WordPress

WordPress Users Should Update Once Again.

WordPress 4.2.2 Critical Update

Yes. Shortly after 4.2 comes yet another update, so take heed.

The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file that is vulnerable to a cross-site scripting attack. To help protect users, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it.

Finding Your Best Hosting Option

We get many questions regarding hosting options! The variety of choices can often be somewhat overwhelming for businesses large and small.

Is a shared solution adequate for your needs, or could you be compromising valuable data? What exactly is a virtual private server (VPS)? Does my growing business dictate a more secure solution? I’m fairly certain our business needs a dedicated server or more, but should we just buy our own?

With that in mind, we’ve developed a brief article that discusses and compares the advantages of three popular hosting options in a simple, straightforward way: shared hosting, virtual private servers, and dedicated servers.

Are You At Risk?

It seems it’s again all the news. Recent breaches of historic proportions – think Anthem and Target, to name but a few, have confirmed that proactive web security measures are now a must for websites of all sizes and types.

A primary scanning, analysis and reporting tool is that of Website Application Vulnerability Scanning (WAVS). You can visit our website to learn more about this important issue.

Google I/O 2015 Roundup

So what was up at Google’s big event? In a nutshell: Android M, new Google Photos, iOS-friendly Google Cardboard, clothes into wearables, ultra-secure Project Vault, and the Project Abacus initiative for better authentications. Google Cardboard got plenty of play for its ability to share a VR experience with a simple viewer anyone can build or buy. Get it, fold it and look inside to enter the world of Cardboard. Tech Radar has a roundup. The Verge also has a recap.

It’s A Wrap. Win 10 To Hit The Streets.

Whether you’re ready to take the leap or not, Windows 10 has an official release date and pricing. The release date is now July 29. The price? Well, it depends. At retail it will be $119 for Windows 10 Home, $199 for Windows 10 Professional. But wait. There’s still the free offer out there: If you have a licensed copy of Win 7 or Win 8.1 you still qualify for a free upgrade for a year.

The Verge takes a look at the many faces of Win 10 on their feature page, and, if you want to peek at specifications from Microsoft, go here.

WordPress Users Should Update Plugins Now!

Even the latest WordPress 4.2 is vulnerable, so users are warned. In particular the most recent bulletin notes that the XSS flaw is executed through comments and permits the attackers to execute arbitrary code, or, in effect, become the administrator.

A quick fix is to eliminate comments until a patch is released, and to avoid logging in as an administrator.

Multiple WordPress plugins may be vulnerable to the persistent cross-site scripting (XSS) flaw. A list of the known plugins is available here, but WordPress users have been urged to update all plugins now.

Cross-site Scripting allows an attacker to embed malicious content into a vulnerable page to gather data. The use of XSS can expose and compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems.

You can also read more at Net-security.org.

**Note that because WordPress has particular security issues, SiteVision offers an update service on an as requested basis ($60) or as a monthly maintenance feature ($60 monthly, 1st month free). Just contact us.

[divider_line]

SiteVision’s Daria Norris to Speak at National Development Conference

Daria, SiteVision’s Lead Technical Architect, has been invited to speak at this year’s dev.Objective() conference, May 12-15 in Bloomington, MN. The web-centric conference covers a wide variety of topics relating to software development and skills with content geared toward mid-to-advanced-level developers.

Norris will deliver two sessions. The first, Feed Your Beans: From Anemic to Domain Driven Modeling, will cover four model patterns, their pros and cons, common anti-patterns, business logic in beans, and domain driven modeling. The second session, FW/1 3.0: Simplify Your Workload, will focus on Framework One (FW\1) and Inject One (DI\1) and how to simplify development workload while providing best practices.

The conference session list typically includes topics by speakers from companies such as Google, Adobe, Mozilla, Netflix, and IBM.

Kudos to Daria!

[divider_line]

VITA Renews Annual Service Contract With SiteVision & Adds Services

SiteVision will continue to serve as a provider for Hosting and Software as a Service (SaaS) for Virginia State Agencies, including all local government entities.

Vulnerability Scanning Added this year is a provision for Web Application Vulnerability Scanning. Application Vulnerability Scanning is a technique to identify and assess security risks before a possible or likely exploitation.

The process has become increasingly important as major intrusions escalate across all web stratifications.Virginia Agency and local government entities can contact SiteVision for consultation and pricing.

The Virginia Information Technologies Agency (VITA) administers the contract awards and renewals as part of Virginia’s electronic government services program (eGov).

[divider_line]

Google in the News

Google Introduces “FI”

Google calls it a new way to say “hello.” Reviewers call it anything from a takedown of the big wireless providers, to a fairly underwhelming offering. But what seems to be consistent is “fi’s” potential to be a game changer.

So what is it? Google has confirmed plans to launch its own wireless service, Project Fi, which automatically switches between Wi-Fi and Wireless to give you the best possible coverage. Partnering with Google are T-Mobile and Sprint.

Fi comes with one plan at one price, Google says. For $20 a month, subscribers get the talk, text, visual voicemail, Wi-Fi tethering and international coverage. It’s $10 per gigabyte of data after that for cellular data while in the U.S. and abroad. In a nice twist, the plan refunds any data you don’t use.

In some studies, close to 30% of carrier paid-for data goes unused, suggesting consumers are considerably over-paying for unneeded data coverage.

Described as a “project,” Fi is by invitation only for the initial offering, and works only on Nexus devices.

You can read more at Google, USA Today, TechRepublic and Mashable.

[divider_line]