[wp-testers] WordPress 2.0.1 Remote DoS Exploit?
Roy Schestowitz
wp-lowtraffic at schestowitz.com
Fri Mar 10 13:08:18 GMT 2006
___/ On Fri 10 Mar 2006 06:34:55 GMT, [ Robert Deaton ] wrote : \___
> On 3/10/06, Craig <nuclearmoose at gmail.com> wrote:
>> So, you're saying this isn't a vulnerability?
>
> No more of a vulnerability than the fact that I can visit your front
> page a kajillion times in rapid succession from more than one computer
> all at the same time.
As I said in wp-hackers, if brute-force attacks finally count as
vulnerabilities, expect more of the same after the release of 2.0.2. To
quote:
,----[ Snippet ]
| 2) "Compromise by an extended Brute Force attack is not a CVE
| vulnerability." (Brute Force Exception)
|
| [...]
|
| 3) "A denial of service in a client that is easy to recover from, is
| not a CVE vulnerability." (Client-Side Denial of Service Exception)
`----
Source: http://www.cve.mitre.org/board/archives/1999-07/msg00146.html
___/ On Fri 10 Mar 2006 06:36:31 GMT, [ Craig ] wrote : \___
> So if you did that, and I had AdSense, I'd be rich, right? :^)
That is yet another growing concern:
http://news.bbc.co.uk/1/hi/technology/4787474.stm
which, among other malice, leads to:
http://www.whatistheword.com/story/Money_722.html
Don't expect attackers to make *you* richer. However, some of them can drain
the competition out of money, which benefits Webmasters in the process.
More information about the wp-testers
mailing list