Slashdot Mirror

← Back to Domains

Domain: w3techs.com

Stories and comments across the archive that link to w3techs.com.

Stories · 3

  1. As PHP 5.6, Still Used By a Large Number of Websites, Approaches Its End of Life Deadline, Some Worry About the Consequences (linkedin.com)

    Developers · Php · · posted by msmash · from the ticking-time-bomb dept. · 151 comments
    An anonymous reader writes: I know PHP isn't to some devs liking, but chances are you know people who work with PHP or have sites that are built with it. PHP 5.6 and 7.0 are shortly coming to the end of the support period for security patches, so what plans have you made to migrate code and sites to newer platforms? With apparently huge numbers (80%) of sites still running PHP 5.6, there appears to be little industry acknowledgement of the issue. Is there a ticking PHP Time Bomb waiting to go off?

  2. WordPress Auto-Update Server Had Flaw Allowing Persistent Backdoors In Websites (theregister.co.uk)

    Tech · Security · · posted by BeauHD · from the recipe-for-disaster dept. · 33 comments
    mask.of.sanity quotes a report from The Register: Up to a quarter of all websites on the internet could have been breached through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The since-shuttered remote code execution flaw was found in a php webhook within api.wordpress.org that allows developers to supply a hashing algorithm of their choice to verify code updates are legitimate. Matt Barry, lead developer of WordPress security outfit WordFence, found attackers could supply their own extremely weak hashing algorithm as part of that verification process, allowing a shared secret key to be brute-forced over the course of a couple of hours. The rate of guessing attempts would be small enough to fly under the radar of WordPress' security systems. Attackers that used the exploit could then send URLs to the WordPress update servers that would be accepted and pushed out to all WordPress sites. Web-watching service W3techs.com reckons those sites represent 27.1 per cent of the entire world wide web. "By compromising api.wordpress.org, an attacker could conceivably compromise more than a quarter of the websites worldwide in one stroke," Barry says. "We analyzed [WordPress] code and found a vulnerability that could allow an attacker to execute their own code on api.wordpress.org and gain access to it. Compromising this [update] server could allow an attacker to supply their own URL to download and install software to WordPress websites, automatically." Attackers could go further; once a backdoored or malicious update was pushed out, they could disable the default auto updates preventing WordPress from fixing compromised websites.

  3. WordPress Now Powers 25% of the Web

    News · Opensource · · posted by samzenpus · from the taking-over dept. · 143 comments
    An anonymous reader writes: According to data from W3Techs one in four websites is now powered by WordPress. According to the report: "WordPress is used by 58.7% of all the websites whose content management system we know. This is 25.0% of all websites.” Venturebeat reports: "Today is a big day for the free and open-source content management system (CMS). To be perfectly clear, the milestone figure doesn't represent a fraction of all websites that have a CMS: WordPress now powers 25 percent of the Web.