- Projects -     - Mouldy Soups -     - Mouldy Bread -     - Contact -     - Links -     - Cheap Plastic Stuff -     - Photo Gallery -

Mr Mist’s Blog

It’s very sensible

Posts Tagged with ‘security’

Upgrade your copy now…

Friday, July 31st, 2009

There seems to be growing evidence that the XSS vunerability in versions of WordPress before 2.8.2 is now being exploited for real in the wild. The manifestation seems to be that, after recieving a maliciously-crafted comment, affected blogs display a login panel

Title: Authentication Required
Text: The server (yourserver) at Magic requires a username and password

It would appear at the moment as though the malicious content can be removed by replacing wp-includes with a fresh copy from the WordPress source for your version. But if I were you I wouldn’t take that chance. I’d upgrade to 2.8.2 now. Otherwise you can’t really be sure that the hack hasn’t stolen any credentials, or caused other changes.

Posted in Web and Tech and tagged with: ,

AOL IM security hole

Thursday, January 3rd, 2002

BBC News is just one place that has noted the security hole in AOL instant messenger. The original advisory is here if you can get to it.

Posted in News and tagged with: , ,

Google