Security Researcher 🔓
My name is Vladimir Smitka and I’m a security researcher/hobbyist from the Czech Republic. I specialize in WordPress security&performace and secure infrastructure for running websites. I do massive scans of the internet for my research. I’m also the owner of Lynt, a PPC Agency and Spirit Radar, a global service for tracking prices of Rums and Whiskies. I’m also an active member of the Czech WordPress community and one of the WordCamp Prague organizers. For a quick understanding of my approach, check out my WordCamp EU security talk.
Blog
Latest articles on bugs found, scan results and tips.
-
WordCamp EU – Q&A
Read more: WordCamp EU – Q&AHow do I know that my PHP or Apache version is vulnerable? You can find vulnerabilities for the particular version on CVE details. You should use the lastest versions of server components, currently: Also keep in mind, that every PHP major versions is fully supported only 2 years. For example PHP 7.1 is at the…
-
Global scan – exposed .git repos
Read more: Global scan – exposed .git reposAt the beginning of July 2018, I decided to do some research on Czech websites to find out how many are not properly configured and allow access to the .git folder within the file versions repository. There were many of these sites in my database from the previous security scans and I was curious about…
-
Python & Ruby webserver config – the great misunderstanding
Read more: Python & Ruby webserver config – the great misunderstandingTwo months ago I ran a huge global scan for unintentionally exposed .git repositories. I was surprised to find many Python and Ruby applications with this issue. The total number wasn’t very high – around two thousand, but when I normalized it according to the market share of these programming languages, the situation was worse…
-
Enhance your CentOS security for $1 a month with autoupdates
Read more: Enhance your CentOS security for $1 a month with autoupdatesHow to enable security autoupdates properly on CentOS and why are the most tutorials wrong.
-
Open .git scan – the results
Read more: Open .git scan – the resultsI published an artice about my latest security scan aimed to the exposed git repositories. The results: 230 000 000 domains checked (the list was build mainly from the Rapid 7 OpenData), 390 000 affected sites found, 100 000 alerts send. The most of affected sites use PHP: But after normalization the numbers according to the…
-
Restic – backup to the cloud
Read more: Restic – backup to the cloudFew months ago we decided to change our backup workflow. I found an ultimate tool for backing up our web servers to Digital Ocean Spaces (object storage, cheaper then Amazon S3). Restic – backups done right! Main features: easy encrypted fast wide range of backends You can backup your files to local, via SFTP, Amazon…
-
Sensitive information in WP REST-API
Read more: Sensitive information in WP REST-APIThere is REST-API integrated into WordPress from version 4.7. It is the way how we will use WP in future, but there are some downsides currently. The problem is, that WP use gravatars in default settings – you can find them in the comments and in user profiles. Both of them has their own endpoint…
-
MACsec on Centos 7
Read more: MACsec on Centos 7MACsec = Media Access Control Security (802.1AE IEEE). It provides point-to-point encryption (AES-GCM-128 by default) over ethernet traffic. MACsec support is included from kernel 4.6Â or in Centos/RHEL 7. This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor…
-
Slovak WordPress Environment
Read more: Slovak WordPress EnvironmentI scanned all slovak *.sk domains and prepared statistics about WordPress sites for my WordCamp Bratislava talk (2018-04-28). Source: Lynt.cz
Subscribe
Enter your email below to receive updates.
Vladimir Smitka 