[wp-testers] WordPress 2.0.1 Remote DoS Exploit?
Robert Deaton
false.hopes at gmail.com
Fri Mar 10 01:03:35 GMT 2006
For an FYI, this "vulnerability" was reported to trac March 5th. It
was discussed on the #wordpress-dev IRC channel and it will be going
unpatched, as its attack vector is tiny (registration is off by
default), and WordPress is not the level that you should be handling
denial-of-service attacks at, especially when the amount of code to
change the exploit to using a DDOS with open proxies to kill your
database twice as bad with the registration and writes would take
about 10 minutes.
On 3/9/06, steve caturan <scaturan at negimaki.com> wrote:
> wow, that's great news!
>
> Craig wrote:
> > Matt said yesterday in #wordpress that an independent third party was
> > evaluating the changes made in 2.0.2 to ensure that they in fact work as
> > designed.
> >
> > Craig.
> > _______________________________________________
> > wp-testers mailing list
> > wp-testers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-testers
> >
> >
> >
>
>
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>
--
--Robert Deaton
http://somethingunpredictable.com
More information about the wp-testers
mailing list