English-posts · Klagemuren · Teknologi

How to not tell about a security breach?

7. september 2009 · 1 Kommentar

WordPress is breached, again. I guess I run an unsecure version of WordPress, but I’m not sure. All I am told is that i don’t runt he latest version of WordPress and that I should upgrade, because upgrading is easy.

No, it’s not easy. I keep history of my webpage in Subversion, so every time I need to upgrade WordPress I need to add the new version into Subversion in the vendor branch, merge in the changes in a WordPress current branch and then merge the changes into trunk of my web page. Why I do this, you say? No software is perfect, WordPress is far from it, so I need to alter some core code from time to time. That’s why.

Ok, back to the topic. Matt Mullenweg does not tell me in his blog post (link above) anything about what versions of WordPress that are potential targets for this Internet worm that exploits this security breach, nor what part of the code that makes it possible, not even how to patch it up. The entire blog post is just explaining that security holes do happen and some theory about how to protect yourself from it. Nothing concrete. Not very useful.