— Jürgen Kreileder / Software Engineer and Consultant Sat, 29 Oct 2016 01:51:01 +0000 en-US hourly 1 5303222Jürgen Kreileder/jk-rss.jpg/144114Software Engineer and Consultant wordpress.org Cracked, Exploit in 2.1.1 Release /articles/wordpress-org-cracked-exploit-in-2-1-1-release/ /articles/wordpress-org-cracked-exploit-in-2-1-1-release/#comments Sat, 03 Mar 2007 03:08:33 +0000 http://blog.blackdown.de/2007/03/03/wordpressorg-cracked-exploit-in-211-release/ [→ Read the rest of this entry]]]> As pointed out on the WordPress development blog, a cracker gained access to the wordpress.org servers and replaced the 2.1.1 download with a modified exploitable version. The exploitable download may have been on the site for three or four days!

It may be a good idea for the developers to sign their releases with a well known and trusted PGP key. This would allow people to verify that downloaded files are really what they should be!
This is a well-established practice used by other projects, for example by the Linux kernel.

]]> /articles/wordpress-org-cracked-exploit-in-2-1-1-release/feed/ 2 49