Archive for October, 2007
Live from the wire: BlogSec News
We close up another great month. The team contributed more BlogSecurity articles in October then any other month.
The team were able to release some personalised posts to answer questions (see Which is more secure: WP verse WPMU and the less-technical Should you display a subscriber count?.
Journalists from Washington Post asked BlogSecurity for some information which [...]
Facebook aka Relationship Killer?
It seems the new social network jargon is developing with words such as Facestalking. Now Facebook has been branded by some as a relationship killer.
I recently heard on BBC where they interviewed a few individuals who say that Facebook have ruined their relationships.
The argument seems to be that both men and women find it easier [...]
Dangers in reverting
With the large code change in WordPress 2.3*, it seems some bloggers are reluctent to stay with WP 2.3* and have reverted back to using an older version of WordPress. This is due to bugs and compatibility problems mainly.
Personally, I find WP 2.2.3 the best bet for the time being. It is stable and has [...]
Wordpress 2.3: edit-post-rows XSS Vulnerability
Janek Vind "waraxe" released an XSS vulnerability that affects WordPress 2.3 (The latest 2.3.1 is not affected).
The vulnerability can be found in "wp-admin/edit-post-rows.php". The affected code is as follows:
<?php foreach($posts_columns as $column_display_name) { ?>
<th scope=”col”><?php echo $column_display_name; ?></th>
<?php } ?>
This vulnerability requires the affected web site to have register_globals enabled in order to set the [...]
wp-scanner Q&A
We have seen more and more people using our wp-scanner service to test their WordPress blogs for common security weaknesses. wp-scanner has been used to close thousands of security weaknesses across a variety of large and small blogs.
The original wp-scanner project is still BETA and we are constantly trying to improve the service as we [...]
