A "Zero-day" security vulnerability has been found in a Wordpress image resizing library called TimThumb. A "library" is a section of code that other bits of code can call on to perform a common task. Therefore, this means that lots of disparate plugins rely on this one "library" to perform image resizing. That in turn means that while it is only this one library that has the issue, many Wordpress plugins are now at risk because they all use this library.

So it’s about the time where I have a number of Exchange 2013 CU1 servers running on Windows Server 2013 that require upgrading to Exchange 2013 SP1. Remember take a backup before proceeding with major updates like this. I have documented the issues I hit on a couple of my installs here.

You may have heard on the news that the National Crime Agency has been warning of some particularly nasty malware that has become a pressing concern. The warnings are about two specific bits of malware. One of these is called "Cryptolocker". This has been doing the rounds for a few months now. This infection encrypts all the files it can find on your PC and network and then charges a ransom to unlock them.

Prompted by the news that the latest version of Joomla will not run on the version of PHP that our hosting server is running, we have been busy testing a way of making the latest stable version of PHP available to our hosting clients, while not causing compatibility issues with older websites by performing a wholesale PHP version upgrade across the whole server.

eBay is the latest in a long line of companies to have had user data stolen. This has potentially affected all of their 145 million users.

Research has shown that a large number of servers are still vulnerable to the widely publicised "Heartbleed" bug.

The problem is probably even worse than that research indicates, as they only measured the largest websites in the world, which one would expect to be well maintained. There are probably many more smaller sites that aren't actively maintained that are still susceptible to this bug.

Joomla 1.5 is has now been out of support for some time. However, many sites are still running this version of the CMS. While it is tempting to just think "Well, the site is still working, so let's ignore this for now", there are now many known vulnerabilities in this version of Joomla. It is likely only a matter of time until a Joomla 1.5 site is compromised. Then the problem suddenly becomes urgent. We look at the process of upgrading.

Yesterday, we reported that a bug in Microsoft's Internet Explorer would never be patched for Windows XP users. However, in an unexpected move, Microsoft has now pushed out a fix for this vulnerability to all machines - including those running Windows XP.