{"id":49,"date":"2007-03-03T04:08:33","date_gmt":"2007-03-03T03:08:33","guid":{"rendered":"http:\/\/blog.blackdown.de\/2007\/03\/03\/wordpressorg-cracked-exploit-in-211-release\/"},"modified":"2016-10-29T03:51:01","modified_gmt":"2016-10-29T01:51:01","slug":"wordpress-org-cracked-exploit-in-2-1-1-release","status":"publish","type":"post","link":"https:\/\/blackdown.de\/articles\/wordpress-org-cracked-exploit-in-2-1-1-release\/","title":{"rendered":"wordpress.org Cracked, Exploit in 2.1.1 Release"},"content":{"rendered":"

As pointed out on the WordPress development blog<\/a>, a cracker gained access to the wordpress.org servers and replaced the 2.1.1 download with a modified exploitable version. The exploitable download may have been on the site for three or four days!<\/p>\n

It may be a good idea for the WordPress<\/a> developers to sign their releases with a well known and trusted PGP key. This would allow people to verify that downloaded files are really what they should be!
\nThis is a well-established practice used by other projects, for example by the Linux kernel<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

As pointed out on the WordPress development blog, a cracker gained access to the wordpress.org servers and replaced the 2.1.1 download with a modified exploitable version. The exploitable download may have been on the site for three or four days! It may be a good idea for the WordPress developers to sign their releases with
[→ Read the rest of this entry<\/a>]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[8,20],"tags":[27,21,95,100],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n