[wp-forums] Security expert posting exploits

Jan Dembowski jan at dembowski.net
Wed Jan 30 22:39:26 UTC 2013 

Good Evening Julio! I was sure that you subscribed to this list.

I personally do not have any issue with your posting plugin notifications
like that. Others may chime in in that topic.  ;)

If it's a critical plugin vulnerability then yes, please report the issue
to plugins at wordpress.org. I think you can tell the difference between XSS
and being able to write and execute arbitrary code on demand on a WordPress
installation...

The hire proposal was the "Not Good" part and I'm glad you won't do it
again.

Thanks,

Jan Dembowski

On Wed, Jan 30, 2013 at 5:28 PM, Julio Potier - BoiteaWeb <
juliobosk at gmail.com> wrote:

> Hello
>
> In past, "you" told me that i can post it to the author, then to
> plugins at wp.org, now do not post, for real, what is the thing ?
>
> For the hire proposal, sorry, i won't do it again.
>
> Thank you
>
> 2013/1/30 Jan Dembowski <jan at dembowski.net>
>
> > On Wed, Jan 30, 2013 at 5:09 PM, Mark Ratledge wrote:
> >
> > > User "I'm Julio Potier, Web Security Consultant and WordPress Expert "
> is
> > > posting that plugins have security holes, i.e.
> > > http://wordpress.org/support/topic/security-issue-22?replies=1
> > > http://wordpress.org/support/topic/security-flaws?replies=1
> > >
> >
> > He does that. I think I've asked him in the past to contact that plugin
> > authors more directly and he'd replied that the plugin author is not
> > reachable. Just publicly notifying like that isn't bad really IMHO.
> >
> >
> > > and posting for hire
> > >
> >
> http://wordpress.org/support/topic/my-website-is-showing-hacked-message-what-should-i-do?replies=3&view=all
> > >
> > > http://wordpress.org/support/profile/juliobox
> >
> >
> > Now THAT'S bad and I've b'coded his account for now.
> >
> > He didn't even try to post the standard "what to do if you've been
> hacked"
> > reply. It's a self-help forum and while we do sometimes reply with "seek
> > professional help" he really should have at least made the effort first
> > instead of zipping in "i'm Web Security Consultant, you can hire me".
> >
> > I think this came up a couple of days ago and I agree with Mika: trying
> to
> > help people out and pointing out that you do that sort of work is
> > not necessarily a bad thing. But you really need to assist in the forums
> > first or at least exhaust some of the self-help alternatives. It's not
> just
> > going through the motions, the volunteer work should be primary and
> > self-promotion a distant second.
> >
> > Thanks,
> >
> > Jan Dembowski
> > _______________________________________________
> > wp-forums mailing list
> > wp-forums at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-forums
> >
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
>

More information about the wp-forums mailing list