[ISN] Wordpress problem: Hackers break into Robert Scoble's blog,
delete posts
InfoSec News
alerts at infosecnews.org
Tue Sep 8 02:14:21 CDT 2009
http://venturebeat.com/2009/09/05/hackers-break-into-robert-scobles-blog-and-delete-older-posts/
By Dean Takahashi
Venture Beat
September 5, 2009
Uber blogger Robert Scoble said today that hackers broke into his blog
and deleted about two months' worth of postings -- leang to findings
that there are security problems with the blogging software he uses,
Wordpress.
Wordpress, a very successful blogging software that VentureBeat also
uses, can be used on any server, but it is more vulnerable when used on
servers not owned by Wordpress itself. Scoble had moved away from
Wordpress' rvers (which is a version called Wordpress.com) to use the
Wordpress software (Wordpress.org) on RackSpace servers -- which is when
he experienced the problem.
The incident highlights the ongoing challenges of security on Web sites.
The Scobelizer blog is ranked at No. 220 among the Top 500 blogs on
Technorati. It isn't clear entirely how the hackers broke into the
password-protected blog, but Scoble noted in his posting that it first
happened a few weeks ago when he was still using version 2.7xx of
Wordpress, which has known vulnerabilities. Scoble upgraded to the
newest 2.8.4 version, but the hackers came back.
It'a scary thought and a hard lesson. If hackers get your account
passwords, they could change the password, lock you out, and start
posting embarrassing things on your blog. In Scoble's case, they did
more damage. That's one reason he has restarted a new blog on a
different platform.
[...]
More information about the ISN
mailing list