WordPress Cross-Site Scripting Vulnerability
27 March 2007
Since this Blog is powered by Wordpress, the news from Secunia is increasing my awareness about this Blog’s security. It says:
WordPress “PHP_SELF” Cross-Site Scripting Vulnerability
Description:
A vulnerability has been discovered in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the “PHP_SELF” variable is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
The vulnerability is confirmed in version 2.1.2. Other versions may also be affected.
Solution:
Reportedly fixed in versions 2.0.10-RC2 and 2.1.3-RC2.
Provided and/or discovered by:
Independently discovered by Alexander Concha and Jungsonn.
Changelog:
2007-03-27: Added CVE reference.
Original Advisory:
http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt
Fortunately this vulnerability is not critical and the solution is available. I will wait until stable version of 2.1.3 released and upgrading this Blog after that. Meanwhile I will be more careful with my browser’s cookies and always logout after I finish working on this Blog.
Posted On news, WordpressSpam Protection For My Daily Thoughts
23 March 2007I must admit that I have accidentally deleted one legitimate comment because I’m so annoyed with spam, …sorry about that guys. Since increasing spam attack in the last two day I have deleted 20 - 60 spams every 4 hours and to make it easy, I just skimming the caught spam and press delete all. Unfortunately on my last action one legitimate comment was deleted, I realized about it just after pressing delete button.
As I explain on this post, My Daily Thoughts was protected by two anti spam plugin. The first is Math Comment Spam Protection which ask you simple mathematic question before you can post comment. But since this anti spam failed to block all nasty spam, I added Akismet to improve protection.
For several Days this anti spam worked very nice and effectively blocked all spam, until today when I find a spam comment appeared. I think the weakest protection was on trackback comment, and I have to improve it immediately. Finally I make decision to use Simple Trackback Validation Plugin for my protection. Hopefully those three layer of protection could improves My Daily Thoughts robustness against the spam.
Posted On Knowledge
Increasing Traffic For Your Blog
20 March 2007
The ultimate target for Blog publisher like me is receiving a huge traffic stream of visitor. No matter where it comes either from search engine or from social network, but it should come anyway. Because only with visitor your Blog can achieve all target intended before. If nobody reading your Blog instead of you then it will be useless to open it for public. Perhaps you can just make it private. But if you intended to share your experience… then increasing traffic is a must to do.
However for a new Bloger, increasing traffics is the first big challenge to overcome before success in Blogsphere. I know many people write about Increasing Traffic on their Blog including Steve Paulina. I cited several points from his article about Building a High Traffic Website (or Blog):
To read more… »
1 2 3 4 and Start Writing Like Hemingway
19 March 2007
Sometimes I got stuck when I want to write on this blog, it was not because lack of idea but mainly because I don’t know how to write down my idea properly. My mother tongue is not English so I have to think twice before I write, first in my own language then I must translates it to English in my head. Perhaps you have noticed this from my writing style. Therefore I need an easy way to pass my ideas into a written sentence.
Recently I read article from Brian Clark on his Copyblogger about Hemingway’s writing style. He said that Ernest can teach us about effective writing. It sounds easy to do, but can I write in such a Hemingway’s way is another issue. But at least you know how Hemingway wrote his works.
- Use short sentences. The good example of this rule, when he was challenged to tell an entire story in only 6 words: For sale: baby shoes, never used.
- Use short first paragraphs. I admit that my first paragraph of this post is not a good example, you should use shorter model
- Use vigorous English.. I’m learning to write on that way…. I hope someday I could acquired fast amount of vigorous vocabulary and use it to express my feelings
- Be positive, not negative.. I like this idea… since positive thinking will improve your positive attitude as well as reducing stress.
- Never have only 4 rules.. Ouch…. Brian you leave me in darkness…
Personality Tests For You
16 March 2007
Taking personality tests sometimes could help you to better understand your personal character. By figuring out your strength and weakness it even could help you to stay out of stress and to enjoy your life. Ideally this test should be taken by psychologist. But if you want only a rough data of your personality. You can try out Imagini VisualDNA quiz..
Pick one of the picture that you like and you feel best and just click on it. You will be asked several question to measure whole aspects of your character. Answer the questions well and be presented with a set of results to analyze your personality. It’s pretty cool
I have compared this test with similar personality test from BBC What Am I Like. But the later test from BBC looks a little bit boring since it doesn’t give you many picture and only a lots of text description. Pictures makes VisualDNA quiz easier to understand, and the results is presented to you in a nice design as well.
Posted On Daily Thoughts, Knowledge, Personality Test, Popular, Self HelpPages (28): « First ... « 11 12 13 14 15 16 17 18 19 [20] 21 22 23 24 25 26 27 28 »
