WordPress Takes Over Yet More Of Corporate America

This entry is part 6 of 6 in the series WordPress Hacks

Many of you are aware of the fact that I have been coding off and on for the better part of several decades. Coding, perhaps, is not the proper word as today while I do a tremendous amount of work at the Root Level, the reality is that software is really a melange of assorted platforms all stitched together with PHP Hooks and other novel lines of code. In essence, I almost like to think of myself as the Ghost in the Machine. For those whom do not understand the concept — and make no mistake whatsoever that the concept is real — give it a read one day.

There are two types of software out there today which power the world’s Content Management Systems (CMS). First, there is proprietary. Proprietary software is the bullshit that people like Bill Gates over at M*crosoft churns out. Always requiring updates and costing an arm and a leg — well, Windows 10 is probably going to be free for all updates thereafter  — the reality is that proprietary software stifles the creative spirit and in essence, is dangerous.

My example is this: Proprietary Software generally is comprised of a handful of coders paid a paltry wage. That code, then, is only seen by a handful of eyes. Two problems present: First, the ability to both create and troubleshoot are finite; and second, any one of the handful may be targeted for bribery to insert an exploit.

Open Source Software, by way of comparison, is only limited by the number of people whom are on the face of the earth — that is roughly 7 Billion the last time I checked. I contribute to multiple projects including MediaWiki, the platform that runs Wikipedia; I contribute to WordPress, which runs 23.6% of all CMS out there which is a 60.4% market share; I contribute to multiple GitHub and Google Projects pertaining to encryption; and finally I work with the Launchpad Linux – Ubuntu Project. A note on MediaWiki: It is used as the platform for the CIAs Intellipedia as well as utilized by the US Department of State. So, that might answer a few questions many out there have.  😉

While Open Source Software has the ability to be profitable, the reality is that the base code platforms have builds which are generally contributed to by hundreds; thousands and sometimes tens of thousands of people, for free. Wikipedia is probably the best example of this — its base platform anyway, which is MediaWiki along with the plethora of Extensions such as Semantic MediaWiki — in that it is a ballet of tens of thousands of people working remotely, collectively and of a hive mind to create something which benefits mankind and does such altruistically. In this process, the code is available for ANYONE to view. This ensures, generally, that there are no issues. Firefox is another good example when you look at the bleeding, cutting edge nightly builds.

The largest challenge for Open Source Software is that there is virtually zero funding. Here is the irony: No matter what platform or Operating System (OS) you use to get to the internet, you are riding on a flavor of Open Source once you arrive. Banks, the US and Foreign Governments, everyone utilizes something like Apache Servers and platforms to hook code as part of the ride. The ride is free because millions of people, like myself, made that ride free. Our problem is that, from time-to-time, people like me need to buy some coffee or perhaps keep the lights on. Unlike normal 9 – 5 jobs, we code in all timezones and thus to code, subsidies are necessary. Now, whether those subsidies are simply pertaining to here’s $250 to set up a website; or here’s $1000 to be a system admin, is immaterial.

I have coded multiple WordPress websites over the past year alone. It is not simply the installation of a platform, though, that is critical. In every one of the breaches which I documented on my website, NOT A SINGLE ONE REQUIRED HACKING! In Full Disclosure, I am a former and recovering hacker. With that said, I actively support the political aims of Anonymous and am unapologetic with this respect. What I am driving at is the simple fact that there are a plethora of tiny scripts and files which either make or break your website one of which is the .htaccess file.

Frito-Lay is a name everyone is familiar with unless you are an anorexic purger living on salads and bird seed. Frito-Lay recently joined a substantial amount of Fortune 500 Firms whom have made the transition from proprietary CMS to WordPress.

When Frito-Lay’s design team approached us about building a new tool for managing their creative projects, we were extremely stoked. The most exciting part was being able to use the best tool for the job–WordPress. Using just the admin side of WordPress we created a full-blown project management system which allowed us to reimagine what the WordPress admin can do as a Basecamp-like management tool for design approvals.

A Sample Of F500 Firms Using WordPress Source: WordPress.com

A Sample Of F500 Firms Using WordPress    Source: WordPress.com

 At its core, WordPress consists of PHP, Javascript and CSS files, coupled to a MySQL database, that is installed on a web server. Foreclosurepedia runs on WordPress. The reality is that I laugh my ass off when I surf Facebook, LinkedIn and other Social Media sites and see people whom are paying thousands of dollars for websites that are both insecure and cumbersome. Content is King; flexibility wins the war. More on point, though, in the Mortgage Field Services Industry, the reality is if you have a website, at some point-in-time I am going to visit it and conduct a private penetration audit. Why? Because the fact of the matter is whether you are a National, Regional or Otherwise Unspecified Order Mill; whether you are a Remote Contractor providing services to the aforementioned, you are handling information protected under a plethora of federal laws. GTJ Consulting is a prime example of what goes wrong when you have amateurs at the helm. Take a look through of that link and begin to understand the enormity of what was released to both the general public and hackers alike! Forget the fact that this was all specific loan information, there was a TREMENDOUS AMOUNT of Contractor’s personal information as well. In fact, one Contractor reached out and asked me to redact what I published — true irony as he didn’t ask GTJ Consulting LLC to fix the problem.

The Redacted Contractor Data Sheet --- Yeah, Ask A Recruiter Where S/he Stores Your Data!

The Redacted Contractor Data Sheet — Yeah, Ask A Recruiter Where S/he Stores Your Data!

GTJ Consulting LLC Implemented No Security When This Screenshot Was Taken

GTJ Consulting LLC Implemented No Security When This Screenshot Was Taken

The reality is this: With the removal of the brick and mortar facilities, Regional and Otherwise Unspecified Order Mills are relying more and more upon the outsourcing of their administrative functions. There is no oversight on this. Now, I am not opposed to Remote Contracting and in fact I support it if properly implemented. The fact of the matter is that in its current state, it is extremely dangerous. For example, there is no documentation with respect to the type of computers they use; if they use wifi the reality is that ANY INFORMATION moving to and fro is exposed and this includes passwords and usernames — I have countless examples of sitting in an area and intercepting unencrypted data via public wifi at coffee shops, hotels, etc. — and finally the question presents what Operating System (OS) is in play and whether or not the OS is being properly maintained.

It is not all doom and gloom, though. The reality is that if you have a preexisting site simply read up on how to better implement security — many folks simply want something for nothing and that is the problem with the world today. If you do not have a website and want one, take the time to research what you are going to do with it and then make sure you have a sit down with your web developer. Ask questions like: 1) How much is the yearly hosting with domain name — for a shared hosting website, this should NOT be more than $55 per year with Domain Identity Privacy — 2) Ask whether or not the web developer has a Portfolio — I generally refer people to both Foreclosurepedia and some of the Industry websites I have programmed — 3) Finally, ask the developer to explain this: http://[anywebsite.com]/?id=13 UNION SELECT X, column_name, X,X,X,X,X from information_schema.columns where table_name=’user’ — if they do not have a clue, then run and run very rapidly.

Foreclosurepedia has been conducting penetration testing within the Mortgage Field Services Industry on behalf of Clients for over two years now. We have developed 26 websites including TikiWiki and MediaWiki wikis; Simple Machines and custom PHP forums; and WordPress Websites. Instead of having some hack code up some html or do a one click install of WordPress, why not reach out to Foreclosurepedia today and have them implement both a website for you and create the custom, One Stop Shop which tell the Portfolio Holders you mean business? The reality is that it is far better to have Foreclosurepedia working for you than reporting upon the security breaches created by those whom used to work for you — the catastrophic failure of the National Association of Mortgage Field Services (NAMFS) website is but one prime example. Reach out to Foreclosurepedia today and join nearly TWO THOUSAND MEMBERS STRONG in the #ForeclosurepediaNation!

Series Navigation<< An Interview With Pippin Williamson

Search

Click To Advertise

Click To Apply

Credible Application

You must be logged in to post a comment Login