WordPress Exploits and Patches
I’m a big fan of WordPress, except for tonight when I’ve finally decided to conquer the random blog spam that has been happening to some blogs I administer. “WordPress Cookie Authentication Vulernability.” It’s an invisible kind of CSS appended to the bottom of a post, as a form no less. The realization is that the security in WordPress is not too hot. Something about a stored double MD5 hash, and hackers compromising the cookie of the stored passwords, and not even having to resolve the MD5 hash but simply repost it as a cookie on their system and re-access the administrative site, where they can manage a lot of things.
Anyways, the patch I want to apply is not for the version we have installed- do I go with an unstable beta version (2.4b) or do I stick with 2.3.1 and manually change files line by line instead of applying the patch, or, do I wait until 2.4 is officially released? Oh the conundrums of open source.
This entry was posted
on Friday, December 14th, 2007 at 11:59 pm and is filed under technology.
You can follow any responses to this entry through the RSS 2.0 feed.
View blog reactions
Stumble it! 
You can leave a response, or trackback from your own site.
Stumble it!
Add New Comment
Viewing 2 Comments
Thanks. Your comment is awaiting approval by a moderator.
Do you already have an account? Log in and claim this comment.
Do you already have an account? Log in and claim this comment.
Do you already have an account? Log in and claim this comment.
Add New Comment
Trackbacks
(Trackback URL)