[wp-hackers] Fw: webloog.com

ifelse wordswithstyle at gmail.com
Sat Oct 15 00:50:36 GMT 2005


> "Scott - can you please post the holes you found publicly?"
As Matt has said,  any security issues with WordPress should be sent to
security at wordpress.org and not to the public lists (as stated at
http://wordpress.org/about/contact/).

On 15/10/05, Ric Johnson <RicJohnsonIII at hotmail.com> wrote:
> To the Wordpress team:
>
> As I am not a php expert, I did not validate the claims.  I thought this was
> the place to air concerns of this nature.
>
> This has nothing to the OpenDomain program - I just received an email from a
> user of one of the domains.  I did find another person to support this WPMU
> community, and they have not found any problems.
>
> Here is the original email I received from Scott Skykes.
>
> -----------------------------
> Hey Ric,
>
> Just letting you know i am halting webloog.com service.  A friend of mine
> that does security detection and repair for corporations told me of some
> nasty holes in the wordpress MU program.  Within the 10 minutes he looked he
> found 13 holes to get into the server...who knows how many more there are.
> I had to let my host know about the access he did on the server so they are
> making me end the program asap also i dont want the potential of someone
> killing my host and other sites i run.
>
> If you have someone else wanting to use the site i would highly suggest
> giving it to them...it's got a really high ranking right now so it would be
> good for someone to take over.  I will keep the database just in case you
> need it for any reasons.
>
>
> Thanks Ric...i'll be notifing wordpress.org of the security risks.
>
> ~Scott Sykes~
> ---------------------------------------------
>
> Scott - can you please post the holes you found publicly?
>
> -----------------------------------------
>
>
> ----- Original Message -----
> From: "Matt Mullenweg" <m at mullenweg.com>
> To: <wp-hackers at lists.automattic.com>
> Sent: Friday, October 14, 2005 7:42 PM
> Subject: Re: [wp-hackers] Fw: webloog.com
>
>
> > Chris Lott wrote:
> >> Without getting into whatever politics and domain squatting or
> >> whatever else is going on, the security audit that was performed here
> >> appears to point to holes in the WPMU code (at least that is the
> >> implication of the letter). Is this true? Are these concerns being
> >> addressed?
> >
> > I have not received any security details or information, so I'm inclined
> > to call this crying wolf until we do.
> >
> > --
> > Matt Mullenweg
> >  http://photomatt.net | http://wordpress.org
> > http://pingomatic.com | http://cnet.com
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


--
Phu
http://ifelse.co.uk


More information about the wp-hackers mailing list