WordPress plugins leave you vulnerable to attack, and new devices 'protect you' from cellphone radiation

First up this week, a white paper or report or ... I have no idea what these things should be called any more ... maybe a "glorified press release"? Whatever. Let's call it "a study" from Checkmarx, a company that specializes in automated security code review, titled "The Security State of WordPress' top 50 Plugins."

Yep, Checkmarx's conclusions are as depressing as you might have guessed: "20% of the 50 most popular WordPress plugins and 7 out of the top 10 most popular e-commerce plugins are vulnerable to common Web attacks. This amounts to nearly 8 million downloads of vulnerable plugins. Namely, these plugins are vulnerable to: SQL Injection (SQLi), Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Path Traversal (PT)."

So, the bottom line of the study: Be very careful of your WordPress plugins ... oh, and use Checkmarx to check your code.

While we're talking about protection, how about protection from the dangers of cellphone radiation? I recently talked to a company named Bodywell that sells a product called the Bodywell Chip which, they claim:

"... is a revolutionary new approach to reducing exposure to cell phone radiation. Place the chip anywhere on your phone to lower radiation exposure without interfering with your cell phone's signal."

[ SPEAKING OF CELLPHONE RADIATION:Why you shouldn't hold a pickle to your ear either]

Bodywell's PR people (who shall remain nameless) waxed lyrical in their pitch: "The culprit. Our body cells use carefully balanced frequencies to store and transfer the information needed to function. These fields are easily disrupted by information from sources such as cellphones with incorrect or harmful frequency oscillations ... We discovered that certain minerals and metals contain natural frequencies that can be calibrated to 'counter' the cellphone's frequencies, lowering the radiation absorption for users ..."

The chip is not really a "chip," as such, but rather a plastic patch with what appears to be some embedded circuitry.

I've run the concept past several electrical engineers and physicists and, to a wo/man, they all snickered and, to cut to the chase, declared that the product sounded like nonsense.

Said one physicist: "Frequencies of what? Vibration? Rotation? Blood circulation? Oh ... you mean EM radiation frequencies? Great! Which exact frequencies does our body use? Describe how you 'balance' more than one frequency. Hell ... describe how you balance one frequency. Are there more frequencies than angels which can dance on the head of a pin?"

Another techie friend commented, "Ask them if it will also stop or reduce the CIA signals that control the voices in my head. I'm having a hard time with my tin foil headdress as the days grow warmer."

Even so, Bodywell spins a good yarn and it's true that there are concerns about cellphone radiation. As the Environmental Working Group explains:

"Studies conducted by numerous scientific teams in several nations have raised troubling questions about possible associations between heavy cell phone use and serious health dangers. The World Health Organization has declared that cell phone radiation may be linked to brain cancer. Ten studies connect cell phone radiation to diminished sperm count and sperm damage. Others raise health concerns such as altered brain metabolism, sleep disturbance and behavioral changes in children."

The article continues:

"These studies are not definitive. Much more research is needed. But they raise serious questions that cast doubt on the adequacy of the FCC rules to safeguard public health. The FCC emissions cap allows 20 times more radiation to reach the head than the body as a whole, does not account for risks to children's developing brains and smaller bodies and considers only short-term cell phone use, not frequent calling patterns over decades."

When I talked with the spokesman for Bodywell he couldn't explain what was meant by the PR verbiage and argued that the shielding effect isn't understood scientifically, only technologically. He also claimed the measurements conducted by their lab (the results can be found on http://www.bodywellchip.com/research-resources) are real and reproducible. So, if any of you are experts in the world of RF, have the right test gear, and want to take shot at seeing whether the Bodywell chip (priced at $29.99) does what it claims, please get in touch.

Addendum: I just received another similar product, the R2L (Radiation to Light) ... "As seen on TV" (for only $19.99), billed as "a new gadget that uses technology to convert cell phone radiation into harmless light."

The pitch continued: "The R2L is a microprocessor that reduces cell phone and smart phone radiation by converting it into electricity, then discharging the electricity as light. You are exposed to less cell phone radiation, and you can see the light that discharged."

Hummm. "By attaching an R2L to the back of your cell phone, smartphone or case, you can reduce your exposure to radiation by as much as 70% without holding the phone away from your ear as directed in most cell phone manuals ... The R2L was tested in accordance with FCC approved SAR, Specific Absorption of Radiation, testing methods and does not affect call quality or clarity."

I got my sweaty hands on a sample and stuck it, as suggested, on the back of my iPhone 4 where the R2L's glue-laden back attached itself like a limpet from hell. So far, I have seen no light discharges. I leave conclusions about the efficacy of the R2L as an exercise for the reader.

Gibbs has been tested in Ventura, Calif. Your conclusions to gearhead@gibbs.com and follow him on Twitter and App.net (@quistuipater) and on Facebook (quistuipater).

Read more about anti-malware in Network World's Anti-malware section.

Join the CSO newsletter!

Error: Please check your email address.

Tags R2LCheckmarxNetworkingsecuritywirelessWordPress pluginsPathBodywellcellphone radiation

More about FacebookFCCWorld Health Organization

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Gibbs

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts