McAfee is one of the leading antivirus solution vendors of
the world. Not only the company develops strong and reliable antivirus
solutions, but it also provides other security solutions and PC utility tools.
The company also constantly keeps an eye on the latest data security trends and
the attacking techniques used by the criminals.
The researchers at McAfee recently discovered a flaw in one
of the most popular blogging platforms, ‘WordPress.com’. According to McAfee an
exploitation of this flaw in WordPress could give the hackers an access to a
WordPress account by simply copy pasting a line of code, which is transmitted
over Wi-Fi networks. WordPress currently is a home for more than 60 million
websites around the world plus, many personal blogs. This fact makes the
reported flaw a pretty big deal.
The security hole is actually the result of WordPress
failing to employ encryption for its login cookies. The cookies are one useful
aspect of using internet. They are usually secure and basically help while
logging into a website. But this time the cookies were not secured. This is
because while logging into WordPress in public Wi-Fi, the critical cookie was
sent over HTTP in plain text. This means that the cookie is not encrypted, and
can be easily intercepted by a hacker who is in the same public Wi-Fi.
Once the hacker has intercepted the cookie then he/she can
bypass two-factor authentication on WordPress. This gives him/her the complete
control over the hijacked WordPress user’s account. The hackers can use-exploit
the hijacked account in many ways. They can pose as the account holder in
comments, or post articles, see private post, create new blog, and see blog
stats etc. All of these activities are very useful for phishing attacks. The
hackers can post links navigating to malicious websites in the hijacked
account’s blog.
A hacker can also make use of the reported vulnerability to
activate two-factor-authentication on accounts which haven’t activated the
security measure yet. This can possibly block the original account holder from
accessing his/her account if his/her mobile is not already linked to the
account.
However the attackers are not able to alter the account
password and payment options.
So how to stay protected? Well the answer is simple. The
users have to be more attentive while browsing or logging online, stay away
from anything which is suspicious, do not use public Wi-Fi to log into
WordPress (for now), and use comprehensive security software, like those of
McAfee, Vipre, Norton etc. McAfee antivirus and McAfee internet security are
two of the reliable and effective security software at this front. Start using
them to stay protected and if problems arise then dial McAfee technical support phone number and connect to the expert
technicians. One good company where you can find reliable, easy, and cost
effective McAfee support is SupportMart. Get in touch with the experts and get
instant resolution to your technical problems.
To conclude all, a new found flaw in WordPress is here,
though the reported flaw’s exploitation cases are not big in number, but the
flaw sure is harmful. Simply stay attentive and install reliable antivirus
solutions to stay protected. And, when a need of support like VIPRE antivirus support or support for
other technical issues is felt, then contact the experts.
No comments:
Post a Comment