Original Post on wordpress (in)security:
http://blogsecurity.net/wordpress/articles/article-230507/
Awesome response and why there is still faith on security jobs being around for awhile longer:
http://blogsecurity.net/wordpress/articles/article-230507/#comment-22
"When I upgraded to 2.1.2 it was such a disaster that I probably won’t upgrade again until I *have* to. So many things broke in the upgrade that it took me (novice with php & mysql) days to fix, and I never did get my old theme working.
People like me who just blog for our non-local families and friends don’t want to spend a ton of time fixing our sites - that’s why we use WP in the first place. I suppose I don’t really care if it’s vulnerable - there’s nothing mission-critical that I have to worry about losing."
yes never mind most attackers are looking for another notch in the botnet belt or a box to hop through. oh well, nothing like job security...
Also on the site is a good post about the wordpress vulnerabilities with advisories:
http://blogsecurity.net/wordpress/blogwatch/blogwatch/
everything but the google dorks. oh wait here you go:
http://johnny.ihackstuff.com/ghdb.php?function=detail&id=943http://johnny.ihackstuff.com/ghdb.php?function=detail&id=1799
http://johnny.ihackstuff.com/ghdb.php?function=detail&id=616
-CG
No comments:
Post a Comment