“We’ve updated our Terms of Service and our Privacy Policy”

I’m sure we’ve all seen at least a dozen or so of these types of messages over the last month.  The majority of the changes were brought on by the General Data Protection Regulation (GDPR) which is essentially a framework for the collection and usage of personal information gathered within the European Union.

Couple that with the recent revelations of Facebook’s massive data collection, and subsequent breach, and more people are starting to think about their privacy.

Read more: Privacy and the Tor Browser Bundle

"Action Pack in Ruby on Rails before, 4.x before, and 4.2.x before allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method."

Read more: CVE-2016-2098 Python POC

This is For Educational Purposes Only.  

WordPress controls approximately 60% of the Content Management System (CMS) market.  The majority of the websites we develop and manage are running WordPress.  With 60% of the market running a single product, it makes a lot of sense to focus attacks on WordPress.  Odds are pretty good you'll be able to recycle work which is why I started thinking about how I would steal WordPress credentials.  

Read more: Wordpress Credential Stealing

You have a website, you want to protect it from attacks, and you hide it behind a web application firewall (WAF).  If your site was already public and you move it behind a WAF, bad actors can find your site.  Depending upon which WAF you're using, your site's actual location could also be discovered regardless of whether it was previously public on another server.  And if you're not locking down access to the site exclusively to the WAF, bad actors can attack your site without the protection of the WAF.

Read more: Website Behind the WAF

I'm not sure which Windows Update causes this issue but it changes the associations for a number of extensions causing quite the problem.  A system restore failed and I was left to hunt for a solution.  Searching around, I found a number of options but nothing solved the problem until I came across the following Powershell one-liner:

Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

Read more: TwinUI Default App Association

You receive the following error in Joomla:


The TinyMCE Editor Plugin has been updated. Currently it uses your existing configuration. By editing the plugin, you can now assign and customise various layouts to specific user groups.

Warning: when editing the plugin, you will lose all your previous settings!"

Read more: Warning: The TinyMCE Editor Plugin has been updated