WordPress Install Files Security Risk
Jeff Starr over at Perishable Press has discovered a way to hack a WordPress blog in rare cases where the installation files have been left behind and the database is in accessible:
The other day, my server crashed and Perishable Press was unable to connect to the MySQL database. Normally, when WordPress encounters a database error…
The [...]
Twitter Web Worm Causes Havoc
Update: Apparently a bunch of variant worms are doing the rounds that circumvent Twitter’s recent patch to fix the problem. I’d be cautious using Twitter over the next couple weeks, see protection guidelines below or at this link.
Teen exploits Twitter
A 17 year-old has claimed credit for releasing a Cross Site Scripting worm that infected hundreds [...]
Facebook Faces Big Brother Monitoring
Millions of Britons who use social networking sites could beĀ having their accounts “secretly” monitored in the near future.
Kelly was responding to a speech made by Home Office security minister Vernon Coaker on 18 March at a meeting of the House of Commons Fourth Delegated Legislation Committee. Coaker said the EU Data Retention Directive, which [...]
WordPress MU < 2.7 Cross Site Scripting Vulnerability
Cross Site Scripting Vulnerability
Juan Galiana Lara has released details regarding a vulnerability that affects WordPress MU versions < 2.7.
Version 2.7 is NOT affected according to the advisory. So if you have upgraded to 2.7 you can ignore this advisory.
Vulnerability Details
WordPress MU prior to version 2.7 fails to sanitize the Host header correctly in choose_primary_blog function [...]
How to Firewall Your WordPress Blog
You already know to use a decent password for your blog, but brute-force or dictionary attacks aren’t the only attacks used against bloggers. It’s much cheaper and faster to exploit software flaws, and that the hackers do. A programmer’s oversight may allow a hacker to gain access to your blog to insert spyware, [...]
