Wow. Kim’s site has been hacked. He made the prediction that the
technology he is building–CardSpace–will be the most hacked software
in history. I think he is right, and the hack into wordpress is just
the beginning.
Wordpress vulnerability at identityblog
Posted on Thursday 17 August 2006
Sunís Rohan Pinto
has spent a fair amount of time this week using a recipe that has been
discussed in the Blogosphere recently to hack into my blog, which runs
Wordpress 2.0.1, and then apologizing for it (I appreciate that, Rohan).He was able to use a
vulnerability in Wordpress to employ his îsubscriberî account (which
normally only grants comment rights) in order to import a fake post
onto my site (Iíve since removed it but it is shown at the right).The exploit used was described about three weeks ago (July 27th, 2006) when Dr. Dave
published his ìCritical Announcement affecting ALL Wordpress Users.î
All in all, it was a fairly stern warning. I would have upgraded to a
newer version of Wordpress but couldnít because I was traveling:
Source: Kim Cameronís Identity Weblog º Wordpress vulnerability at identityblog
tags: identity, Wordpress, Kim+Cameron, hacks