Since some days a rather nasty hack has been going round in the WordPress community. I actually noticed it myself not that long when I googled for ‘Chris Pearson‘ and what I saw in the results was… shall we say ‘interesting’?
Prozac, Levitra, Lexapro? Had Chris sold the ‘Best Damn Blog on the Planet’, AKA Pearsonified? I went to check out Chris’ blog but no. No Prozac, Levitra or anything else of suspicious nature to be found there. Just your regular well-tuned Pearson content. I even looked in the source code and a quick search for known brands ended empty. I left again, having long forgotten already why I googled Chris in the first place.
Now it seems though that this hack is making the rounds and becoming more and more popular. Leland Fiegel from Themelab first reported about it on first reported about it on the Themelab blog, more than a month ago already. Afterwards the issue was covered over at the WP Tavern forums but no solution has been found so far. Even the WordPress Lead Developer, Mark Jaquith, is left clueless and hopes to solve the issue ASAP. read more
The front page of CERT/CC, the Carnegie Mellon Software Engineering Institute and cyber security experts, looks back at 2008 as the 20th anniversary of the Morris worm, sometimes called the “Great Worm,” which crippled the Internet in 1988. Created by Robert Morris, now an associate professor at MIT, it was one of the first computer worms to infect the brand new Internet, exploiting known vulnerabilities and causing millions in damages. It also was the first conviction in the United States as part of the 1986 Computer Fraud and Abuse Act.
Years ago, a friend of mine worked for Boeing IT and taught many company workshops and training programs that began with an amusing lecture on “Safe Computer Sex.” She taught fellow employees to take care when flipping floppies to avoid transferring computer program infections across the network. How far we have come from those days.
As our dependence upon the web increased with email communication, spammers, hackers and attackers spread evil through your email inbox. Now, they are attacking our websites, social media tools, and web browsers.
Microsoft announced recently security issues with the Internet Explorer web browser and the dangers of visiting websites that could exploit that security vulnerability. Many warned to not use Internet Explorer until it was patched and updated.
Google created the Browser Security Handbook to help people and developers understand the security issues facing web browsers and the steps to take to protect individuals and web applications.
Online, apparently, it’s fine for someone to run into a crowded theatre and yell “fire” and the less basis there is in fact the more people link to them. It’s not uncommon to see crying-wolf reports like the above several times in a week, and a big part of what the WP security team is sifting through things to see what’s valid or not.
…All that said, there is a wave of attacks going around targeting old WordPress blogs, particularly those on the 2.1 or 2.2 branch. They’re exploiting problems that have been fixed for a year or more. This typically manifests itself through hidden spam being put on your site, either in the post or in a directory, and people notice when they get dropped from Google. (Google will drop your site if it contains links they consider spammy, you’ll remember this is one of the main reasons I came out against sponsored themes.)
“Sponsored” WordPress Themes were banned from the official WordPress Theme Directory due to inclusion of ads, spam, and malicious links in Themes offered for free, with a hidden price. WordPress Theme scams continue and WordPress users are warned repeatedly to be cautious about downloading and using WordPress Themes without careful inspection and testing.
In the last issue of this series on “Cyber Attacks on the Rise in 2009,” I covered the current spread of the Downadup Worm Infection that uses websites to spread its evil, impacting more than 3.5 million sites worldwide. Such attacks are becoming more rare, but hackers targeting blogs are growing in numbers and resourcefulness. We must be on our guard to protect our blogs more this year than ever before. read more
WordPress 2.7 downloads now past 650,000. Poll out for WordPress 2.8 input. Possible WordPress Theme threat you need to know about. BuddyPress beta released. Imagine moving millions of Typepad blogs to WordPress? Want some WordPress schwag? WordCamps coming up in January – are you going to a WordCamp near you? And if the weather permits, and electricity holds, we’ve got more WordPress news for you!
Get Ready for WordPress 2.8: Already work is ongoing for WordPress 2.8 and WordPress wants your feedback. In “Prioritizing Features for WordPress 2.8,” Jane Wells invites people to take a poll on what are the top priorities WordPress developers should be putting their energy into. Currently, they are focused on WordPress Widget management, automatic Theme updates and installs, and performance improvements. The poll features the most popular features requests from the Ideas forum and more that the WordPress developers want to work on. Vote by noon on December 31 to have your say in what you want to see in WordPress 2.8.
WordPress 2.7 is at beta version 2 and a ton of work has been done on it, though the official release is now delayed until the end of November. Please upgrade WordPress 2.6. A lot of news about WordPress 2.7 is out, including what you need to know to prepare your blog for the upcoming release. WordPress Plugin and Theme authors are scurrying to update their work accordingly. A fake WordPress.org site is spreading bad WordPress versions – be alert! WordPress opens a new showcase to show off what WordPress can do. A ton of WordCamps are coming up in the next few weeks, and into 2009, including a traveling WordCamp for educators and a skiing, wintry WordCamp in Canada. And more WordPress news.
WordPress 2.7 Development: The original release date of November 10 has been pushed back by at least two weeks, though may change as beta testing continues. Two beta versions of WordPress have been released, with WordPress 2.7 Beta 2 fixing a lot of the bugs found in Beta 1. At the time of writing this, the WordPress Development Twitter had 149 changes and fixes reported over the past week. Improvements have been made to localization, the Write Post Panel, design problems for Internet Explorer, rewrite rules for various servers and hosts, and the WordPress Plugin update and install feature. More improvements, fixes, and design features are in process for the next beta release. The new interface is being cheered and readily accepted by testers and many are loving the new Comments and Write Post Panels. The ease of blogging and information on the new Dashboard Panel makes that screen more valuable than ever.
Work on WordPress 2.7 is rocking, but a security upgrade also announced for WordPress 2.6.3. Podcamp/WordCamp Hawaii success! Hot WordCamps coming up in Israel, DC, Charlotte, Australia, and more. PollDaddy WordPress Plugin and now on WordPress.com. Akismet gets stats. Gravatars required. And more WordPress news.
Security Upgrade Announced:WordPress 2.6.3 has been released covering a Snoopy class vulnerability. This is a mandatory security upgrade and involves replacing two files. Download WordPress 2.6.3 now to protect your blog.
WordPress 2.7 Development: The WordPress 2.7 development team is working overtime to help educate and prepare the WordPress Community for WordPress 2.7 and its new interface. They have been testing the final version with some users and getting input from all over the world on how the program is working for them. The official release is due November 10, and testing will continue right up until the release. Your feedback and input is critical, so be sure and report in to the Alpha/Beta sections on the WordPress Support Forums and the mailing lists. So far, the reaction from most has been exceptionally positive and most are eager for the new version. Articles are coming out with news and information on the new version all around the web and include: read more