WordPress 2.8.4: Security Release
In case you didn’t notice, WordPress 2.8.4 is out. This security release is supposed to fix a vulnerability that was made public yesterday. It allowed an attacker to bypass a security check to verify a user requested a password reset using a specially crafted URL.
As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
[ via ]
Mozilla: Plugin Check for all browsers May 11 2010SecBrowsing: Keep your browser and plugins up-to-date. Apr 25 2010
Gmail, Security and the vulnerability in SSL/TLS protocol Jan 13 2010
WordPress 2.9 and the global undo feature Dec 19 2009
WordPress 2.8.5 – The hardening release Oct 21 2009