WordPress Hacking « Ed Bellis

WordPress Hacking

27 11 2007

There’s been some interesting posts around the net over the past week about WordPress blogs being hacked. The source vulnerabilities appear to be embedded within various WordPress themes created by outside developers.

There’s a pretty decent write-up on GigaOm. It’s good to see this kind of attention outside of the usual security crowds. Note: This blog runs on WordPress. Serves as a friendly reminder to review and understand the source code running on your site or application.

Update: It looks like some more blog hacking just made the news. Al Gore’s blog has been hacked. Les Orchard (friend and former colleague of mine) appears to have has the same issue over at Decafbad.

Actions

Information

Date : 27 November 2007
Tags : blogs, hacking, themes, wordpress
Categories : hacking, vulnerabilities

About ClearText

In data communications, cleartext is the form of a message or data which is transferred or stored without cryptographic protection.

The RED/BLACK concept refers to the careful segregation in cryptographic systems of signals that contain sensitive or classified plaintext information (RED signals) from those that carry encrypted information, or ciphertext (BLACK signals).

About the Author: Ed Bellis, is the Chief Information Security Officer (CISO) for Orbitz Worldwide. The views within are mine and not the views of Travelport or Orbitz Worldwide, I am not a spokesperson for Travelport or Orbitz Worldwide and neither Travelport nor Orbitz Worldwide endorse any material, content and/or links or assume any liability for any of my actions.

Ed Bellis - ClearText