Have Laptop Will Travel

Comments / What do you think?

1. Comment by Doug Karr posted on March 2nd, 2007

   Sean, Any inside info on this? Is there any chance that they could have relayed personal data? Thanks!

2. Comment by TechZOnline.net » Critical Update on WordPress, 2.1.2 posted on March 2nd, 2007

   [...] to Sean for the info! Local Tags: cracker, Software, The Site, wordpress   Related [...]

3. Comment by TechZ posted on March 2nd, 2007

   Wow! Thanks a bunch Sean!

4. Comment by Sean posted on March 4th, 2007

   Doug, The WordPress source code was recently compromised by a third party in order to enable remote command execution on the machines running affected versions. If people had downloaded WP 2.1.1 after February 25, 2007, they had the effected version but since then with 2.1.2 it’s been corrected. Also, since my post, I added the link (see above) to the official WP development blog which has more information. At the time of my original post, nothing had been officially posted to the community. It was only reported to a few lists.

5. Comment by Doug Karr posted on March 4th, 2007

   Thanks, Sean. I read all of the posts regarding what occurred and immediately updated. What is not being discussed which is of the most importance is HOW the hack could have been used. It doesn’t help to update if the Remote Execution already passed my site configuration, login info, etc. to a third party. That requires me to do much more to protect myself. If you can poke some more, it would be great. Thanks for staying on top of this! Doug

6. Comment by Sean posted on March 4th, 2007

   Hey Doug, from what I know, only two files in the 2.1.1 distribution were effected to enable remote command execution. The compromised files are: wp-includes/feed.php and wp-includes/theme.php I’m not sure if those two files would give up any configuration settings or passwords but it might be good to just update your passwords as an added security measure.