Updates from September, 2007

  • Insecure Way to Upgrade to WordPress 2.3

    alex 9:28 am on September 25, 2007 | 8 Permalink | Reply
    Tags: backup, backup plugin, BlogSecurity, plugin, ,

    As you may already know, WordPress 2.3 has been released yesterday and many folks around the world are sharing their upgrade experiences. The one that caught my attention was the “5 Step Failsafe upgrade for WordPress” published at BlogSecurity.

    Not offense intended but I wonder why a blog dedicated to security recommends an insecure backup plugin that can allow anyone to download database backups or any file from the file system.

    If you are planning to upgrade your WordPress blog, just try to do manual steps because many backup plugins are very insecure — if you still want to use some of them, deactivate it when the upgrade process is completed.

     

  • Enable tag support on Windows Live Writer and WordPress 2.3

    alex 7:45 am on September 20, 2007 | 4 Permalink | Reply
    Tags: supportsKeywords, tags, Windows Live Writer, wlwmanifest.xml, WordPress 2.3

    Update: Joseph Scott has made a better manifest file.

    As you may already know, Wordpress 2.3 will have built-in tag support and to enable tags on Windows Live Writer you have to upload a manifest file to your blog’s root.

    xml:

    <manifest xmlns="http://schemas.microsoft.com/wlw/manifest/weblog">
    <options>
    <supportskeywords>Yes</supportskeywords>
    <supportsfileupload>Yes</supportsfileupload>
    <supportsextendedentries>Yes</supportsextendedentries>
    <supportscustomdate>Yes</supportscustomdate>
    <supportscategories>Yes</supportscategories>
    <supportscategoriesinline>Yes</supportscategoriesinline>
    <supportsmultiplecategories>Yes</supportsmultiplecategories>
    <supportshierarchicalcategories>Yes</supportshierarchicalcategories>
    <supportsnewcategories>Yes</supportsnewcategories>
    <supportsnewcategoriesinline>Yes</supportsnewcategoriesinline>
    <supportscommentpolicy>Yes</supportscommentpolicy>
    <supportspingpolicy>Yes</supportspingpolicy>
    <supportsauthor>Yes</supportsauthor>
    <supportsslug>Yes</supportsslug>
    <supportspassword>Yes</supportspassword>
    <supportsexcerpt>Yes</supportsexcerpt>
    <supportstrackbacks>Yes</supportstrackbacks>
    <supportspages>Yes</supportspages>
    <supportspageparent>Yes</supportspageparent>
    <supportspageorder>Yes</supportspageorder>
    <requiresxhtml>True</requiresxhtml>
    <supportsautoupdate>No</supportsautoupdate>
    </options>
    <weblog>
    <homepagelinktext>View your blog</homepagelinktext>
    <adminlinktext>Administer your blog</adminlinktext>
    <adminurl><!--[CDATA[
    {blog-homepage-url}wp-admin
    ]]-->    </adminurl></weblog></manifest>

    <posteditingurl><!--[CDATA[
    {blog-homepage-url}wp-admin/edit.php
    ]]-->    </posteditingurl>
     
     

  • Selling exploits

    alex 9:18 am on August 24, 2007 | 0 Permalink | Reply
    Tags: exploits, , sell exploits,

    Today I received a mail from a guy who want to buy some exploits for WordPress.

    Hi. I have seen exploits for wordpress at milw0rm uploaded by you. If you have this kind of scripts for newer versions of wordpress i can buy them.

    I responded:

    Actually I only have one remote exploit for WordPress <= 2.2.2, it lets you retrieve user credentials from affected blogs. How much do you offer?

    Actually, I’m not interested in selling exploits because they can be used to compromise many vulnerable blogs — two years ago my Spanish blog was defaced in the same fashion, but I wonder how much cost WordPress exploits.

    Let’s see what he’ll respond :)

     

Older Posts →

c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
esc
cancel