Although I still believe what I wrote in which I said that the use of wp_nonce in the last steps of the Wordpress Automatic Upgrade plugin is an unnecessary precaution, I am puzzled why it did not work. According to Mark’s post on nonces, it sounds like in theory this "number use once" should still [...]
Entries from April 2008
More Thought on numbers used once(i.e. nonce)
April 27th, 2008 · No Comments · Security, WordPress
Tags:
WordPress › Wordpress Automatic upgrade « WordPress Plugins
April 26th, 2008 · 3 Comments · CSS/WebDesign, WordPress
I have been using this plugin for almost a year. When it works it is great! When I upgraded to WordPress 2.5 I started having a problem with the final two steps, reactivating the plugins and going to the final page. Before I could activate the plugins I had to upgrade the data base. Then [...]
Cutline 1.3 Released | Cutline Theme for WordPress
April 26th, 2008 · No Comments · CSS/WebDesign, WordPress
I upgraded to WordPress 2.5.1 today and my old theme broke. I have been looking at Cutline for some time but I have not been motivated enough to commit the time. Today I had the motivation. I am really pleased that I had it ready to go in about thirty minutes.
Cutline 1.3 Released | Cutline [...]
WordPress 2.5 Secret_Key Vulnerability
April 17th, 2008 · No Comments · Security, WordPress
Wow, I did not know about this security feature in 2.5. I did not have the ‘SECRET_KEY’ defined since my WordPress sites were upgrades. Since I prefer to follow the Secure WordPress recommendations and missed that section in the paper, I added a random key to all of my sites. The key does not cause [...]
Expanding a RAID1 array with bigger disk drives
April 12th, 2008 · No Comments · SBS2K-SBS2K3
Problem: You have an existing RAID1 array and now you need more disk space. You have purchased two identical 300 GB disk drives to replace the existing 147 GB disk drives. What is the quickest way to replace the disk drives with the least amount of down time?
Answer: This week I ran into a situation [...]
Tags: SBS
ISS X-Force Database: icmp-timestamp(322): ICMP timestamp requests
April 5th, 2008 · No Comments · Security
A PCI audit point I saw recently recommended that servers not respond to ICMP timestamp requests. For externally based web servers this probably means asking your host provider to implement a rule on their router to block ICMP packets type 13 or 14 with a code of 0. I haven’t tried this but this should allow normal maintenance packets(e.g. ping) and prevent echo tests using timestamp requests.
.htaccess changes can break LiveWriter
April 2nd, 2008 · No Comments · CSS/WebDesign
Recently I changed some of my sites to not use the "www" on the front of the URL. It was a little tricky but I got it working right. The first part is to change WordPress to use shorter URL. The second part of the change was to modify the .htaccess file. I found that [...]
Tags: livewriter·webdesign
Server 500 error, Codeplex, and ISA 2004
April 2nd, 2008 · No Comments · SBS2K-SBS2K3
I recently tried to visit Codeplex and got a an error page with a Server 500 error. It did not take too long to figure out that there was a configuration problem on my firewall, ISA 2004. There were several proposed fixes but the one that worked for me I found on a Techarena forum [...]
BlogSecurity » Blog Archive » WPIDS v0.1.2 officially released
April 1st, 2008 · No Comments · Security, WordPress
Recently while upgrading my WordPress blogs I installed WPIDS 0.1.2. WPIDS is a Intrusion Protection System, which is based upon the Intrusion Detection System PHPIDS. It is a nice plugin for those curious about WordPress security. In theory this should improve the security of my blogs.
For the last couple of days I have been [...]
