Wow. Kim’s site has been hacked. He made the prediction that the technology he is building–CardSpace–will be the most hacked software in history. I think he is right, and the hack into wordpress is just the beginning.
Posted on Thursday 17 August 2006
Sun’s Rohan Pinto has spent a fair amount of time this week using a recipe that has been discussed in the Blogosphere recently to hack into my blog, which runs WordPress 2.0.1, and then apologizing for it (I appreciate that, Rohan).
He was able to use a
vulnerability in WordPress to employ his ”subscriber” account (which normally only grants comment rights) in order to import a fake post onto my site (I’ve since removed it but it is shown at the right).
The exploit used was described about three weeks ago (July 27th, 2006) when Dr. Dave published his “Critical Announcement affecting ALL WordPress Users.” All in all, it was a fairly stern warning. I would have upgraded to a newer version of WordPress but couldn’t because I was traveling: