Kim Cameron’s Identity Weblog » WordPress vulnerability at identityblog

Wow. Kim’s site has been hacked. He made the prediction that the technology he is building–CardSpace–will be the most hacked software in history. I think he is right, and the hack into wordpress is just the beginning. 

WordPress vulnerability at identityblog

Posted on Thursday 17 August 2006

Sun’s Rohan Pinto has spent a fair amount of time this week using a recipe that has been discussed in the Blogosphere recently to hack into my blog, which runs WordPress 2.0.1, and then apologizing for it (I appreciate that, Rohan).

 He was able to use a

vulnerability in WordPress to employ his ”subscriber” account (which normally only grants comment rights) in order to import a fake post onto my site (I’ve since removed it but it is shown at the right).

The exploit used was described about three weeks ago (July 27th, 2006) when Dr. Dave published his “Critical Announcement affecting ALL WordPress Users.”  All in all, it was a fairly stern warning.  I would have upgraded to a newer version of WordPress but couldn’t because I was traveling:

Source: Kim Cameron’s Identity Weblog » WordPress vulnerability at identityblog

tags: , , ,

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s