all versions of WordPress prior to 4.2.1. This vulnerability could enable an attacker to execute arbitrary code on the plugin and theme editors of a WordPress site--which could enable full compromise of the site itself--if a specially crafted XSS payload were placed in the comments section and then viewed by an authenticated administrative user.

Yesterday, the WordPress security team released what they've classified as a "critical" security

Algorithm for Detecting Phishing Websites

I've been asked to detail an algorithm which will allow you to identify (and hence avoid providing credentials to) phishing websites indicated in email messages. Sometimes it's not entirely clear if the message you're getting is legitimate or a scam, so it's nice feeling comfortable clicking on a link and determining with certainty that it is. Note that clicking on the link is generally not that problematic

How to Track a Lost or Stolen iPhone, iPad, or Mac Laptop

"Find my iPhone" is the tool from Apple to help you keep track of your Apple iPhone, iPad, and Mac devices.

"Find my iPhone" can show you a map of where your device is, play a noise on the device to help you locate it, and even allow you to remotely lock the device in the event that it may have gotten into the wrong hands.

Instructions on setting up your device for "Find My iPhone" can be found at http://support.apple.com/kb/ph2697

Written by Eric Rostetter, Senior System Administrator

Recent Exploit Targeting OS X 10.10.2 and Older

[ATTN: System administrators of OS X]

A recent exploit was announced in OS X that users should be aware of.

The exploit affects OS X 10.10.2 and older.

Users are encouraged to update to 10.10.3 as soon as possible.

OS X 10.9.x and older versions remain vulnerable and it is not clear if Apple will patch these versions.

CNS Sites: A Self-Service Web Hosting Platform

CNS Sites is a self-service web site creation and maintenance service provided by CNS. It allows faculty, staff and CNS groups to easily create their own unique, beautiful, and easy-to-maintain full-featured dynamic web sites on the fly. This service is free to all CNS faculty and staff, and for personal, class, lab, or group use.

CNS Sites has several advantages over most other available platforms:

The Unpatchable USB Vulnerability

Did you know that USB interfaces can leave you open to vulnerabilities and exploits? Last summer, two hackers demonstrated that the firmware of almost half of all USB devices is hackable. Each USB peripheral runs its own controller and firmware to talk to the device into which it is inserted. Whether a USB device is hackable or not depends on whether its controller's firmware is reprogrammable. If so, these hackers showed that it can be reprogrammed to hold and run malware that is invisible to the OS of a machine with USB ports.

Malicious hacks that

IT Support Blog

Office of Information Technology