May 2015 News & Tips

WordPress Users Should Update Plugins Now!

WordPress LogoEven the latest WordPress 4.2 is vulnerable, so users are warned. In particular the most recent bulletin notes that the XSS flaw is executed through comments and permits the attackers to execute arbitrary code, or, in effect, become the administrator.

A quick fix is to eliminate comments until a patch is released, and to avoid logging in as an administrator.

Multiple WordPress plugins may be vulnerable to the persistent cross-site scripting (XSS) flaw. A list of the known plugins is available here, but WordPress users have been urged to update all plugins now.

Cross-site Scripting allows an attacker to embed malicious content into a vulnerable page to gather data. The use of XSS can expose and compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems.

You can also read more at Net-security.org.

**Note that because WordPress has particular security issues, SiteVision offers an update service on an as requested basis ($60) or as a monthly maintenance feature ($60 monthly, 1st month free). Just contact us.

[divider_line]

SiteVision’s Daria Norris to Speak at National Development Conference

Daria, SiteVision’s Lead Technical Architect, has been invited to speak at this year’s dev.Objective() conference, May 12-15 in Bloomington, MN. The web-centric conference covers a wide variety of topics relating to software development and skills with content geared toward mid-to-advanced-level developers.

Daria NorrisNorris will deliver two sessions. The first, Feed Your Beans: From Anemic to Domain Driven Modeling, will cover four model patterns, their pros and cons, common anti-patterns, business logic in beans, and domain driven modeling. The second session, FW/1 3.0: Simplify Your Workload, will focus on Framework One (FW\1) and Inject One (DI\1) and how to simplify development workload while providing best practices.

The conference session list typically includes topics by speakers from companies such as Google, Adobe, Mozilla, Netflix, and IBM.

Kudos to Daria!

[divider_line]

VITAlogotypeVITA Renews Annual Service Contract With SiteVision & Adds Services

SiteVision will continue to serve as a provider for Hosting and Software as a Service (SaaS) for Virginia State Agencies, including all local government entities.

Vulnerability Scanning Added this year is a provision for Web Application Vulnerability Scanning. Application Vulnerability Scanning is a technique to identify and assess security risks before a possible or likely exploitation.

The process has become increasingly important as major intrusions escalate across all web stratifications.Virginia Agency and local government entities can contact SiteVision for consultation and pricing.

The Virginia Information Technologies Agency (VITA) administers the contract awards and renewals as part of Virginia’s electronic government services program (eGov).

[divider_line]

Google in the News

Google Introduces “FI”

fi_logo_2xGoogle calls it a new way to say “hello.” Reviewers call it anything from a takedown of the big wireless providers, to a fairly underwhelming offering. But what seems to be consistent is “fi’s” potential to be a game changer.

So what is it? Google has confirmed plans to launch its own wireless service, Project Fi, which automatically switches between Wi-Fi and Wireless to give you the best possible coverage. Partnering with Google are T-Mobile and Sprint.

Fi comes with one plan at one price, Google says. For $20 a month, subscribers get the talk, text, visual voicemail, Wi-Fi tethering and international coverage. It’s $10 per gigabyte of data after that for cellular data while in the U.S. and abroad. In a nice twist, the plan refunds any data you don’t use.

In some studies, close to 30% of carrier paid-for data goes unused, suggesting consumers are considerably over-paying for unneeded data coverage.

Described as a “project,” Fi is by invitation only for the initial offering, and works only on Nexus devices.

You can read more at Google, USA Today, TechRepublic and Mashable.

[divider_line]

SEO Alert: MobileGeddon Is Here

Google AlgorithmGoogle has updated its algorithm to evaluate websites it classifies as “mobile-friendly” better on mobile search engines.

You can run a mobile-friendly test here

You can read more here:

[divider_line]

Quick Takes

AppleWatchMy weekend with Apple Watch — and the verdict is . . .

Breach Outbreaks Fuel Encryption Adoption

New Windows 10 preview beefs up Mail app and more

Opening Windows Source Code Could Improve Security

Microsoft kicks off two-month Spartan bug bounty program

Why SiteVision?

We’re your advocate. SiteVision has been providing web development and hosting services to government agencies and non-profit organizations for over 20 years. We understand how overwhelming it can be to seek out a reliable solution for you website, custom application, and hosting needs.

At SiteVision we are passionate about creating solutions for customers that make their life better. We excel at understanding your business process and developing an application that is easy to learn and operate. We will always be fair, knowledgeable, honest, and professional.