Asides – David's Church Information Technology

KISS: Keep It Short and Sweet

David Szpunar — Sun, 17 Jun 2007 18:00:05 +0000

An excellent warning for me as I try and keep my rambling ways under control, from email to blog posts:
“I didn’t have time to write a short letter, so I wrote a long one instead.”
â€”Mark Twain

Dell and Google pull Bad Deal

David Szpunar — Sat, 26 May 2007 16:57:58 +0000

Dell is packaging software (arguably spyware) that forces users to go through Google for search especially for typos, with all above-the-fold results being ads.Â This software is separate from the Google Toolbar and more difficult to get rid of.Â Based solely on the post about this over at OpenDNS, I’m not very happy with this Dell/Google packaging deal.Â It appears to go well beyond reasonable packaging of software with a computer.Â This is the first I’ve heard of it, and I’m hoping I never get to see it in action.

WordPress 2.1.1 Dangerous, upgrade!

David Szpunar — Sun, 04 Mar 2007 04:55:14 +0000

The official WordPress development blog is reporting that WordPress version 2.1.1 was compromised by a malicious hacker and anyone who downloaded that version in the past several days needs to upgrade immediately to version 2.1.2. Many more details at that link; I checked the two files they mentioned (feed.php and theme.php in the wp-includes folder) and I got one of the infected versions! If you do a “diff” and compare an infected file with one from the 2.1.2 download the infected line becomes obvious. The vulnerability, as far as I can tell, allows an attacker to easily execute any command on the system that’s allowed by the user PHP is running as by using a specially (but easily) crafted query string. Don’t try it on me, I just patched :-) The new version fixed a but I was getting in the administration area where I couldn’t add new categories on the fly while writing a post, which is a nice added bonus.

Thanks to a post from security blogger Martin McKeay that was my first warning!