[wp-testers] WordPress 2.0.1 Remote DoS Exploit?

[SilverCircle]

> Lurk a while or browse the list archives and you'll find that most
> WordPress devs are not enamored with captchas because they impose
> barriers to usability.

While there is a point in this argument, it's not really a big deal.
If someone really wants to register (for whatever reason), he will
most likely invest the few seconds needed to type that code. Also,
most people who frequently use online systems such as forums or blogs
are familar with that method today.

And it could be made optional and default to off.

> Let me just reiterate that this DOS effect is not an exploit or
> security concern, it does not stem from a weakness in WordPress and
> the application is not going to be built to handle problems that
> belong to lower-level processes such as the web server.

True. I consider this a pretty "lame" thing and that few lines of perl
code aren't worth the diskspace on secfocus. Obviously, the main
reason behind the whole thing is to gain popularity by "hacking" a
very popular online software. They could have choosen any other blog
software or system with "easy" registration, but doing that with the
most popular one does make some sense.