Tag: security
-
Security Update: WordPress MU 1.3.2
From “WordPress MU 1.3.2 | Holy Shmoly!“:
WordPress MU 1.3.2 was tagged earlier today. This is a major security update that brings together the fixes in WordPress 2.3.2 and a number of critical WordPress MU specific security problems.
-
Firefox Dialog Spoofing Vulnerability
From “Yet another Dialog Spoofing – Firefox Basic Authentication“:
Mozilla Firefox allows spoofing the information presented in the basic authentication dialog box. This can allow an attacker to conduct phishing attacks, by tricking the user to believe that the authentication dialog box is from a trusted website.
-
Release: wpDirAuth 1.1
Thanks to a lot of help from the support and development groups (special thanks to Richard and Adrian), and despite having focused on my upcoming job switch and WPhone in the last month, I finally found some time to release version 1.1 of wpDirAuth, an LDAP authentication plugin for WordPress I also maintain.
The new version adds support for more directory server configurations and vendors by supporting privileged pre-binding. It also adds a few interface and documentation tweaks, and has been tested under WordPress 2.2.x and 2.3.
-
Since I was addressing poor online busin…
Since I was addressing poor online business ethics in my last post, I might as well touch the following, as it came up while I was browsing the upcoming security stories thread on Digg.
I was googling my online trail recently, and was quite stirred that the nickname I use on a lot of online communities started showing up as a registered user of a number of social-networking-flavoured porn sites. Most of them pumping out (pardon the analogy) long lists of sites and videos one allegedly features on their profile as interesting, à la Digg et al.
I thought someone else was simply using the same moniker, but the following article and its author might just have provided me with some valuable insight: Why are my picture and name showing up on porn sites without my permission?
Thankfully, this seems limited to the user name for now, and my real name isn’t returning such search results. But it is definitely of interest to me professionally, since McGill does have, and is looking forward to further develop, people pages. We will definitely have to take this trend in consideration in the upcoming incarnation of the software and content.
-
First Facebook worm[-ish behaviour]?
A friend of mine supposedly sent me a Facebook-based invite for an FB app called Advanced Wall. It came as a notification in FB and prompted me to retrieve a message from my contact by adding the app to my profile.
‘k, I bite, since I’m in Facebook-API-craze mode for work and fun anyway and get the following, as allegedly written by my friend:
Check this out!
It’s an Advanced Wall!
You can change colors, sizes, fonts, add smilies, pictures, videos and a lot more…
Odd.. Especially from the supposed author…
First, I was just curious to know if they are using tinyMCE for the advanced editor, like WordPress and co. Evidently, I dig a bit deeper, and fire up Firebug, which as a complete aside is the most amazing piece of software. I use it everyday, and am still baffled by how efficient and powerful it all is.
So, the Javascript doesn’t look familiar and the editor’s
iframegoes to http://ai.idlestudios.com/write.php, a domain which strangely enough doesn’t respond under http://www.idlestudios.com/ or http://idlestudios.com/, and just redirects http://ai.idlestudios.com/ to the app’s description inside FB (as of 2007-07-22, ~1 AM).Odder…
Head off the the terminal:
whois idlestudios.comtells me the domain is registered to a more than likely fine fellow from the Russian Federation, which in and of itself doesn’t really imply anything.But that’s when I start noticing the ads in multiple locations around the Advanced Wall’s WYSIWYG editor. Text ads, subtly placed in the telling Facebook colour scheme. Blockbuster, icon sets, the usual.
So on to my friend’s profile I go, and what do you know? What do I see on his wall, with no other message than:
Check this out!
It’s an Advanced Wall!
You can change colors, sizes, fonts, add smilies, pictures, videos and a lot more…
Really? And it’s coming from someone else in my contact’s own friend list…
Next: Facebook » Profile » Applications » Edit » Remove
🙂
This all said, I haven’t gotten a reply from my friend yet on if he actually sent the invite in the first place (it’s late, and the invite was sent at 11:59pm), so maybe I’m just seeing things and outta get to bed. I’ll post an update here when I know more. Call me traumatized by another friend’s experience. ;PSee update below.Personally, I’m not sure I’m willing to go for this one anyway. Best case scenario, it’s gonna be MySpace all over again…
And if by any chance you receive an invite for Advanced Wall from me, you’ll at least know how it did not get there: Not-by-my-click.
Update (20:45): Well, it seems that my friend is as surprised as I was. Although he did see an option to invite his friends, he is fairly sure he canceled. Yet, the app seems to have propagated itself to his contact list. He also had the same reaction as I with the dubious first message template, and brought to light an error message he received from the app stating “there are still glitches we’re working on with the facebook team“. So worm[-ish]? Questionable interaction design? Buggy app? Plain old bad taste? I’m not a security expert by any stretch, so I’ll hold off on the labeling, but as a software developer, I say: none for me, thanks.