Kommentarer til: How to not tell about a security breach? https://hovenko.no/blog/2009/09/07/how-to-not-tell-about-a-security-breach/ En blogg av Knut-Olav Thu, 02 Sep 2021 20:06:39 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Knut-Olav https://hovenko.no/blog/2009/09/07/how-to-not-tell-about-a-security-breach/comment-page-1/#comment-8329 Knut-Olav Tue, 08 Sep 2009 17:52:49 +0000 http://hovenko.no/blog/?p=346#comment-8329 Ok, so I finally got to the point of upgrading to WordPress 2.8.4. Since I use Subversion to organize my blog source code I can easily get the diff between WordPress version 2.8.3 and 2.8.4. There is nothing in that diff that bings any security to my blog. Sure, if a spam bot creates millions of user accounts on my using different email addresses they might brute force the activation key in a few tries. Looking from another perspective millions of bots might try to brute force the activation key of my admin account. But after I apply this patch, they still can! If your admin account is named "admin" of course. The only benefit from a security perspective of upgrading from 2.8.3 to 2.8.4 is when your admin account is not named admin. Then the bots have to guess the username too. In the short. Rename your admin account! Ok, so I finally got to the point of upgrading to WordPress 2.8.4. Since I use Subversion to organize my blog source code I can easily get the diff between WordPress version 2.8.3 and 2.8.4. There is nothing in that diff that bings any security to my blog.

Sure, if a spam bot creates millions of user accounts on my using different email addresses they might brute force the activation key in a few tries. Looking from another perspective millions of bots might try to brute force the activation key of my admin account. But after I apply this patch, they still can! If your admin account is named “admin” of course.

The only benefit from a security perspective of upgrading from 2.8.3 to 2.8.4 is when your admin account is not named admin. Then the bots have to guess the username too.

In the short. Rename your admin account!

]]>