lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <51015.131.182.176.99.1180017842.squirrel@slashmail.org>
Date: Thu, 24 May 2007 09:44:02 -0500 (EST)
From: "Steven Adair" <steven@...urityzone.org>
To: "Larry Seltzer" <Larry@...ryseltzer.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: WordPress Community Vulnerable

So do you think his two WordPress blogs (I am assuming here..looks a lot
like WP, but I'm not pounding out GET requests to verify) were included in
this "survey" that was done?  I wonder if he's running a safe version? 
And as mentioned in one of his blog comments, version reporting isn't
always reliable and patches that did not change the extractable version
number could have also been applied.

In any event, I think WordPress has increasingly become more secure.  It's
had a small rash of issues a few months back ranging from SQL injection to
someone actually backdooring the source, but it's grown up quite a bit.  I
think someone would be hard pressed to actually come up with the Month of
Wordpress bugs.  The majority of all other recently reported issues have
all from third party add-ons that aren't actually a part of WordPress.


Steven
securityzone.org


>>>Check out a recent survey of 50 WordPress blogs conducted at
> blogsecurity.net <http://blogsecurity.net/> :
>>>http://blogsecurity.net/wordpress/articles/article-230507/
> <http://blogsecurity.net/wordpress/articles/article-230507/>
>
> Can the Month of WordPress Bugs be far behind?
>
> Larry Seltzer
> eWEEK.com Security Center Editor
> http://security.eweek.com/ <blocked::http://security.eweek.com/>
> http://blogs.eweek.com/cheap_hack/
> <http://blog.eweek.com/blogs/larry_seltzer/>
> <http://blog.ziffdavis.com/seltzer>
> Contributing Editor, PC Magazine
> larryseltzer@...fdavis.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ