1 00:00:01,680 --> 00:00:03,669 covering the week's top tech stories 2 00:00:03,669 --> 00:00:03,679 covering the week's top tech stories 3 00:00:03,679 --> 00:00:06,950 covering the week's top tech stories with a slight linux bias attackers are 4 00:00:06,950 --> 00:00:06,960 with a slight linux bias attackers are 5 00:00:06,960 --> 00:00:09,270 with a slight linux bias attackers are exploiting a critical vulnerability in a 6 00:00:09,270 --> 00:00:09,280 exploiting a critical vulnerability in a 7 00:00:09,280 --> 00:00:11,110 exploiting a critical vulnerability in a popular wordpress plugin 8 00:00:11,110 --> 00:00:11,120 popular wordpress plugin 9 00:00:11,120 --> 00:00:13,030 popular wordpress plugin that enables an adversary to run 10 00:00:13,030 --> 00:00:13,040 that enables an adversary to run 11 00:00:13,040 --> 00:00:14,230 that enables an adversary to run arbitrary commands 12 00:00:14,230 --> 00:00:14,240 arbitrary commands 13 00:00:14,240 --> 00:00:16,710 arbitrary commands and upload files to a target wordpress 14 00:00:16,710 --> 00:00:16,720 and upload files to a target wordpress 15 00:00:16,720 --> 00:00:17,750 and upload files to a target wordpress site 16 00:00:17,750 --> 00:00:17,760 site 17 00:00:17,760 --> 00:00:20,230 site the flaw is in the file manager plugin 18 00:00:20,230 --> 00:00:20,240 the flaw is in the file manager plugin 19 00:00:20,240 --> 00:00:22,230 the flaw is in the file manager plugin which has more than 700 000 20 00:00:22,230 --> 00:00:22,240 which has more than 700 000 21 00:00:22,240 --> 00:00:24,790 which has more than 700 000 active users and is designed to help 22 00:00:24,790 --> 00:00:24,800 active users and is designed to help 23 00:00:24,800 --> 00:00:26,710 active users and is designed to help administrators manage files on their 24 00:00:26,710 --> 00:00:26,720 administrators manage files on their 25 00:00:26,720 --> 00:00:28,070 administrators manage files on their wordpress sites 26 00:00:28,070 --> 00:00:28,080 wordpress sites 27 00:00:28,080 --> 00:00:29,990 wordpress sites the plugin includes a third-party 28 00:00:29,990 --> 00:00:30,000 the plugin includes a third-party 29 00:00:30,000 --> 00:00:32,069 the plugin includes a third-party library called lfinder 30 00:00:32,069 --> 00:00:32,079 library called lfinder 31 00:00:32,079 --> 00:00:33,830 library called lfinder and the vulnerability results from the 32 00:00:33,830 --> 00:00:33,840 and the vulnerability results from the 33 00:00:33,840 --> 00:00:35,990 and the vulnerability results from the way that file manager renamed an 34 00:00:35,990 --> 00:00:36,000 way that file manager renamed an 35 00:00:36,000 --> 00:00:36,870 way that file manager renamed an extension 36 00:00:36,870 --> 00:00:36,880 extension 37 00:00:36,880 --> 00:00:39,430 extension in lfinder the vulnerability was 38 00:00:39,430 --> 00:00:39,440 in lfinder the vulnerability was 39 00:00:39,440 --> 00:00:41,750 in lfinder the vulnerability was introduced in version 6.4 of file 40 00:00:41,750 --> 00:00:41,760 introduced in version 6.4 of file 41 00:00:41,760 --> 00:00:44,150 introduced in version 6.4 of file manager which was released in may but it 42 00:00:44,150 --> 00:00:44,160 manager which was released in may but it 43 00:00:44,160 --> 00:00:45,830 manager which was released in may but it wasn't until late august 44 00:00:45,830 --> 00:00:45,840 wasn't until late august 45 00:00:45,840 --> 00:00:47,670 wasn't until late august that researchers first saw exploit 46 00:00:47,670 --> 00:00:47,680 that researchers first saw exploit 47 00:00:47,680 --> 00:00:49,510 that researchers first saw exploit attempts against the bug 48 00:00:49,510 --> 00:00:49,520 attempts against the bug 49 00:00:49,520 --> 00:00:51,430 attempts against the bug an exploit for the vulnerability was 50 00:00:51,430 --> 00:00:51,440 an exploit for the vulnerability was 51 00:00:51,440 --> 00:00:52,950 an exploit for the vulnerability was posted on github in the 52 00:00:52,950 --> 00:00:52,960 posted on github in the 53 00:00:52,960 --> 00:00:55,029 posted on github in the in the last week of august and on 54 00:00:55,029 --> 00:00:55,039 in the last week of august and on 55 00:00:55,039 --> 00:00:56,310 in the last week of august and on september 1st 56 00:00:56,310 --> 00:00:56,320 september 1st 57 00:00:56,320 --> 00:00:58,150 september 1st the maintainers of the file manager 58 00:00:58,150 --> 00:00:58,160 the maintainers of the file manager 59 00:00:58,160 --> 00:01:00,069 the maintainers of the file manager released an updated version that fixed 60 00:01:00,069 --> 00:01:00,079 released an updated version that fixed 61 00:01:00,079 --> 00:01:01,830 released an updated version that fixed the bug 62 00:01:01,830 --> 00:01:01,840 the bug 63 00:01:01,840 --> 00:01:03,670 the bug although the fixed version has been 64 00:01:03,670 --> 00:01:03,680 although the fixed version has been 65 00:01:03,680 --> 00:01:05,590 although the fixed version has been available for nearly two weeks 66 00:01:05,590 --> 00:01:05,600 available for nearly two weeks 67 00:01:05,600 --> 00:01:07,109 available for nearly two weeks researchers say not many of the 68 00:01:07,109 --> 00:01:07,119 researchers say not many of the 69 00:01:07,119 --> 00:01:09,109 researchers say not many of the wordpress sites running the plugin have 70 00:01:09,109 --> 00:01:09,119 wordpress sites running the plugin have 71 00:01:09,119 --> 00:01:09,990 wordpress sites running the plugin have updated 72 00:01:09,990 --> 00:01:10,000 updated 73 00:01:10,000 --> 00:01:12,710 updated which means they are still vulnerable 74 00:01:12,710 --> 00:01:12,720 which means they are still vulnerable 75 00:01:12,720 --> 00:01:13,429 which means they are still vulnerable ramgao 76 00:01:13,429 --> 00:01:13,439 ramgao 77 00:01:13,439 --> 00:01:16,390 ramgao of word fence said on friday sites not 78 00:01:16,390 --> 00:01:16,400 of word fence said on friday sites not 79 00:01:16,400 --> 00:01:18,789 of word fence said on friday sites not using this plugin are still being probed 80 00:01:18,789 --> 00:01:18,799 using this plugin are still being probed 81 00:01:18,799 --> 00:01:20,710 using this plugin are still being probed by bots looking to identify 82 00:01:20,710 --> 00:01:20,720 by bots looking to identify 83 00:01:20,720 --> 00:01:22,870 by bots looking to identify and exploit vulnerable versions of the 84 00:01:22,870 --> 00:01:22,880 and exploit vulnerable versions of the 85 00:01:22,880 --> 00:01:24,469 and exploit vulnerable versions of the file manager plug-in 86 00:01:24,469 --> 00:01:24,479 file manager plug-in 87 00:01:24,479 --> 00:01:27,510 file manager plug-in and we have recorded attacks against 1.7 88 00:01:27,510 --> 00:01:27,520 and we have recorded attacks against 1.7 89 00:01:27,520 --> 00:01:29,670 and we have recorded attacks against 1.7 million sites since the vulnerability 90 00:01:29,670 --> 00:01:29,680 million sites since the vulnerability 91 00:01:29,680 --> 00:01:31,270 million sites since the vulnerability was first exploited 92 00:01:31,270 --> 00:01:31,280 was first exploited 93 00:01:31,280 --> 00:01:33,510 was first exploited although word fence protects well over 3 94 00:01:33,510 --> 00:01:33,520 although word fence protects well over 3 95 00:01:33,520 --> 00:01:35,190 although word fence protects well over 3 million wordpress sites 96 00:01:35,190 --> 00:01:35,200 million wordpress sites 97 00:01:35,200 --> 00:01:36,950 million wordpress sites this is still only a portion of the 98 00:01:36,950 --> 00:01:36,960 this is still only a portion of the 99 00:01:36,960 --> 00:01:38,710 this is still only a portion of the wordpress ecosystem 100 00:01:38,710 --> 00:01:38,720 wordpress ecosystem 101 00:01:38,720 --> 00:01:40,950 wordpress ecosystem as such the true scale of these attacks 102 00:01:40,950 --> 00:01:40,960 as such the true scale of these attacks 103 00:01:40,960 --> 00:01:42,950 as such the true scale of these attacks is larger than what we were able to 104 00:01:42,950 --> 00:01:42,960 is larger than what we were able to 105 00:01:42,960 --> 00:01:44,310 is larger than what we were able to record 106 00:01:44,310 --> 00:01:44,320 record 107 00:01:44,320 --> 00:01:46,149 record the severity of the vulnerability makes 108 00:01:46,149 --> 00:01:46,159 the severity of the vulnerability makes 109 00:01:46,159 --> 00:01:48,149 the severity of the vulnerability makes it urgent to update especially when 110 00:01:48,149 --> 00:01:48,159 it urgent to update especially when 111 00:01:48,159 --> 00:01:49,670 it urgent to update especially when automated scans for the bug 112 00:01:49,670 --> 00:01:49,680 automated scans for the bug 113 00:01:49,680 --> 00:01:52,469 automated scans for the bug ongoing especially with automated scans 114 00:01:52,469 --> 00:01:52,479 ongoing especially with automated scans 115 00:01:52,479 --> 00:01:53,429 ongoing especially with automated scans for the bug 116 00:01:53,429 --> 00:01:53,439 for the bug 117 00:01:53,439 --> 00:01:56,230 for the bug ongoing identifying vulnerable sites is 118 00:01:56,230 --> 00:01:56,240 ongoing identifying vulnerable sites is 119 00:01:56,240 --> 00:01:58,230 ongoing identifying vulnerable sites is a trivial task and with an exploit 120 00:01:58,230 --> 00:01:58,240 a trivial task and with an exploit 121 00:01:58,240 --> 00:01:59,590 a trivial task and with an exploit publicly available 122 00:01:59,590 --> 00:01:59,600 publicly available 123 00:01:59,600 --> 00:02:01,830 publicly available time is of the essence particularly 124 00:02:01,830 --> 00:02:01,840 time is of the essence particularly 125 00:02:01,840 --> 00:02:03,590 time is of the essence particularly given the fact that an attacker would be 126 00:02:03,590 --> 00:02:03,600 given the fact that an attacker would be 127 00:02:03,600 --> 00:02:05,670 given the fact that an attacker would be able to upload arbitrary files to the 128 00:02:05,670 --> 00:02:05,680 able to upload arbitrary files to the 129 00:02:05,680 --> 00:02:20,330 able to upload arbitrary files to the site after a successful exploit 130 00:02:20,330 --> 00:02:20,340 131 00:02:20,340 --> 00:02:25,910 [Music] 132 00:02:25,910 --> 00:02:25,920 133 00:02:25,920 --> 00:02:28,000 you