Seven disclosures this week, with five issues unfixed.
View this week’s vulnerable plugins list.
Other Security News
I’ve discussed the DorkBot service from UT Austin a couple of times now. I recently had the pleasure to chat with Andrew Scheifele (who had a hand in the DorkBot project) about how the service has worked for us and where the service is headed. This past summer, Dorkbot (along with several other technologies) was licensed to SaltyCloud, a SaaS InfoSec company, and as of late this fall now serves over 300 campuses across the planet. Andrew reassured me that SaltyCloud is committed to continuing to providing the DorkBot service to higher education institutions for no charge, though they may begin to offer value-added services on top of the DorkBot service. They’re also looking to expand the current DorkBot offering to include (possibly) a dashboard to manage discovered vulnerabilities in your network.
As I’ve mentioned before, we have been very pleased with the DorkBot service. We are a completely decentralized campus in terms of the web, and DorkBot has helped us to identify vulnerabilities in sites we didn’t even know existed. For those of you in higher ed, I would encourage you to contact SaltyCloud (either through the company itself, or through UT Austin) and give the service a try. If you do, I would love to hear from you about your experience.