Outdated Software Alerts
Search This Blog
-
Recent Posts
- Websense’s Claim of Vulnerability in WordPress 3.2.1 Completely Baseless
- Looking at the Claimed WordPress setup-config.php Security Issues
- Claims of Vulnerability in WordPress 3.2.1 Supported by False Information
- DreamHost Does Store Non-Hashed Passwords
- Outdated Software Running on Websites of WordPress and Other Web Software
RSS/Atom Feed
Web Software Updates
WordPress Version
We are running WordPress 3.3.1 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.Did We Make a Mistake?
While it seems to be acceptable for blogs discussing web security to contain numerous factual mistakes, we hold ourselves to a higher standard. We only write about things that we actually understand and only after we have double checked the information. So if you see a mistake in one of our posts please leave a comment on the post or contact us so that we can add a correction.
Monthly Archives: July 2009
Yahoo and Microsoft Reach Search and Ad Deal
Microsoft and Yahoo today announced they had reached a deal to form a search and advertising partnership. Under the partnership, Microsoft’s Bing search engine will power Yahoo Search and Microsoft’s AdCenter search advertising service will provide search ads to Yahoo Search for 10 years. The deal increases the reach of Microsoft search engine and search advertising service. Nielsen Online reported that in May Microsoft had 9.4 percent of U.S. searches and Yahoo had 17.2 percent of searches. While larger, the combined percentage is only 26.6 which is not even half of Google’s 63.2 percentage for the month. The companies indicated that they are “hopeful” that the deal will close, after possible regulatory review, in early 2010. Officials from the companies told CNET News that they expect “integrating Bing’s results into Yahoo in the U.S. will take several months” and that moving to AdCenter “could take a year”. The companies expect that full integration would occur within 24 months. The deal did not include a merger of the two companies display advertising businesses. The deal follows on an of talks about some type of agreement between the two companies that began with a hostile takeover offer by Microsoft early last year.
Posted in Microsoft, Search Engines, Yahoo
Leave a comment
WordPress 2.8.2 Patches Security Vulnerability
Following less than two weeks after the release WordPress 2.8.1, which fixed a potentially serious security vulnerability, a new version has been released to patch another potentially serious security vulnerability. In versions before 2.8.2, comment author URLs were not fully sanitized which could lead to a cross-site scripting (XSS) attack. When viewing a page in the administrative interface that contains a specifically crafted comment author URL the user would be automatically redirected to another web page. That other web page could try to infect the user’s machine with malware or try to perform some other harmful activity.
Posted in WordPress
Leave a comment
Microsoft Claims Increase In Users Following Bing Launch
Microsoft has reported that they saw an 8 percent increase in unique users for their search engine during the month of June. At the beginning of the month Microsoft launched an update of the search engine and rebranded it as Bing. Microsoft also reported that in their own polling the number of people “likely to recommend” their search engine double during the month. The increase is not unexpected due the press coverage of the rebranding and the advertising campaign for the search engine that also began at the begging of the month. In the past Microsoft has made similar increases, but has been unable to sustain them.
Posted in Microsoft, Search Engines
Leave a comment
WordPress 2.8.1 Released
WordPress 2.8.1, which fixes a number of problems with 2.8 and addresses a potentially serious security vulnerability, was released yesterday. The problems that were fixed were causing serious problems for some users. A work around was created so that some templates that were not working due how they called get_categories(). Dashboard memory usage was reduced to alleviate an issue where some people were receiving an incomplete page when they attempted to view the dash board. And an issue that caused the rich text editor not load was worked around. The security vulnerability allows any user of the blog, including subscribers, to view and in some cases modify plugin files if they did not explicitly check permissions. In Corelabs advisory about the vulnerability, they mention one plugin whose features could be disabled and another that could be modified to run arbitrary code when the blog administrator visits the plugins page. Extra security has been put in place to better protect plugins from this.
Posted in WordPress
Leave a comment
