WordPress Charset SQL Injection Vulnerability
Posted on 2007-12-10 • (1)
As promised in previous post (in Chinese, sorry), here is the full advisory of WordPress SQL injection vulnerability I have mentioned. Excerpt below:
[......]
WordPress 去死吧
Posted on 2007-12-08 • (0)
我大概會在短時間內將這個貼上 full-disclosure 和 bugtraq:
想知道圖中那個 e10adc3949ba59abbe56e057f20f883e 作表甚麼嗎?拿這個數字去 www.xmd5.net 查一查,就知道我架設這個測試用的 WordPress 時使用甚麼密碼了。
單從這[......]
早知如此,何必當初
Posted on 2007-11-29 • (5)
不明白這個為何會是新聞了,人人都知道香港電子證書從來無人用,即使有人用,那些不是無知得可憐的笨蛋就是嫌錢多的闊少。為甚麼?
就先拿個人電子證書來說,假設沒有它,對於日常生活有甚麼影響?無。電子證書可不像八達通,為生活帶來實質上的方便(可以帶少些硬幣和紙幣,也可稍稍減少去提款機的次數);可能用郵政局的[......]
Wordpress exploit 又來了,真是……
Posted on 2007-09-15 • (0)
昨天從某個 security 的網站看到這個 WordPress exploit,只能讚不絕口,因為它根本是將以往所有 WordPress 版本的 exploit 集大成於一身,由最早的 1.5 版本至最近的 2.2.2,全部都有方法攻破。
日日為 web application 追新版本真是很辛苦[......]
Official: WordPress default theme translation is forbidden
Posted on 2007-09-06 • (1)
Whether WordPress default theme can be translated, this issue keeps popping up once in a while. While many translators want to make it usable for most people in the world, Matt Mullenweg resisted this idea with plain blank refusal. Well, at least there is a final answer now.
[......]
“民協電郵遭黑客入侵”?
Posted on 2007-09-01 • (3)
今天回家看看新聞:
- 第一個令我留意的是 mybeNi websecurity 報告有個 list 有各地大使館和政府部門的 email 和密碼;
- 然後看看明報,這個標題立即搶眼:「(Continue reading…)
Shame shame shame
Posted on 2007-08-28 • (3)
I start to feel shameful for using WordPress — or put it precisely, having Matt Mullenweg as the leader. See this WordPress ticket for detail.
N[......]