SECRET_KEY is the new addition to wordpress Security which is introduced in the WordPress 2.5. SECRET_KEY is used to secure WordPress Cookies. But an attacker can use this Key to intrude the WordPress system. In a recently found vulnerability discovered by xiam and published in Security Focus shows that an attacker can get into the system through this technique.
(more…)
Archive for the ‘Security’ Category
WordPress 2.5 SECRET_KEY and SALT Cracking Vulnerability
Friday, May 2nd, 2008WordPress 2.5.1 Security Fix
Wednesday, April 30th, 2008WordPress has recently released their 2.5.1 version with some security fixes and over 70 annoying bug fixes according to their say. Allgeeks.info is currently upgraded to the new version 2.5.1 and I am fully satisfied with the new upgraded wordpress system. It is really cool. If you still haven’t updated your wordpress I will suggest you to do so as soon as possible and enjoy the new features and secured wordpress system. You will get the latest version of WordPress here :
(more…)
Msplinks.com Good for Myspace Bad for Spammers and SEO
Thursday, June 28th, 2007
Myspace.com has recently taken link redirection approach to track down link spamming in their Social space. You will notice links in profile and comments posted in Myspace are converted automatically to http://www.msplinks.com/ .
Example: http://www.msplinks.com/MDFodHRwOi8vd3d3LmFsbGdlZWtzLmluZm8v
When first introduced there were some misconceptions came up about this automatic link conversion which spread like wild fire throughout Internet. We will try to talk about some of them to know the facts.
Myspace Train of Password stealers
Saturday, June 23rd, 2007I wish everybody knows what is Myspace Trains are. Here some words for those who doesn’t have any idea about Myspace Trains -
Myspace Train is a Technology used by the myspace users to create more friends. The users are not known to each other. They just have a friend adding spree. So they participate in the Process. In their language “Do you want to be famous in Myspace – Join the Train”
So what you have to do to get into a Train?
You have to add every persons in the Train (A page of links where the links lead to add a person). When you are finished adding all the friends then you have to put your myspace friend id in a input box and join. Done!
Myspace SWF Hack – it works
Saturday, June 23rd, 2007Myspace users can use SWF (Flash movies) to make their Layout. But Flash movie can be more than a simple animation. It has the ability to do action. This is called Action Scripting. While you are viewing someone’s Profile with Animated Flash movie your profile data’s like your email address and password can be hijacked from your cookie and saved in a place in behind.
I have recently came through a Digg story published by kinematic where he mentioned the Myspace hack technique. He actually decompiled a SWF file in Myspace to see it’s action script which revealed the secret of the hacking. It is advanced Javascript called AJAX which was used to hack.