Forgot your password?
typodupeerror
Security

+ - WordPress download site cracked

Submitted by JavaRob
JavaRob (28971) writes "From the WordPress development blog: "If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately."

Fortunately, they got a tipoff, but it's not clear how long the altered download (the cracker altered a couple of files to add in remote execution capabilities) would have stayed up otherwise.

Note: the cracker did not sneak in code by posing as an OSS developer (the common FUD scare scenario...); they just managed to crack one of the site's servers, and altered the download directly.

Apparently, WordPress has taken steps to ensure it doesn't happen again. Personally, I'm wondering about ways browsers and/or operating systems might be improved to automate checksum validation for downloaded executables."

Life. Don't talk to me about life. - Marvin the Paranoid Anroid

Working...