SECRET_KEY is the new addition to wordpress Security which is introduced in the WordPress 2.5. SECRET_KEY is used to secure WordPress Cookies. But an attacker can use this Key to intrude the WordPress system. In a recently found vulnerability discovered by xiam and published in Security Focus shows that an attacker can get into the system through this technique.
(more…)
Posts Tagged ‘Security’
WordPress 2.5 SECRET_KEY and SALT Cracking Vulnerability
Friday, May 2nd, 2008WordPress 2.5.1 Security Fix
Wednesday, April 30th, 2008WordPress has recently released their 2.5.1 version with some security fixes and over 70 annoying bug fixes according to their say. Allgeeks.info is currently upgraded to the new version 2.5.1 and I am fully satisfied with the new upgraded wordpress system. It is really cool. If you still haven’t updated your wordpress I will suggest you to do so as soon as possible and enjoy the new features and secured wordpress system. You will get the latest version of WordPress here :
(more…)
Myspace SWF Hack – it works
Saturday, June 23rd, 2007Myspace users can use SWF (Flash movies) to make their Layout. But Flash movie can be more than a simple animation. It has the ability to do action. This is called Action Scripting. While you are viewing someone’s Profile with Animated Flash movie your profile data’s like your email address and password can be hijacked from your cookie and saved in a place in behind.
I have recently came through a Digg story published by kinematic where he mentioned the Myspace hack technique. He actually decompiled a SWF file in Myspace to see it’s action script which revealed the secret of the hacking. It is advanced Javascript called AJAX which was used to hack.