News Wire: Cracker adds backdoor to WordPress

Kevin Yank
  • The download of WordPress 2.1.1 was compromised by a cracker that added a backdoor security hole to the blog software. Creator Matt Mullenweg: “This is the kind of thing you pray never happens, but it did and now we’re dealing with it as best we can.”
    (tags: )
  • Adobe will announce on March 27th the next major update to its suite of software applications including Photoshop, Illustrator, InDesign, Dreamweaver, Fireworks, and Flash. The new versions are slated to ship sometime in Spring 2007.
  • Security researcher David Litchfield has found a way around the permissions system that assures the security of many Oracle databases, greatly increasing the severity of a number of common SQL injection vulnerabilities that affect these systems.
  • Apache has released Tomcat 6.0.10, a new major release of the free web server that contains reference implementations of the JavaEE servlets and JSP standards. This is the first stable version to support the new Servlet 2.5 and JSP 2.1 specs.
  • Scattered reports like this one indicate that Google is testing some new advertisement types for its Adsense service.
  • A very impressive and free automated accessibility checking tool. In addition to the usual text display of issues with links to the relevant accessibility standards, it displays the checked page with highlighted areas for each of the reported issues.
  • The Open Web Application Security Project (OWASP) has updated its web application security testing guide, which is available online in Wiki for, or as a PDF or DOC download. At well over 250 pages, you could use it to start a new career in web security!
    (tags: )
  • In the same vein as DHTML Lemmings, Vox Imperium is a strategy game similar to the original Civilzation.
  • Though the explanation assumes fairly strong JavaScript knowledge, the simple script given here makes it easy to take any function and create a version that you can call later, using currently-available values for its arguments.
    (tags: )
  • Adobe will release a web-based version of Photoshop (presumably with a Flash/Flex-based user interface) within the next 6 months.
  • A candid but pleasantly rational interview with Google’s Ian Hickson (of “Sending XHTML as text/html Considered Harmful” fame) about X/HTML 5 (aka Web Applications 1.0), and the reasoning behind much of this under-development new version of HTML.
  • Opera is proposing a <video> tag for inclusion in the X/HTML 5 specification.
    (tags: )
  • Dojo’s Alex Russell demonstrates how to use undocumented support for JSON-P in the new Yahoo! Pipes service to pull information from Pipes from JavaScript running in the browser (no server-side proxy required).
  • Joe Walker, the author of the DWR Java Ajax library, points out a little-known security issue with JSON that currently affects Mozilla-based browsers, making it possible for a CSRF attack to steal private data that is accessible via a JSON request.
  • A neat little Flash/JavaScript library that will dynamically add shadows, rounded corners, rotation, and a white border to images in your page by replacing them with a Flash movie. The only downside seems to be that the browser downloads the image twice.
  • The US Patent and Trademark Office is set to launch a pilot program that will see the general public reviewing and rating patent applications on the Internet.

Got a link you’d like to recommend for the SitePoint News Wire? Great! Save the link on, and tag it for:sitepointlinks. Please include a description—it will increase the chances that we’ll select your link for the News Wire!