Wordpress is simply amazing and I am loving it. I have never used any other blogging script, but this seems to be perfect for a part time blogger like me. Now the wordpress 2.5.1 has been released and available for download.

You may download wordpress 2.5.1 here

It has been published on the WordPress site that there is a serious vulnerability on the Wordpress 2.5.0 version, so everyone MUST upgrade to 2.5.1 I was just wondering what was the vulnerability that the WP is recommending everyone to upgrade to the latest version.

Version 2.5.1 of WordPress is now available. It includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update immediately, particularly if your blog has open registration. The vulnerability is not public but it will be shortly.

Finally I found that the WP 2.5.0 has a vulnerability in its registration system where an attacker can register with a specific username and generate cookies for any other chosen account, for example “admin”. Once he generates the cookies, he gets Admin privileges and can do whatever he wants. Its quite dangerous, so my suggestion to all the readers would be upgrade your Wordpress now to the latest version that claims to have fixed 70 bugs in previous version.

An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts.

This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection.

If a Wordpress blog is configured to freely permit account creation, a remote attacker can gain Wordpress-administrator access and then elevate this to arbitrary code execution as the web server user.

Check this out for references
http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-integrity.txt

Article Popularity : 89%

Well, HMTL can also be dangerous some times, I will not probably talk about how to use this trick, like others I also HATE spam, but here is the code that you can embed in comments, posts or anywhere in your profile where HTML is enabled.

<img src=”http://anysite.com/noimage.jpg” onerror=”window.location.href=’http://www.diggfish.com’;”>

Now, this takes advantage of the function called OnError which means if the image is not found (which obviously isn’t there, the image link you inserted never existed), it will redirect user to diggfish.com

Article Popularity : 44%

Have you ever wondered why some jpeg or other image files have large sizes ? Well you should take a look at images some time, you will notice that a small logo image had a size of 2 MB, wow, what the heck ! I mean that file could have a size of 5KB-10KB but how a file with simple plain graphics and no more than 100px in dimensions can have that big filesize ? here is what’s going on behind the scenes.

You can embed your video, zip, mp3 or anything within the images files

this is an old topic I know, but it can be handy sometimes, this way only the creator of the file know what he is doing and the other person is the person who will download that file transparently. I believe this technique was first introduced by some scammers / terrorists, and this is scary stuff. Ok, here is how you can do that.

First collect the file that yo want to embed / bind and the image file as well. So for example you have an ebook that you want to embed in am image file. So I will pick those 2 files (ebook.pdf and logo.jpg) and to make our life easy, I will follow these steps.

1. Create a new folder in C:\ drive called diggfish (c:\diggfish). Copy ebook.pdf (its better to zip it with Winrar) and the logo.jpg file there.

2. Open command prompt, by writing “cmd” in the “run”..
3. Go to the newly created folder by typing “cd\diggfish”, you will be taken to folder c:\diggfish
4. Type the following line there

copy /b logo.jpg + ebook.pdf logo.jpg

 That’s it. You are done, the file ebook.pdf is successfully embedded in logo.jpg, if you double click the logo.jpg you will see the image in the image viewer you are using and if you rename the file logo.jpg to logo.pdf and double click it, you will read the ebook. Handy ? Evil ?..

Article Popularity : 46%