2017 hasn’t been a good year for data security. There have been security breaches at companies large and small. Often, the data stolen includes usernames and passwords.

Look, I get it. Passwords are annoying, but they’re an important line of defense keeping bad actors away from your information. The better the password, the harder it is for someone to crack it. As computing power gets faster and stronger, cracking billions of variations a second is trivial for many systems. I blogged about this earlier this year.Continue reading

A higher ed colleague shared this week that his institution noticed that Tint, a social media aggregation and monitoring platform used by many institutions of higher education, is was placing JavaScript code on its client’s public facing Tint pages. This code calls instructions from Coinhive, a tool that allows site owners to use their user’s/site visitor’s computers to mine for cryptocurrencies. Tint was using the CPU of site visitors to mine for currency, in this case the currency Monero.

Continue reading

There have been several high profile plugins lately that have been found to be posting spam and deceptive links on user’s blogs lately.

One such is the “Display Widgets” plugin. You can read Wordfence’s detailed breakdown of the spam. It turns out the original developer of the plugin sold it, and the new owner started to place spammy backlinks and other bad code into the plugin. This gave this “developer” access to tens of thousands of blogs and the site owner’s never knew it was happening.

Continue reading