WordPress 2.5 SECRET_KEY and SALT Cracking Vulnerability

SECRET_KEY is the new addition to wordpress Security which is introduced in the WordPress 2.5. SECRET_KEY is used to secure WordPress Cookies. But an attacker can use this Key to intrude the WordPress system. In a recently found vulnerability discovered by xiam and published in Security Focus shows that an attacker can get into the system through this technique.
[Read more...]

WordPress 2.5 SECRET_KEY

The New WordPress 2.5 has intoduced a security feature for wordpress cookies called SECRET_KEY. It will make cookies secure against attacks where someone has hacked into your database via an SQL injection exploit. SECRET_KEY is defined in the wp-config-sample.php file like this :

// Change SECRET_KEY to a unique phrase. You won’t have to remember it later,
// so make it long and complicated. You can visit http://api.wordpress.org/secret-key/1.0/
// to get a secret key generated for you, or just make something up.
define(’SECRET_KEY’, ‘put your unique phrase here’); // Change this to a unique phrase.

[Read more...]

WordPress 2.5.1 Security Fix

WordPress has recently released their 2.5.1 version with some security fixes and over 70 annoying bug fixes according to their say. Allgeeks.info is currently upgraded to the new version 2.5.1 and I am fully satisfied with the new upgraded wordpress system. It is really cool. If you still haven’t updated your wordpress I will suggest you to do so as soon as possible and enjoy the new features and secured wordpress system. You will get the latest version of WordPress here :
[Read more...]

Msplinks.com Good for Myspace Bad for Spammers and SEO


Myspace.com has recently taken link redirection approach to track down link spamming in their Social space. You will notice links in profile and comments posted in Myspace are converted automatically to http://www.msplinks.com/ .

Example: http://www.msplinks.com/MDFodHRwOi8vd3d3LmFsbGdlZWtzLmluZm8v

When first introduced there were some misconceptions came up about this automatic link conversion which spread like wild fire throughout Internet. We will try to talk about some of them to know the facts.

[Read more...]

Myspace Train of Password stealers

I wish everybody knows what is Myspace Trains are. Here some words for those who doesn’t have any idea about Myspace Trains -

Myspace Train is a Technology used by the myspace users to create more friends. The users are not known to each other. They just have a friend adding spree. So they participate in the Process. In their language “Do you want to be famous in Myspace – Join the Train”

So what you have to do to get into a Train?

You have to add every persons in the Train (A page of links where the links lead to add a person). When you are finished adding all the friends then you have to put your myspace friend id in a input box and join. Done!

[Read more...]

Myspace SWF Hack – it works

Myspace users can use SWF (Flash movies) to make their Layout. But Flash movie can be more than a simple animation. It has the ability to do action. This is called Action Scripting. While you are viewing someone’s Profile with Animated Flash movie your profile data’s like your email address and password can be hijacked from your cookie and saved in a place in behind.

I have recently came through a Digg story published by kinematic where he mentioned the Myspace hack technique. He actually decompiled a SWF file in Myspace to see it’s action script which revealed the secret of the hacking. It is advanced Javascript called AJAX which was used to hack.

[Read more...]