Albuquerque, NM -- (SBWIRE) -- 04/25/2011 -- Recently, WordPress.com suffered yet another security breach. The site had suffered a massive distributed denial-of-service attack earlier in the year. In the latest case, attackers were able to intrude into several of the company servers. The attack puts at risk all the information contained on those servers. Information security professionals of Automattic, the company, which owns the popular WordPress.com blogging platform, are currently investigating the security incident. In a blog post on the site, Matt Mullenweg, the company's founder said that attackers were successful in extracting the source code. Mullenweg said that while much of the source code is Open source, some portion of the code is sensitive. The company is investigating the extent of information leaked, and identifying and mitigating the threat vectors, which allowed attackers to gain unauthorized access.

According to security researches at Internet security firm Sophos, the attack is more likely to have affected blogs posted on WordPress.com rather than websites, which utilize software provided by WordPress.org to host their own WordPress blog. Internet users using the WordPress.com must change their passwords as a security measure.

IT dependent environment requires users to operate online banking, online shopping, social media, blog and other online accounts.

Attackers take advantage of the tendency of Internet users to use simple, predictable and common passwords on multiple sites. Use of common passwords allows attackers having access to passwords of a particular account to attempt and intrude into several different online accounts of users.

Use of strong and unique passwords is the most fundamental and often ignored principle of cyber security. A password must essentially be alphanumeric, comprised of both uppercase and lowercase letters. They must not contain dictionary words as well as personally identifiable information such as name and date of birth. While multiple passwords may be difficult to remember, they help users in securing online accounts. Users may gain insights on safe online practices through online IT courses, following security blogs, threat alerts from computer emergency readiness teams and security advisories by developers.

Attacks on a website, may allow intruders to gain access to associated databases containing privileged information. Online IT degree programs, webinars and participation in discussion forums may enable IT professionals to stay up-to-date on latest threats and security mechanisms.

Organizations must regularly assess the security of their website to weed out threat vectors. Hiring professionals qualified in IT degree programs and security certifications such as penetration testing could help organizations in timely identification and mitigation of security flaws. They must also work with Internet security firms to improve security mechanism of the sites.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.