revjim.net

October 4th, 2004:

mail call

Oct 4th, 2004
by Jim Reverend.
No comments yet

It’s dark outside. Quite dark. No moon even. And our streetlights aren’t that bright. So, I went out to check the mail. There was quite a nice stack. I couldn’t see into the back of the box, so I reached my hand in to make sure there were no other papers in there. I felt something fuzzy. I wasn’t sure what it was, but I decided I didn’t want to find out. I went inside and started opening mail. The last thing I opened was a catalog, folded in half.

I unfolded it to find a *HUGE*, *GIANT*, *FUZZY* black *SPIDER* inside… with big white spots on it’s head. I quickly refolded the catalog and threw it on the table. Then I killed the spider. A lot. Like… a really, really, whole lot. I must have hit it (through the magazine) at least 15 times.

I’m not sure what the catalog was for, but I don’t really care any more. From now on, I check the mail in the daylight.

WordPress Vulnerablities

Oct 4th, 2004
by Jim Reverend.
No comments yet

It appears that “Security vulnerabilities have been found in WordPress, the popular PHP-based open source blogging application. Some scripts in WordPress are not properly validated, leaving the program open to cross-site scripting (XSS) attacks in which third parties could insert content into a WordPress-driven site.”. [via "PHPDeveloper":http://www.phpdeveloper.org/index/2485]

WordPress is a mutated version of cafelog, which is now defunct. And cafelog had some of “the most poorly written code I’ve ever seen”:http://revjim.net/item/3955/. So, the fact that these vulnerabilities have been found in WordPress, doesn’t really surprise me. As “I’ve stated before”:http://revjim.net/item/9467/, the codebase really is atrocious.

Yes, features are important. And usability is important. But with terrible code behind all those good features and excellent usability, everything becomes slower, dirtier, and more complicated. Dirty and complicated almost never equate to a secure application. I mean, With so many people working on a single project, it’s difficult to be certain that user supplied data is being treated properly, authentication is being performed in all the needed places, and that the application is wholly secure.

If you’re a WordPress user, be on the look-out for an update in the near future, and be sure to upgrade as soon as it’s released. Hopefully, the developers understand this terrible code enough to be able to locate the source of the problems quickly and come up with a good, well-thought solution.