[wp-forums] Security expert posting exploits
Jan Dembowski
jan at dembowski.net
Wed Jan 30 22:22:36 UTC 2013
On Wed, Jan 30, 2013 at 5:09 PM, Mark Ratledge wrote:
> User "I'm Julio Potier, Web Security Consultant and WordPress Expert " is
> posting that plugins have security holes, i.e.
> http://wordpress.org/support/topic/security-issue-22?replies=1
> http://wordpress.org/support/topic/security-flaws?replies=1
>
He does that. I think I've asked him in the past to contact that plugin
authors more directly and he'd replied that the plugin author is not
reachable. Just publicly notifying like that isn't bad really IMHO.
> and posting for hire
> http://wordpress.org/support/topic/my-website-is-showing-hacked-message-what-should-i-do?replies=3&view=all
>
> http://wordpress.org/support/profile/juliobox
Now THAT'S bad and I've b'coded his account for now.
He didn't even try to post the standard "what to do if you've been hacked"
reply. It's a self-help forum and while we do sometimes reply with "seek
professional help" he really should have at least made the effort first
instead of zipping in "i'm Web Security Consultant, you can hire me".
I think this came up a couple of days ago and I agree with Mika: trying to
help people out and pointing out that you do that sort of work is
not necessarily a bad thing. But you really need to assist in the forums
first or at least exhaust some of the self-help alternatives. It's not just
going through the motions, the volunteer work should be primary and
self-promotion a distant second.
Thanks,
Jan Dembowski
More information about the wp-forums
mailing list