16 May

Why Doesn’t Sucuri Know That Attacks Can Be Automated Even if They Require Authentication?

In trying to improve security one of the things that is a big impediment is the shear amount of misleading and false information out there, which gets in the way of addressing what actually needs to be addressed to fix the problems with security. A lot of that comes from security journalists repeating claims made by security companies that are not accurate, instead of the journalists realizing that they are indications that security companies don’t understand things they should. In Bleeping Computer’s coverage of a vulnerability in the plugin ¬†WP Live Chat Support (which is only one of multiple in it), discovered by Sucuri, they state this:

[Read more]