Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Popular Wordpress Plugin Leaves Sensitive Data In the Open 54

chicksdaddy writes in with a warning about a popular Wordpress plugin. "A security researcher is warning WordPress users that a popular plugin may leave sensitive information from their blog accessible from the public Internet with little more than a Google search. The researcher, Jason A. Donenfeld, who uses the handle 'zx2c4' posted a notice about the add-on, W3 Total Cache on the Full Disclosure security mailing list on Sunday, warning that many WordPress blogs that had added the plugin had directories of cached content that could be browsed by anyone with a web browser and the knowledge of where to look. The content of those directories could be downloaded, including directories containing sensitive data like password hashes, Donenfeld wrote. W3 Total Cache is described as a 'performance framework' that speeds up web sites that use the WordPress content management system by caching site content, speeding up page loads, downloads and the like. The plugin has been downloaded 1.39 million times and is used by sites including mashable.com and smashingmagazine.com, according to the WordPress web site."

Two FreeBSD Project Servers Hacked 46

hypnosec writes "The FreeBSD project has suffered a security breach. Hackers have successfully compromised servers that were part of the infrastructure used to build third-party software packages. The Security team over at the FreeBSD project is of the opinion that hackers were able to gain access to the servers using legitimate SSH keys and not by exploiting any operating system vulnerabilities. Instances of intrusion were first detected on November 11. FreeBSD project, through a message on public announcements mailing list said that the security breach hasn't affected the project's core components like kernel or system libraries but, has affected third-party software packages being distributed by the project."

How many Bavarian Illuminati does it take to screw in a lightbulb? Three: one to screw it in, and one to confuse the issue.