--On Thursday, May 24, 2007 09:44:02 -0500 Steven Adair
<steven@securityzone.org> wrote:
So do you think his two WordPress blogs (I am assuming here..looks a lot
like WP, but I'm not pounding out GET requests to verify) were included in
this "survey" that was done? I wonder if he's running a safe version?
And as mentioned in one of his blog comments, version reporting isn't
always reliable and patches that did not change the extractable version
number could have also been applied.
In any event, I think WordPress has increasingly become more secure. It's
had a small rash of issues a few months back ranging from SQL injection to
someone actually backdooring the source, but it's grown up quite a bit. I
think someone would be hard pressed to actually come up with the Month of
Wordpress bugs. The majority of all other recently reported issues have
all from third party add-ons that aren't actually a part of WordPress.
Yes, but the point of his post isn't that *Wordpress* is insecure. It's
that blog owners are not updating their software to maintain security.
While anyone in IT would go "doh!", many in the "real" world might be
surprised that the software has to be regularly updated and vigorously
maintained to ensure ongoing security.
This isn't exactly news for us, but it may well be for the blogosphere in
general.
--
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
p7seTzsqT4B7m.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
