Archive for the “WWW-News” Category

Some of you may be visiting my Blog, to get some Info about the status of BlogSecurity.net, as it’s now already a few days down.
But I can assure you that’s only temporary, we’re not gone and we don’t plan to disappear! We have currently only some problems with the move of the Website to a new server, and we hope that it’s fixed soon.
So stay tuned as many new things will come!
Update: The Website is back on duty, we’ve got the DNS Problems fixed(temporary) and we hope that no further problems arise.

Tags: none

Tags: BlogSecurity, down, temporary

Comments No Comments »

As I just read over at BlogSecurity.com it seems that many users which host their blog independently from wordpress.com. Doesn’t really care about keeping it up to date, and therefore secure. From the scanned 50 blogs where around 46 vulnerable, some do run with versions which are a year and older. Some may now claim that just 50 Blogs can’t represent around 2-3 Million of WP blogs, they may even be right. But if they’re just 300 of them which run with real old, vulnerable versions, that are 300 too much. And I can tell you from my experience with updating other blogs, that there are quite alot of them out.

The Advantage

I will just name one advantage to update your old 1.5 Blog to the current version 2.2, You can use Akismet! I had once an old 1.5 blog, where the owner stopped to use it even, as there where around 60k Spam posts and just 4 legit ones. With Akismet you need just one click to flush all spam away. I had to work with phpMyAdmin to get rid off all Spam, without deleting some maybe hidden, within spam comments, new legit comment. With Akismet this doesn’t happen again!

And there are so many other advantages to profit from, who does still develop plugins for WP 1.5?

It’s Easy!

Most times it’s just as 1,2,3 to update your blog. You make a backup of all your wp files and tables, kill all WP files and upload the new files and the last step is to run the update script and your blog is running the latest version. It cost you just 5 minutes. And how often does it happen that something will broke up with a newer WP version? I would say it’s worth to spend some time to keep your blog updated.

You’re no NERD?

For sure it can be that you’re not too much into PHP and Apache and so forth. For all of yours I’ll offer my help! You want to upgrade your blog but don’t know how to do it? No problem contact me and I’ll take a look where I can help you.
The service will be free(no template adopting to newer versions is supported), but if you like you can handle a small donation, details are handled as soon as the work is done/or will start.

Tags: none
Tags: Update, Vulnerable, Wordpress

Comments No Comments »

As I just read over at heise.de Security(german), a good collection for Security News, a Cross Site Scripting(XSS) hole exist in many templates for WordPress. Affected templates are such popular ones as k2 as well as the classic one.

The problem occurs for many templates which use custom 404 Error pages. Most of these templates which use Error pages, don’t check the variable $_SERVER['PHP_SELF'] for html special chars. Therefore you can perform XSS attacks.
To see if your template is also affected visit this URL

http://www.example.com/index.php/”><script>alert(document.cookie)</script>

If you see an Javascript Popup (activated Javascript assumed) your Template is affected.
Check searchform.php and sidebar.php for:

action=”< ?php echo $_SERVER['PHP_SELF']; >”

Replace it with:

action=”< ?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>”

The original Bug report was posted at Bugtraq

Tags: none
Tags: Template, Theme, Wordpress, XSS

Comments No Comments »

Google crawled in the year 2005 around a billion pages to find out what Tags and Tag attributes are used within them.

General

So this Study shows for example that within the <html> the attribute xml:lang is quite often used, but it’s totally senseless within a HTML Document as no HTML processor does look at it.
It also shows that many people aren’t able to write values within quotes, so mostly wrong attributes and values for them would be the answer.
As you also can find out is that the meta name revisit-after is useless as just one Spider ever looked at this attribute.

Read the rest of this entry »

Tags: none
Tags: Google, HTML, Mark-up, SEO, Spider

Comments No Comments »

I wanted to write about Snap since I stumbled over it two weeks ago, but I hadn’t any clear position about it(For all who don’t know what it’s it displays for each outgoing, optionally also for all links, a preview how the site does look). But I got one after I read this article while I read this article I had to agree to each of the stated points. Read the rest of this entry »

Comments No Comments »

I just stumbled over one of the latest invention of Google,(ok you’re right it wasn’t released today, it’s already a while out but I found it today! :) ). The service is called Google Image Labeler, the sense behind this web app is to improve the image search results of their Image Search.
So how does it work?
Read the rest of this entry »

Comments No Comments »

Bad Behavior has blocked 2161 access attempts in the last 7 days.