Versions of WordPress from 3.0 up to 3.9.2 were discovered to contain a security vulnerability through the comment features on the site, making a large number of installs and servers vulnerable to attack. The bug was discovered by Jouko Pynnonen of the Finnish IT company Klikki Oy, indicating that the bug went unchecked for more than four years since it was introduced with version 3.0 in June 2010.
Passwords reset based on database comparison to leaked Gmail credentials
Fallout could still be on the way as a result of the collection of nearly five million Gmail username and password credentials leaked on a Russian Bitcoin forum, but for now at least one company is taking action. Automattic, the company responsible for the blogging platform WordPress, announced it has reset user passwords for more than 100,000 accounts based on the information contained in the list.
BruteProtect to be rolled into Jetpack, paid service ends to make all features free
Automattic, the company responsible for the WordPress blog platform, announced today that it acquired BruteProtect. The pick up will allow the company to strengthen security of the WordPress platform through its Jetpack service, without additional cost to users. BruteProtect started its life as a plug-in for the popular blogging software, only to expand into other areas of security, server management and premium services.
Popular page SEO plug-in open to permissions vulnerability, injected code
Wordpress users with search engine optimization (SEO) tools may want to considering doing an update, as one of the most widely used plug-ins has been found to vulnerable to attack. All in One SEO Pack, a plug-in with over 18.5 million downloads on Wordpress.com, could potentially allow for an attacker to escalate their privileges from a low-level user account, and carry out cross-site scripting attacks.
Technologist warns not to use Wordpress.com over unsecure networks
A staff technologist for the Electronic Frontier Foundation has stumbled across a cookie that Wordpress.com uses to transmit login credentials in plain text to the authentication endpoint, leaving sites open to simple hijacking attempts. Yan Zhu posted about the discovery, detailing the information about how the information in the cookie could be used to access another's site if intercepted.
WordPress announces debut of Version 3.9, refines blog management tool
Today WordPress.org announced an update to its blog management tool of the same name. Aiming to provides its users with a clearer understanding of how content will appear once published, WordPress v3.9.0 features improved editing. Its new visual editor includes increased speed, accessibility, and mobile support. Speedier access to crop and rotation tools allows for faster image editing, and images can now be uploaded by dragging and dropping from one's desktop to the editor.
Nokia starts Music+ subscription service in US for Lumia phones
Nokia has started up its Music+ subscription service in the United States, after launching in other territories in January. The subscription, costing $4 per month, expands on the existing free Mix Radio service on Lumia devices by offering an unlimited number of track skips for mixes, and allowing for downloads of multiple mixes. The audio quality is said to be eight times that of the free tier, and provides the option of allowing higher-quality streams to be played over a Wi-Fi connection compared to a lower quality over a mobile network.
TED iOS app adds subtitle support
TED has launched an update for its iOS app that provides access to the entire library of TEDTalks. With the v2.0 update users can now view subtitles in more than 90 languages directly on their device, or on external displays via AirPlay. New language specific catelogs are also included, allowing users to browse through a curated list of talks in any of the supported languages. In addition, the update claims to offer faster download speeds, improved buffering, and more profiles for different connections.
WordPress.org members also have plug-in available
With WordPress seeing 750,000 page hits per day by iPad visitors, optimization for the iOS tablet was only a matter of time. It arrived today, as Automattic and Onswipe have jointly launched iPad optimization for all 18 million WordPress hosted blogs and a plug-in for self-hosted WordPress.org sites. The design includes a loading screen, cover image and homescreen icon capability for saving a blogger's location as an app icon on the user's homescreen.
Now uses Apple's Core Data to preserve posts
Popular blogging system Wordpress has updated its free iOS version to 2.6, bringing a host of new features including a much-requested "local drafts" feature to help prevent lost entries, as well as versioning autosave option. Also included in the update is support for videos uploaded directly from the iPhone, and an expanded Media Library to accompany it.
Devs confront iPhone SDK
Developers are finding ways to cope with the harsh restrictions of Apple's iPhone SDK, writes the LA Times. The terms of the SDK include a strict non-disclosure agreement, which has generally been interpreted to mean that developers cannot discuss the SDK tools with people outside of an app's creative team, whether through e-mail, blogs, discussion boards or conferences. "We can't talk about our problems," says Jeffrey Long, a developer working on a satellite radio app. "At the same time, we can't talk about the problems we've fixed."
WordPress 1.0 for iPhone
Blogging has always been a personal thing, and it's just become even easier to post thoughts on the Web, from just about anywhere. Automattic, Inc.'s WordPress for iPhone 1.0 lets users update their blogs on the go, without having to find a laptop or a WiFi hot spot. The open source app is the first to allow iPhone and iPod Touch users to write posts, update photos and edit their WordPress blogs.