A firewall is reasonable protection for most people, just as a dead bolt on the front door is reasonable protection for most homes. If you're the online equivalent of a jewelry store - that is, a high profile target - then obviously you need much more than that.

Link for the above DSA: http://lists.debian.org/debian-security-announce/2010/msg00181.html

On my Blackberry, hitting the space bar twice automatically enters a period. It's the same number of keystrokes but easier to hit than hitting the Alt and then the M key.

How is dropping a text file in the same folder as wordpress creating something that is "part of WP"?

It doesn't. I can take a copy of this post and drop it in a WP folder and it's not affected in any way.

What causes it to be "part of WP" is the fact that the contents of the file in question literally become part of WP. From the last linked article:

There is a tendency to think that there are two things: WordPress, and the active theme. But they do not run separately. They run as one cohesive unit. They don't even run in a sequential order. WordPress starts up, WordPress tells the theme to run its functions and register its hooks and filters, then WordPress runs some queries, then WordPress calls the appropriate theme PHP file, and then the theme hooks into the queried WordPress data and uses WordPress functions to display it, and then WordPress shuts down and finishes the request. On that simple view, it looks like a multi-layered sandwich. But the integration is even more amalgamated than the sandwich analogy suggests.

Here is one important takeaway: themes interact with WordPress (and WordPress with themes) the exact same way that WordPress interacts with itself. Give that a second read, and then we'll digest.

It's wrong. Suppose that you randomly selected 100 families with two children. We're ignoring all the things that you mention above and assuming that gender distribution 50:50. Statistically speaking, our 100 families would consist of 25 boy/boy, 25 boy/girl, 25 girl/boy and 25 girl/girl. We assign a number from 1 to 100 to each family, write that number on a series of cards, and you randomly select a card and hand it to me. I look at it, see the number, and announce that the family has at least one boy. What are the odds that they have two boys? What are the odds that they have a girl and a boy? There are 25 girl/girl cards, but you know you did not pick one of them, so they can be ignored. So you know you picked one of 75 cards. Of those 75 cards, 25 are boy/boy, 25 are boy/girl and 25 are girl/boy. So there is a 25/75, or 1 in 3 chance that you picked a boy/boy card. There's a 50/75 or 2 in 3 chance that you picked a card with a boy and girl combination.

The fact that the number of days in a week is arbitrary is completely irrelevant. If there were eight days a week, then could make the same calculations, substituting the number eight for seven in the calculations. Yes, the results would be different but that's because the information you were provided is different. In this case, the day the son was born is narrowed to one in seven. If there were eight days a week, it would be narrowed to one in eight.

The number of sides on a die is arbitrary as well. There are dice with 4 sides, 8 sides, 10 sides, 20 sides, etc. On a six sided die, the chance of rolling a one is one in six. On a ten sides die, it's one in ten. Just because a six sided die is an arbitrary choice doesn't mean that one can't calculate odds based on that number. So long as you know the size of the die being used, the odds are directly calculable. So long as everyone understand the number of days in a week, the odds can be calculated based on that as well.

Not sure what you're saying is not a problem - the change to TACO or the forked Beef TACO. If you're talking about the changes to the original, I sort of agree with you. I can understand people being upset over the size expansion, particularly if it slows down Firefox or significantly increases its memory footprint, but is there any real problem with the changes that makes this some sort of malware? So far as I can tell, there's no malicious activity associated with the update. It's just big and bloated but does offer some significant new and useful functionality. Assuming that to be the case, I think the hysteria is a bit overblown.

This isn't domain hijacking. Hijacking is when you impersonate the legitimate owner to have the domain transferred, use some sort of DNS poisoning attack to redirect the traffic to an alternate site or use some other nefarious method to deprive the legitimate owner of the use of the domain. The domain owner allowed the domain to expire. McCrary purchased it legally and legitimately. No high jacking involved.

A dedicated wireless network is one workable and practical solution. Assuming that the network is using business class equipment and is not running on a bunch of consumer grade equipment (which is NOT always a valid assumption,) it's also relatively straightforward to use wired networks. Computers which authenticate to the LAN are placed in a VLAN allowing them full access. Computers which do not authenticate are dynamically placed in a restricted VLAN that only allows access to the Internet,

If I were to hazard a guess, I'd wager he's in the marketing department.

Perhaps. It's also possible that he works in another department and brings his own computer because they won't allow the apps he wants to use on the hospital computers. I've used my personal computer for lots of work stuff because I wasn't allowed to install anything and the only text editor available was Notepad.

I'd echo the advice already given numerous times to stop checking email on anything other than a company machine. But for personal machines at work, it depends on why they're being used and why they're connected to the network. Are they actually being used to access local network resources or is the network merely being used to provide internet connectivity? If its the latter, it's not difficult to set up isolated VLANs and subnets which only have access to the internet. The hospital IT staff may not be willing to do this, of course, but it's a possible option to consider.

A number of facts are in dispute, or at least the interpretation of a number of facts, and that's why this case potentially "...puts all IT admins in danger..."

The city claims that Terry took a number of nefarious actions that endangered the network. They claim that he installed multiple modems connected to the network to allow him to access it without logging or auditing. Connecting a modem to the console port of a router or switch is a common back-up access method. It's the only way you can remotely get to a network device if the network is down. When you connect, you still need the username and/or password to get into the device and that access can be logged. It's no different from connecting your laptop directly to the console port.

They claimed that he disabled password recovery on network devices to prevent the city from accessing them. But all of the devices where password recovery was disabled appear to be devices that could not be physically secured. Disabling password recovery is, again, a common practice for devices that are physically accessible.

They claim he had sniffers installed on his computers in order to snoop on the network. How many network admins out there DON'T have a sniffer program installed for troubleshooting the network?

After he was arrested, his pager was taken and it went off with an alert from one of the routers. The city claims this was unauthorized access to the network. Again, it's extremely common for network admins to have monitor programs that send out an email or pager alert in the event of a failure.

I agree that Terry handled the situation poorly and was probably a bit of a jerk. But the city's attempts to pile on the charges in an attempt to get back at him do threaten to set dangerous precedents that could come back to bite any system or network admin.

There is nothing you can do to ensure that data you've already entered is gone. Even if you delete photos and change the info, there's no guarantee that the previous info is not stored. That being said, I deleted my account when I saw this earlier this morning on another site. When they asked me why I was deleting the account, I checked "Privacy concerns." In the comments section, I pasted a quote from the article noting what they were selling and followed it up with a single word: Bye. If enough people do this, Facebook will get the message that users are unhappy with this decision, even if deleting the account doesn't protect already-entered data.

And use DenyHosts

This case was settled, yes. But if you RTFA you'll note that there were several rulings that were issued and then appealed up to the Federal Circuit Court of Appeals. Those rulings, which strongly favor F/OSS, ARE now binding, at least for that circuit.