Revolution Slider – Critical Vulnerability Discovered

Written by Mike Helly on . Posted in Bug Fix, Domains, Support, WordPress

Today, we learned of a critical vulnerability in the Revolution Slider plugin that is used on many WordPress sites.

The vulnerability was patched by ThemePunch in version 4.2, but that still leaves many sites with no protection. The fact that Revolution Slider is a popular plugin which is sometimes bundled with the purchase of a theme only complicates matters, as it does not update due to this. You might even have the plugin installed but never use it.

With this vulnerability, a remote attacker is able to download any file from the server. Database credentials are at risk in this scenario and the attacker is able to compromise a site via the database. This kind of vulnerability is a Local File Inclusion (LFI) attack. Local files on the server are able to be accessed and reviewed, completely compromising your site’s security.

Upon learning of the vulnerability with Revolution Slider, BWG quickly took action. We went through all our clients’ sites, one by one, to identify if they had the Revolution Slider plugin, and if they did, what version. After identifying where there was a threat we upgraded to the most recent version of the Premium plugin and tested for the vulnerability. Now our sites are all safe from this vulnerability caused by Revolution Slider.

Breaches of security and vulnerabilities happen more often than you think. The web is made up of thousands of different parts. All it takes is for an attacker to find a tiny crack in the system and they can exploit it. Personal files, medical records, credit card information, mailing lists and many more types of documents all have the potential to be stolen without the proper types of security in place.

BWG takes security very seriously. We keep tabs on what is going on around the web on a daily basis so that we can stay on top of issues like this. Upon hearing of a vulnerability, our team will spring into action to ensure our clients’ data is safe. Security needs to be a chief concern at any web design firm today.

Invisible Fonts BUG in Google Chrome

Written by Anthony D on . Posted in Bug Fix

Recently, Google Chrome has encountered this ridiculous bug.

The bug (which has many forms) makes the fonts on the page invisible on initial page load.

Sort of a major fail for a web browser, especially google.

  Sorry Google! (you know we love you but the typo thing, and now this?  Nobody could resist.)  Things looked grim as months passed with no bug fix in site. Half baked web masters and internet hacks everywhere had a moment of silence.

Enter Grayson De Ritis; mouse in hand, keyboard as a shield, riding on a rainbow unicorn across the great vast plains of the interwebs. With a fix to the Chrome invisible fonts bug that seems to have originated from this bug fix on Stack Overflow the day previous, as well as other blog sites. Alas, we witness the human phenomenon known as universal consciousness: when many people have the same idea, at the same time.

Of course, updating the browser works in most cases to. Well – this is one of the fixes we’ve applied to come clients who have found this annoying, as well as reverting to web-safe standard fonts that everyone can load as a backup.

We find it interesting that this bug has not been squashed by google yet

  That’s why we want to share this post with all of you. Without further ado; here is that magical mystical code:

-webkit-animation-duration: 0.1s;
-webkit-animation-name: fontfix;
-webkit-animation-iteration-count: 1;
-webkit-animation-timing-function: linear;
-webkit-animation-delay: 0.1s;

@-webkit-keyframes fontfix{
from{ opacity: 1; }
to{ opacity: 1; }