Tag: integrity

  1. Webloggers be warned: Wordpress v2.1.1 is compromised!

    05 March 2007

    A recent emergency bulletin from Matt of the Wordpress weblogging software project is highly distressing to say the least: someone cracked one of the project's servers and inserted a pair of backdoors into v2.1.1, which make it possible for a malicious user to remotely execute aribitrary code on the server hosting a Wordpress blog.

    What I want to know is this: Why wasn't the Wordpress project at the very least posting hashes of the distribution archives, or PGP/GPG signing the archives and posting detached signatures for the files? Looking at the Wordpress download page shows a pair …

    Read more...