It’s nearly impossible to veer away from web security and privacy concerns these days, as it’s a pressing issue in the digital world and the frequency with which new hacker attacks are arriving makes this types news as necessary as it is overwhelming. As we discussed in an earlier entry here, hackers are motivated by money, as there’s dirty dollars to be made selling sensitive information acquired from people without their consent, approval, or anything or the sort. So here we are into the second last month of 2019 and – not surprisingly – another new and urgent software vulnerability is pushing its way to the forefront of what’s new and noteworthy in the world of web hosting. Here at 4GoodHosting, it’s likely that we’re not different from any other good Canadian web hosting provider in that we don’t have the luxury of not paying attention to developments like these, and so here we are again today. Most of you will be familiar with Horde, as it’s one of the most popular free and open-source web email systems available to consumers these days. In truth, it’s the epitome of what a quality open-source web resource should be, as it’s been very responsibly built and is a good example of what can and should be done to ensure that software does not eventually become exclusive to deep-pocket development businesses. However, unfortunately it seems that a major security flaw with Horde has been exposed and we believe it’s always best to put users in the know as soon as possible regarding this stuff. We’ll try to go short on the technical stuff, but this vulnerability is related to CVE 2018-19518, an IMAP (Internet Message Access Protocol) and it exists in the ‘imap-open’ function that is used to open an IMAP stream to a mailbox. Invisible Thieves In most cases where security is compromised and information or identity theft occurs – both in the digital world and otherwise – there’s more often than not some type of identifiable evidence of an unwelcome guest having been on the ‘premises’. Not so here, as a prominent web security researcher claims they’ve detected several vulnerabilities in...
