[wp-hackers] Plugin update & security / privacy

Moritz 'Morty' Strübe morty at gmx.net
Sun Sep 23 21:10:38 GMT 2007

Matt Mullenweg schrieb:
> Moritz 'Morty' Strübe wrote:
>> I know this will not change until Monday, but is it really necessary to
>> transmit the URL?
> Your blog URL and version has been sent by default for 4+ years to
> every ping service in the world, including Ping-O-Matic, every time
> you make a post. Of course you can turn that off, just like you can
> turn update notification off, but statistically no one does.
> The only new information being sent by the update checker is PHP
> version and a list of plugins. If you don't like that feature, please
> install a plugin to disable it:
> http://wordpress.org/extend/plugins/disable-wordpress-core-update/
> http://wordpress.org/extend/plugins/disable-wordpress-plugin-updates/
> Of course don't forget the WP dev blog and planet RSS feeds, and most
> importantly the incoming links feed which ALSO transmits your blog URL.
> I would also recommend disabling the updates in Mac OS X, Firefox,
> Windows, Thunderbird, Adobe Photoshop, and any other third-party
> applications you have. As all of those are tied to your personal IP
> and not your server IP they have far more implications for privacy.

I think you didn't get my point. This is not about what I write, but
what information gets collected at one point and whether I can decide
about that. Of course I have an interest in spreading my word. And I
already said that it is no problem being listed on google. It's the
combination of Plugins + Versions + Url.

>> If that database
>> gets public and you find a security bug in one of the plugins - there
>> are enough - you can start a _very_ effective attack!
> Such an attack would not be more effective, it would just be more
> efficient. Historically, however, scripts that attack against
> WordPress don't bother checking the version or if a plugin is there or
> not, they just seek out every WP blog and check the specific
> capability or vulnerability.
Well it will also be more effective, because less people will notice.
And yes you are right it will be more efficient, something that is
probably worth a bit of money.

> Nevertheless, we're beefing up the infrastructure and security of
> WordPress.org, which Barry is working on right this instant. In 2
> years of running WordPress.com and Akismet, two extraordinarily
> high-visibility targets, there has never been a problem on a server
> Barry set up. The only problems we've had (once on WP.org, once on
> PhotoMatt) have been things I set up, and I'm not setting up these new
> ones. :)
NSA, CIA, FBI, NASA, all thought their systems are safe. And if there is
nothing to loose there is nothing to bother. And as I said. I have no
problem with collecting data, but with being able to relate them.

> I think this feature is actually going to dramatically improve the
> security of WordPress overall. We all saw the survey that 95% of WP
> blogs were vulnerable. That didn't even look a plugins. I think the
> survey was flawed, but you still can't deny that for most people
> knowing there is an update and actually updating just doesn't happen,
> and this is a necessary first step. 
I'm with you.

> If the only "trade-off" is sending an ALREADY PUBLIC blog URL to
> wordpress.org, then great!
Once again. It's not about the blog-URL, its about the relationship
BlogURL & plugins & their versions. Blogurl | plugins & their versions
is no problem with me.


More information about the wp-hackers mailing list