We have a Google News alert set up to inform of us coverage of vulnerabilities in WordPress plugins to help us make sure we can provide customers of our service the best information on vulnerabilities in WordPress plugins. Mostly though this just reminds us of how poor most of the security journalism done is. Take something that came up today, security journalist covering 47 WordPress websites being hacked. No that isn’t a typo, that really is something that they are covering.
Help Net Security was fairly upfront about that, as near the lead of their story they stated this:
The company has discovered 47 affected sites (some have been cleaned up in the meantime) but that number is unlikely to be final.
Dan Goodin of Ars Technica (who really shouldn’t employed there) instead put it at the end of his story:
Whois records show that the domain was created on May 16. That’s one day after the WP Live Chat Support developers released version 8.0.27, which fixed the vulnerability. Shrotriya published a list of 47 sites he said had been hit by the exploit. While some caused malicious redirects, others didn’t and reported they were using patched versions of the plugin.
When there is so much security related, WordPress and otherwise, that could use coverage, spending time on something like this seems unhelpful to say the least. What makes all this worse is they are way behind on this, as we started seeing hackers probing for usage of the plugin two weeks ago, the day after it was fixed. That is a good reason that WordPress plugins should be kept up to date at all times, which neither story mentioned. Beyond keeping your plugins up to date, we we warned our customer if they were impacted the day before it appears hackers started targeting this.
The same day we saw hackers probing for usage of that plugin, we also saw what seemed to be the same hackers them probing for four other plugins. Two of which still have unfixed vulnerabilities that hackers might have been targeting, which seems like something more worthy of coverage.
The end of a Threatpost story we were looking at today iss the following:
More recently, security researchers warned owners of Joomla and WordPress websites of a malicious redirect script that is pushing visitors to malicious websites.
If you follow the link you find this is the lead:
Security researchers are warning owners of Joomla and WordPress websites of a malicious redirect script that is pushing visitors to malicious websites.
On Thursday, Eugene Wozniak, a security researcher with Sucuri, published a report outlining a rogue hypertext access (.htaccess) injector found on a client website. He reported that the impacted site was directing website traffic to advertising sites that attempted to install malicious software.
That is very common thing and doesn’t seem newsworthy at all by itself, what might be newsworthy is how the websites were hacked, but Sucuri didn’t know (which isn’t surprising):
It’s unclear how attackers gained access to the Joomla and WordPress websites.
That they don’t know is something that would actually worthy of coverage, considering that trying to figure out how websites are hacked is a basic part of a cleanup and they are providing a service that is supposed to protect websites from being hacked, which seems hard to do when you don’t know how they are being hacked.
That story was written by Threatpost’s editor-in-chief, who’s bio doesn’t indicate someone that should have an excuse for putting out a story like that:
Tom Spring’s tech chops include three years as Senior Technical Editor at CRN magazine, where he covered breaking IT news and the products and services of Dell, IBM, Intel and Microsoft. Prior to that, Tom spent 14 years with IDG’s PCWorld magazine as Executive News Editor. Tom earned his stripes at several daily newspapers, including the MetroWest Daily News in Framingham, Mass., covering business technology news, where he served as Technology Editor.
Tom’s work has been honored by the Society of Professional Journalists, American Business Media, American Society of Business Publication Editors,and the Western Publishing Association. Recently, Tom was also voted “Dad of the Year” by his two adorable kids.
But maybe this what you get when you have a security news outlet secretly owned by a security company.