Matt Mullenweg reported the following:
Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.
Here are two quick steps to avoid unnecessary risks:
Turn off user registration
This one is simple. Just log in to your administrator screen and visit the “General Settings” screen (listed under Settings) and make sure the checkbox labeled “Anyone can register” is not checked.
Block access to your blog’s admin area
This can be accomplished with simple authentication.
If your site runs on Apache, you can create an .htaccess file in your /wp-admin/ directory to require authentication before the page is displayed. This post provides the necessary steps.
Accelerometers, drywall and a suppressed .22 caliber Ruger Mark III make for an interesting combination, and a potentially great training system.
Posted in Video
|
Tagged Geeks, Guns, Video Game
|
I just read an article by Ben Forta on the new features of ColdFusion 9. Here is my initial take on them.
What I Like
- I’m really excited about CF9′s support for Object Relational Modeling. I think thorough testing must take place to make sure it scales properly under load. I imagine it’s solid since it’s based on Hybernate, but I’ve seen a few promising ORM frameworks flame out before they had a chance to be adopted due to their inability to scale.
- Access to server variables is also good. There is nothing worse than having to create service initializer hacks to pre-cache components in a clustered load balanced environment (think 4 physical boxes with 7 instances each) after server/instance restarts.
- Multi-server admin tools. Enough said.
- Although I prefer to code JavaScript applications separately from CFML, I am glad Ext-JS (3.0) continues to be the official JavaScript framework that ships with ColdFusion.
Not so Hot
I don’t think the new “local” scope adds any value. It seems we’re trying to hard to allow people to write inefficient code by being careless about scoping. Using “var” is fine with me as it is similar across multiple languages. “local” will just add another thing to remember when coding in CFML.
The Jury is Still Out
I’d like to get more testing done with the IDE, ColdFusion Builder, before making up my mind. I’ve been a fan of Aptana, the Eclipse-based IDE, for working with my favorite JavaScript frameworks, PHP and HTML/CSS. I hope the tool is both capable and fast, which has been tough to achieve with Flex Builder.
ColdFusion 9 and ColdFusion Builder Now Available on Labs
