Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Security

Submission + - WordPress download site cracked

JavaRob writes: From the WordPress development blog: "If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately."

Fortunately, they got a tipoff, but it's not clear how long the altered download (the cracker altered a couple of files to add in remote execution capabilities) would have stayed up otherwise.

Note: the cracker did not sneak in code by posing as an OSS developer (the common FUD scare scenario...); they just managed to crack one of the site's servers, and altered the download directly.

Apparently, WordPress has taken steps to ensure it doesn't happen again. Personally, I'm wondering about ways browsers and/or operating systems might be improved to automate checksum validation for downloaded executables.

You are in a maze of little twisting passages, all different.

Working...