13/05/2015 - Posted by Roshelle Curtis
It’s not been the best week of news. First there’s reports of WordPress websites and server attacks, after it was found in late April that Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS). (Which is why we develop with the military grade security of FileMaker!) Then there’s the potential internet price hikes, from ISPs passing on their metadata retention scheme implementation costs. When it rains, it pours – so if you’re a bit wet behind the ears, when it comes to all this – then join under our umbrella, and the skies will soon clear!
The Word on WordPress…
So what does this mean if you have a WordPress site? Well the WordPress Official Documentation (Codex) for use of the add_query_arg() and remove_query_arg() functions (to modify and add query strings to URLs) were apparently not so clear, and mislead many plugin developers. This means some have been used in insecure ways, leaving them open to XSS. In layman’s terms, if you have a current WordPress website this could mean that it may’ve been open to hacking.
Local competitors who offer WordPress websites have been inundated with issues (mainly spam email blasts, leading to consequent blacklisting problems). However, everything from contact forms to e-commerce, calendars, SEO and Google Analytics were left potentially vulnerable, prior to patches and updates being made available.
If your site has auto-updates enabled it should hopefully be patched – possibly before you ever realised there was a problem. But if not, it may be an idea to test your online forms and check any integrated auto-response outboxes. Feel free to approach our team and they can assist too – or we can update your website, and create things afresh with FileMaker (even using existing content, layout and images if preferred) to avoid any potential reoccurrences of such issues in the future.
Afterall, only the top 400 or so plugins had been analysed for security vulnerabilities and patched by late April, so it may take a while for all the bugs to be ironed out! What can be done in the interim, aside from approaching us? Ensure you have clean back-ups for restore.
Australian VPN Figures…
On the topic of unexpected issues, revisiting last week’s blog it’s now been reported by The Age that CHOICE potentially found 684,000 Australian households were already using VPNs to access overseas content. This November 2014 CHOICE survey was referred to in Digital Life, from The Age online this week – and sourcing the original CHOICE data, 8% of Australians aged 18-65 access overseas content through subscriptions or by buying direct through overseas online stores like iTunes USA (inferred to being possible via VPN). It seems from all reports that Game of Thrones and such popular shows are at the heart of these trends.
Internet taxing – Telcos tell clients fees may rise – Customer IS_P’d…
In further news, The Age also publicised this week that consumers are likely to end up footing half to two-thirds of the $319.1 million that the metadata retention scheme is estimated to cost to telcos and ISPs, which may rise service prices to cover things. With the government providing only $131 million of the cost, iiNet was already quoted last year as claiming their $100 million compliance fee could likely result in a $5 to $10 increase in monthly charges, if not compensated by the government. The Internet Society was also noted as being concerned how it would impact smaller ISPs. Hopefully the outcome won’t reduce competition within the market, but only time will tell.
As Jon Snow says – Winter is coming! When it rains it pours… and as the start of Winter approaches, it looks like a deluge is ahead! Stay tuned for all the latest news trending – and let us know your thoughts on the potential outcome of all this?