Comments on: working with wordpress, and other lessons in software selection http://www.newrambler.net/lisdom/228 Laura Crossett on the LIS domain Sun, 29 Jan 2012 17:07:19 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: steve http://www.newrambler.net/lisdom/228/comment-page-1#comment-96974 steve Fri, 26 Feb 2010 22:22:59 +0000 http://www.newrambler.net/lisdom/?p=228#comment-96974 You cannot believe how long ive been looking for something like this. Scrolled through 6 pages of Google results and couldnt find anything. Quick search on bing. There you are!.... Really gotta start using that more often You cannot believe how long ive been looking for something like this. Scrolled through 6 pages of Google results and couldnt find anything. Quick search on bing. There you are!…. Really gotta start using that more often

]]> By: laura http://www.newrambler.net/lisdom/228/comment-page-1#comment-66573 laura Thu, 28 Aug 2008 14:05:15 +0000 http://www.newrambler.net/lisdom/?p=228#comment-66573 Okay, that begins to make more sense. I guess I just needed some examples to get the picture. "It leaves your site vulnerable," while true, is not very descriptive for internet newbies like me. Okay, that begins to make more sense. I guess I just needed some examples to get the picture. “It leaves your site vulnerable,” while true, is not very descriptive for internet newbies like me.

]]> By: Steve Lawson http://www.newrambler.net/lisdom/228/comment-page-1#comment-66561 Steve Lawson Thu, 28 Aug 2008 04:40:24 +0000 http://www.newrambler.net/lisdom/?p=228#comment-66561 I think the WP for libraries group is a great idea, and while it's not exactly my thing, I'll be keeping an eye on what goes on. You say : <blockquote>If someone can explain to me what exactly the security threat of running old software is, I’d appreciate it greatly. I know it’s a threat; I just don’t know why or what sorts of bad things could happen because of the holes in the software.</blockquote> I'm sure there are people who can explain this better than I, but here goes. The problem is that no software is perfectly secure, and the older the version of the software is, the more likely it is that the imperfections are known. Bad guys that know the imperfections exploit them, while the good guys patch them, resulting in a new release that eliminates that known problem. Here is <a href="http://smackdown.blogsblogsblogs.com/2008/03/23/new-wordpress-233-exploitvulnerability-adds-spam-directory-wp-content1/" rel="nofollow">an example of a WP 2.3 exploit</a> that your site would apparently be open to. This sounds awfully similar to something that happened to an un-updated Movable Type installation I once had, where mysterious directories crammed full of spammy junk appeared. In short, your site can end up hosting files that are malicious, spammy, or that send people to malicious sites. And it can take a while to notice that. I think the WP for libraries group is a great idea, and while it’s not exactly my thing, I’ll be keeping an eye on what goes on.

You say :

If someone can explain to me what exactly the security threat of running old software is, I’d appreciate it greatly. I know it’s a threat; I just don’t know why or what sorts of bad things could happen because of the holes in the software.

I’m sure there are people who can explain this better than I, but here goes. The problem is that no software is perfectly secure, and the older the version of the software is, the more likely it is that the imperfections are known. Bad guys that know the imperfections exploit them, while the good guys patch them, resulting in a new release that eliminates that known problem.

Here is an example of a WP 2.3 exploit that your site would apparently be open to. This sounds awfully similar to something that happened to an un-updated Movable Type installation I once had, where mysterious directories crammed full of spammy junk appeared. In short, your site can end up hosting files that are malicious, spammy, or that send people to malicious sites. And it can take a while to notice that.

]]>