Internet Babel

A new WP exploit has been reported- and a new release (2.6.5) issued to address it:

“The system does not properly filter HTML code from user-supplied input in the ‘HTTP_HOST’ header parameter before displaying the input. A remote user can submit a specially value to cause arbitrary scripting code to be executed by the target user’s browser. The code will originate from the site running the WordPress software and will run in the security context of that site. As a result, the code will be able to access the target user’s cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The vulnerability resides in ‘wp-includes/feed.php’ and ‘wp-includes/version.php’.

Only systems running on IP-based virtual servers with Apache 2.x are affected.

Jeremias Reith reported this vulnerability.

Impact:  A remote user can access the target user’s cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.”

Recommend that you upgrade your installations of WP.

Introducing Prologue. This is Matt Mullenweg’s answer to a Twitter alternative. Of course Matt had some help, that’s where the clever software developers of Automattic come in.

Twitter is a self-confessed inspiration for this new semi-platform. It’s really just another WordPress installation with a new undertone.

Here’s a screenshot of Prologue:

If you click on that screenshot, you’ll be taken to a demo.

Prologue allows you to post messages, tagged n all about what you’re up to. There is RSS feeds for everything: posts, comments, tags and authors.

I have personally never used Twitter.

Not out of choice just never actually been bothered to go on there, know of it. Will check it out now I’ve seen this new launch which was inspired by it though.

For the rest of this weekend I’ll be posting purely on WordPress. I say it ‘begins’ as in now but realistically it began with my last post – WordPress Users: Backup Your Blog.

I just decided to make it into a little event since I have some more posts to come on it.

That’s anything from cool new plugins to top themes to security leaks.

So from now until Monday, if you’re WordPress user which I imagine most of you are. Look out for some great posts on WP!