Millions of WordPress sites left vulnerable by plugin flaw

Millions of WordPress sites have been left vulnerable by a scripting flaw found in two popular plugins, one of which is present in the default installation of the blogging platform, reports Computer World.The two plugins are JetPack and Twenty Fifteen, the first of which is a customization and performance tool, and the latter is a theme designed to allow infinite scrolling. Twenty Fifteen is installed into new WordPress sites as a default, multiplying the number of potential targets.

Read on, source: Millions of WordPress sites left vulnerable by plugin flaw

DDoS attacks have doubled in a year, says Akamai

Distributed Denial of Service (DDoS) attacks are on the rise, according to cloud service provider Akamai, with more than double the number reported from this time a year ago.Not only that, but the methods are changing to ensure DDoS attacks are longer-lasting, and inflict more damage, reports ZDNet. While last year DDoS attacks were characterized by high bandwidth but short duration, so far in 2015 attacks have used less bandwidth, but been of a far longer duration. An Akamai spokesperson told SC Magazine, “An HTTP flood will not consume a lot of bandwidth, but it will generate a lot of HTTP requests.” This still overwhelms the site, but makes it harder to see a malicious attack coming.

Read on, source: DDoS attacks have doubled in a year, says Akamai

What app permissions should I be wary of?

Mobile applications increasingly want access to various functions on your smartphones and tablets, such as your location and contacts book. But some of these app permissions should not be granted.App Store, Google Play and Windows Phone store users will know by now that, when installing an app or using a particular feature for the first time, the app will ask their permission to access certain features of the device. For example, a map application will ask for access to the GPS, while VoIP and other voice-calling applications may require access to the phone and device ID.

Read on, source: What app permissions should I be wary of?

Google reveals failure of ‘secret question’ password recall

A research paper from Google has looked into the difficulties of standard ‘forgotten password’ personal information verification.The paper, entitled ‘Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google‘ examined the usage of personal information to trigger a password reset, and discovered that it presents a number of difficulties, including forgetful users, guessable answers and fake responses.The study, which according to Silicon Beat covered ‘hundreds of millions of secret answers and millions of account recovery claims’, discovered that a massive 40 percent of American Google users couldn’t remember the answers to their own security questions.

Read on, source: Google reveals failure of ‘secret question’ password recall