Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Submission + - WordPress download site cracked

JavaRob writes: From the WordPress development blog: "If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately."

Fortunately, they got a tipoff, but it's not clear how long the altered download (the cracker altered a couple of files to add in remote execution capabilities) would have stayed up otherwise.

Note: the cracker did not sneak in code by posing as an OSS developer (the common FUD scare scenario...); they just managed to crack one of the site's servers, and altered the download directly.

Apparently, WordPress has taken steps to ensure it doesn't happen again. Personally, I'm wondering about ways browsers and/or operating systems might be improved to automate checksum validation for downloaded executables.

"Love your country but never trust its government." -- from a hand-painted road sign in central Pennsylvania