Comments on: WordPress 1.5.2 released http://www.blogherald.com/2005/08/14/wordpress-152-released/ The leading source of news covering social media and the blogosphere. Sun, 12 Feb 2012 21:12:36 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Eitan Caspi http://www.blogherald.com/2005/08/14/wordpress-152-released/comment-page-1/#comment-44623 Eitan Caspi Tue, 16 Aug 2005 16:33:34 +0000 http://www.blogherald.com/2005/08/14/wordpress-152-released/#comment-44623 Hello Juergen, Of course anyone can dive into the code and search for it, be it a hacker, be it administrator, but it will not be simple. The developers should not hand it "on a silver platter" – it will more be a benefit for script kiddies (learn and harm) than to administrators (learn and…???). I believe you will agree that it is better for you to be in dark than any malicious surfer being more knowledgeable. Regarding your note (linked from your former note) – I couldn't agree more, that any software should have a simple automatic and scheduled update applet. But don't expect too much of the free code projects, they usually struggle to build functionality with their limited resources. Even many commercial vendors still not at it. Go figure. Eitan Hello Juergen,

Of course anyone can dive into the code and search for it, be it a hacker, be it administrator, but it will not be simple.
The developers should not hand it “on a silver platter” – it will more be a benefit for script kiddies (learn and harm) than to administrators (learn and…???).
I believe you will agree that it is better for you to be in dark than any malicious surfer being more knowledgeable.

Regarding your note (linked from your former note) – I couldn’t agree more, that any software should have a simple automatic and scheduled update applet.
But don’t expect too much of the free code projects, they usually struggle to build functionality with their limited resources.
Even many commercial vendors still not at it. Go figure.

Eitan

]]> By: » WordPress 1.5.2 Released TurboBlogger.com http://www.blogherald.com/2005/08/14/wordpress-152-released/comment-page-1/#comment-44552 » WordPress 1.5.2 Released TurboBlogger.com Mon, 15 Aug 2005 20:35:00 +0000 http://www.blogherald.com/2005/08/14/wordpress-152-released/#comment-44552 [...] ly make it easier for more exploits to be designed. I’m going to have to agree with Duncan Riley and some others that this type of security by obscurity is not appropri [...] [...] ly make it easier for more exploits to be designed. I’m going to have to agree with Duncan Riley and some others that this type of security by obscurity is not appropri [...]

]]> By: Juergen Kreileder http://www.blogherald.com/2005/08/14/wordpress-152-released/comment-page-1/#comment-44549 Juergen Kreileder Mon, 15 Aug 2005 19:31:31 +0000 http://www.blogherald.com/2005/08/14/wordpress-152-released/#comment-44549 That's a naive argument, Eitan. Hackers are not stupid, they can figure out the issue from looking at the source code. As you've just demonstrated, just saying "we've fixed a security issue" but not giving more specific information easily leads to a false sense of security. (Slightly longer reply to some comments I've received available <a href="http://blog.blackdown.de/2005/08/15/more-on-security-announcements/" rel="nofollow">here</a>) That’s a naive argument, Eitan. Hackers are not stupid, they can figure out the issue from looking at the source code. As you’ve just demonstrated, just saying “we’ve fixed a security issue” but not giving more specific information easily leads to a false sense of security.

(Slightly longer reply to some comments I’ve received available here)

]]> By: James http://www.blogherald.com/2005/08/14/wordpress-152-released/comment-page-1/#comment-44547 James Mon, 15 Aug 2005 18:57:26 +0000 http://www.blogherald.com/2005/08/14/wordpress-152-released/#comment-44547 You're not the only one who feels this way: http://www.blogherald.com/2005/08/14/wordpress-152-released/ At least MT has always talked about security fixes right on their hompage, even before WP came out. WP could <a href="http://www.sixapart.com/about/corner/2005/04/movable_type_31_2.html" rel="nofollow">learn from Mena</a>. You’re not the only one who feels this way: http://www.blogherald.com/2005/08/14/wordpress-152-released/

At least MT has always talked about security fixes right on their hompage, even before WP came out. WP could learn from Mena.

]]> By: Eitan Caspi http://www.blogherald.com/2005/08/14/wordpress-152-released/comment-page-1/#comment-44542 Eitan Caspi Mon, 15 Aug 2005 16:22:11 +0000 http://www.blogherald.com/2005/08/14/wordpress-152-released/#comment-44542 Think about those who did not upgrade, because of any reason. Why should the developers give anyone the knowledge of how to attack this people?! It is better that you simply upgrade and be left in the dark about how and why, and others won't be attacked. Eitan Israel Think about those who did not upgrade, because of any reason.
Why should the developers give anyone the knowledge of how to attack this people?!

It is better that you simply upgrade and be left in the dark about how and why, and others won’t be attacked.

Eitan
Israel

]]> By: Matt http://www.blogherald.com/2005/08/14/wordpress-152-released/comment-page-1/#comment-44520 Matt Mon, 15 Aug 2005 04:59:29 +0000 http://www.blogherald.com/2005/08/14/wordpress-152-released/#comment-44520 We wouldn't have been in such a hurry to get a release out if the security problems were obscure! The exact issues are easily findable for anyone in the security community, and there is at least one script kiddie script out there so I don't want to point more people to it while people are still upgrading. We wouldn’t have been in such a hurry to get a release out if the security problems were obscure! The exact issues are easily findable for anyone in the security community, and there is at least one script kiddie script out there so I don’t want to point more people to it while people are still upgrading.

]]>