A new version of WordPress is available, version 2.6.3. It is a security release to fix a vulnerability reported in the Snoopy library, which WordPress uses to fetch the feeds you see in the Dashboard. It doesn’t seem to be very serious flaw, and you don’t have to download the full release if you’re running 2.6.4, you can just get the two files needed. Links in the dev blog post, and the full 2.6.3 release is available on the download page now.
If you’re running WordPress 2.1.1 on your blog, and are using Google Webmaster Tools, you might get a security warning from Google. They are conducting a test to warn publishers if your publishing platform of choice is vulnerable to hacking, and WordPress 2.1.1 is just that, and also the test platform of choice. Should the test be successful, Google will expand this service to more platforms and versions in the future.
This is good, because it creates even more awareness to the need for upgrading to safer versions, not matter what CMS you’re using. Read more on the Official Google Webmaster Central blog. Hat tip to Quick Online Tips.
With the line between a legit blog and scam blog getting harder to detect, how do you really know when the blog you are reading is a scam blog? As part of this ongoing series on blog scams, we’ve covered how blog scams are growing and the impact on the economy and job market for stay-at-home workers. Learning to tell the difference between a legit blog and a scam blog is becoming more and more important as the work force moves online looking for jobs.
You begin the process of detection of a scam blog by checking the facts. I covered a lot of information previously on how to check the facts in:
- Web Browser Guide: Scams, Hoaxes, Rumor Mills, and Online Trash – Check the Facts
- Blogging Resources and Sources to Help You Blog
- Blog Resources: Researching the Research, Finding the Facts, and Seeking Supporting Evidence
Some of the sites I recommend you use to check your facts when it comes to the hoaxes, scams, and snake oil claims some blogs can make include: [Read more…]
There’s a new version of WordPress out now, 2.6.2, which addresses a database issue as well as the weakness of mt_rand(). This is especially important if you accept registrations to your blog. Also, some bug fixes, but other than the MySQL/PHP issue mentioned, this is another one of those small security releases. Check out the release post for more, and download the new version as well.
Wired has the story of the latest major security hole on the internet, the routing protocol BGP:
Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.
The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.
The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet’s core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness.
The primary focus of activity this week was around the Movable Type Open Source (MTOS) 4.15 beta test and the release of the second beta release. Before we dive into that information however, I thought I’d address one of the hot topics of the last week.
Welcome to Movable Type Monday! [Read more…]
A few days back Lorelle asked what one would not blog about. People had varied responses. Some would not write profanities. Some would not offend other people with their writing. And others would not blog about work. Generally, it’s about doing others no harm.
What if blogging can bring you harm? We do know that restrictive regimes have jailed or imprisoned bloggers, or at the very least blocking access to blog hosting providers. People have been fired for what they have written on their blogs. It can be worse. There are a handful of arguments against blogging.
Here’s one example of something I would rather not blog about. When I was new to the blogging world, someone close to me witnessed a murder in broad daylight. Standing in line at a fastfood counter, a man was shot in the head and died on the spot. There were dozens of other witnesses, but no one dared move for fear of being shot themselves.
At first I thought that it was blog-worthy, that it was a good case of citizen journalism. I had finished drafting the post and was almost at the point of publishing the entry. But then at the last minute I changed my mind. I thought that I would rather not endanger myself and that person with that potentially dangerous blog post. I have several reasons.
First, I don’t personally know the nature of the incident, and the background of the perpetrators. For all I know those people could be members of organized crime. And they could perhaps come after me and my family.
Secondly, I’m not sure I can trust our authorities here 100%. In my country, while there are perhaps a good number of honest civil servants, hoodlums in uniform are aplenty. And in these cases I would rather not be involved lest I become involved in a very complicated and potentially dangerous way.
Some things are best kept private. Or at least anonymous. In hindsight, perhaps I could have posted about the incident, but somewhere not directly attributable to me or my friend.
Put simply, I like the freedom that blogging gives me, in terms of expressing myself. Both in writing opinions and reporting observations and facts (even news, where applicable). I can even go to the extent of writing negatively about people and companies. But when my life and those of the people close to me are potentially at risk, then that’s when I’ll keep my mouth (and my blog) shut.
I’ve been in “secret talks” with a friend of mine for the past few months about blogging anonymously. She wants to be a whistle-blower, speaking out about the atrocities and abuse she sees within her industry. But she doesn’t want the consequences of being a “public” whistle-blower.
In other words, she wants to keep her job within that atrocious industry.
I’m so thrilled. I really respect people who want to work from within the industry to change it for the better. But our discussions have been really difficult because I believe you should speak out publicly, not hiding behind a blog. I understand her position, though, and the risk she is taking.
According to recent reports, US Army soldiers stationed in Iraq are being further restricted as to the sites the can access and they’re allowed online activities.
The reasoning for these restrictions, which see sites such as YouTube, MySpace, PhotoBucket, MTV, Hi5, and Live365 being blocked, is that of security and technological limitations.
Many relatives of servicemen and women, though, see it as a form of censorship, put in place to cover up a war that’s going badly.
I’m not going to name names, but I heard recently of some WordPress bloggers who had their blog’s “broken into” not because of a vulnerability in the WordPress code, but because their passwords were easily guessed and used.
I vaguely remember a television court drama from a few years ago against a gun safe company, won because a locked gun safe was easily broken into by a child. The combination was very simple like a phone number, 123456 or 654321. For one of these bloggers, their password was their name spelled backwards. The other used the password “wordpress”. Is the password on your blog just as simple?
The most common passwords are:
- Middle names
- Names spelled backwards
- Phone numbers
- The word “password”
- Single or combination uses of love, god, sex, and money, such as lovemoney or sexgod
- car license
According to Wikipedia’s explanation of Password Cracking, “Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs.”