Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

IT Security Approach Minimises Hack Impact At WordPress

Lieberman Software : 18 April, 2011  (Technical Article)
Encrypted password files at WordPress saves commercially sensitive data from loss during successful hack of the company's source code
IT Security Approach Minimises Hack Impact At WordPress

Reports that hackers have gained root-level access to the servers of WordPress.com mean that the popular blog publishing platform has joined the long list of companies whose portals have been hacked but, says Lieberman Software, the fallout could have been a lot worse, had it not been for a sensible IT security approach at the company.


"Although the hackers would have been able to download much of the source code on the servers, possibly including custom-developed code of premium clients of the company, WordPress appears to have followed best practice and encrypted the password files, as well as private information such as credit card details," said Phil Lieberman, president of the identity management specialist.


"Media reports over the last day or so have played up the hack as if it is the end of the world for the blogging industry, when it plainly isn't. By encrypting user credentials and associated data, WordPress has followed the advice of the IT security professionals," he added.


According to Lieberman, adopting a strategy of encrypting and locking down access to private and financially sensitive data is a best practice that a growing number of organisations are adopting, particularly now that the understanding of the insider threat is growing.


Where previously security defences have focused on preventing an external attack occurring, he explained, a growing number of IT professionals are realising the risk of an attack from inside the company, either from rogue members of staff or, has happened in this case, hackers have gained access and started rummaging around on the servers.


They are then, he says, adopting a modular strategy to deploying security systems, using technologies such as identity management, encryption and need-to-know access rights for sensitive files.


By encrypting the private and financially sensitive data on the servers, as well as user passwords, the Lieberman Software president says that WordPress has limited the damage that has occurred.


"It's interesting to note that - almost certainly because of the fact that it has 18 million customers - WordPress has been the target of a number of hacker attacks. Back in 2009 the company hit by a series of malicious attacks and earlier this year suffered a massive distributed denial of service attack," he said.


"This time around, it looks as though the company has taken a sensible approach to security and reasoned that, even if hackers get through its external defences, as has clearly happened, they can limit the damage that has been done. Other high-profile organisations should take notice this planned defensive strategy," he added.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo