FlishFun.com

I decided to bite the bullet and upgrade to WordPress 2.7b3.  In a word… beautiful.  They’ve completely redesigned the dashboard and it makes the entire thing seem very modern.

You can download the Beta here:

WordPress 2.7 Beta 3

Here is some info about it (new features, at least):

• XMLRPC Comments API (Ticket 7446)
• Keyboard shortcuts for comment moderation (Ticket 7643)
• Sticky Posts (Ticket 7457)
• Theme update api, like we do for plugins (Ticket 7519)
• Dashboard and write box rearranging (write box in trunk)
• One-click plugin installs (Ticket 6015)
• Reply to comments from admin (Ticket 7435)
• Core updating (Ticket 5560)
• Frame-like method for moderating ping/trackbacks
• Plugin browser embedded (Ticket 6015)
• PHPXref hosted on WordPress.org
• Separate Large and Full image sizes, related improvements (Ticket 7151)
• Comment threading (Ticket 7635)
• Comment paging
• Batch and inline editing (Ticket 6815)
• HTTPOnly cookies
• Column hiding for all management pages
• Post box hiding for all edit pages
• Upgrades and install over SFTP
• Template Tag wp_page_menu wrapper for wp_list_pages and support for Home page (Ticket 7698)

So far I don’t seem to be having any issues, so, fingers crossed!!

WordPress 2.6.3 is out, I’ve updated, and all seems well in the world!  Hooray for progress!

Updated to WordPress 2.6.2… seems there’s a big issue with previous versions:

Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand().  With his help we worked around these problems and are now releasing WordPress 2.6.2.  If you allow open registration on your blog, you should definitely upgrade.  With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.  Stefan Esser will release details of the complete attack shortly.  The attack is difficult to accomplish,  but its mere possibility means we recommend upgrading to 2.6.2.

Other PHP apps are susceptible to this class of attack.  To protect all of your apps, grab the latest version of Suhosin.  If you’ve already updated Suhosin, your existing WordPress install is already protected from the full exploit.  You should still upgrade to 2.6.2 if you allow open user registration so as to prevent the possibility of passwords being randomized.

Go download now!

Speaking yesterday at the Black Hat Security Conference in Las Vegas, Microsoft has now introduced a new group of security related programs that share advanced information with partners about upcoming security threats.

As many in the tech industry know, within hours, and sometimes minutes of monthly security patches being released, exploits are already booming for the security holes fixed by these updates. The Microsoft Active Protections Program (MAPP) will allow security software providers to provide protection to their customers quickly and effectively.

“The introduction of these new programs helps address evolving online threats and provides more practical guidance to assess and manage risk,” said Andrew Cushman, director of security response and outreach at Microsoft. “In the race between exploit and protection, Microsoft is committed to shifting the advantage to the security industry. The Microsoft Active Protections Program gives security software providers the information and resources they need to help better protect customers.”

read more | digg story