Archive for April, 2008
Is Gravatar Secure to Use?
I really love the Gravatar concept. Its simple, useful, powerful and centrally managed, but how secure is it to use on a blog or service?
Regular users may have already seen that we have implemented Gravatars onto BlogSecurity; so its safe to use then, right?
I made a point on our new BlogSec-News service a couple days [...]
WordPress 2.5.1 Release Fixes Several Vulnerabilities
The First Security- & Bugfix Release of the latest WordPress branch is now available. WordPress do not mention the vulnerabilities fixed on the download page, but BlogSec recommended 2.5 users upgrade ASAP.
Of all the bugs fixed, two fairly critical security issues were fixed. A Cross-Site Scripting vulnerability and the WP 2.5 Cookie Integrity Protection [...]
Wordpress 2.5 Cookie Integrity Protection Vulnerability
Steven J. Murdoch has discovered a vulnerability in WordPress 2.5 that may allow a registered user to gain admin level access on the blog. Only WP 2.5 blogs that permit users to register user accounts are vulnerable.
According to Steven:
This vulnerability exists because it is possible to modify
authentication cookies without invalidating the cryptographic
integrity [...]
WP Spreadsheet(wpSS) SQL Injection
A vulnerability has been found in Spreadsheet(wpSS) WordPress plugin.
The SQL Injection vulnerability may allow an attacker to compromise your backend database and potentially your blog and web server.
A public exploit has been released on milw0rm by 1ten0.0net1.
The ’ss_id’ parameter inside ss_load.php is not correctly escaped before being passed to the database.
It was reported that all [...]
BlogSecurity News Portal Launched
We often have people emailing us to discuss a new plugin, an advisory, general news etc.
Blogsec now offers our users the chance to submit their hot gossip via our new News portal. Check it out, sign-up for email updates, give us your feedback, knock yourselves out :)
LAUNCH BLOG-SEC NEWS
