Share private information with others that self-destructs after first viewing. – OneShar.es

Next time you need to send someone something like an account login or a password, OneShar.es lets you do this in a secure fashion. Paste your data into its form, and it lets you generate a self-destructing, view-once message with an expiring link.

Sending confidential information such as passwords, account information and other sensitive data in emails and IM is not necessarily safe. That data is typically stored with remnants of the bits in places you don’t need it to be.

Source: Share private information with others that self-destructs after first viewing. | OneShar.es

Security advisory – High severity – InfiniteWP Client WordPress plugin | Sucuri Blog

If you’re using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of our Website Firewall product, we discovered a vulnerability in the plugin that could be used by a malicious individual to 1) disable a users web site by putting it in maintenance mode and 2) allows the user to control the content of the maintenance page. via Sucuri Blog.

Four-year-old comment security bug affects 86 percent of WordPress sites | Ars Technica

This article a great reminder as to why you should always keep your WordPress install updated with the latest version. If you’re running the latest version of WordPress (currently 4.0.1), the exploit discussed below does not apply to you:

A Finnish IT company has uncovered a bug in WordPress 3 sites that could be used to launch a wide variety of malicious script-based attacks on site visitors’ browsers. Based on current WordPress usage statistics, the vulnerability could affect up to 86 percent of existing WordPress-powered sites. The vulnerability, discovered by Jouko Pynnonen of Klikki Oy, allows an attacker to craft a comment on a blog post that includes malicious JavaScript code. On sites that allow comments without authentication—the default setting for WordPress—this could allow anyone to post malicious scripts within comments that could target site visitors or administrators. ~Ars Technica