___/ On Wed 10 May 2006 05:29:11 BST, [ David Chait ] wrote : \___
Eric A. Meyer wrote:
| I dunno. That's why I brought it up here, just in case there was
| a previously unknown vulnerability.
| Unless of course whatever they're doing isn't solved by the latest
| version. I'm assuming that all this isn't an obvious example of a
| widely known problem with the 1.5x series, though.
In the mean time, one safe(r) approach might be to chmod 600 edit.php
whenever you do not modify content. This will have future cracking attem-
pts logged (unlike IP-based banishment) and prevent your site from
If you really feel that's the case, and there's been no evidence to the
contrary, then I'd recommend we stop this thread, you remove the pastebin
stuff, and contact the security list. Just IMHO from other similar recent
discussions where that was the end suggestion...
I believe it's a distribution rather than a list. An E-mail to
security@xxxxxxxxxxxxx will reach Matt, Ryan and the others, once there is
proof to suggest a threat has become concrete. Possibilities to confute a
hole as it stands: weak admin password; code modification (including
plug-ins); packet sniffing/interception that led to content being
Roy S. Schestowitz, Ph.D. Candidate (Medical Biophysics)
http://Schestowitz.com | Open Prospects ¦ PGP-Key: 0x74572E8E
2:40pm up 12 days 21:37, 8 users, load average: 0.19, 0.30, 0.28
http://iuron.com - knowledge engine, not a search engine