By John Gruber
1Password — Secure every sign-in for every app on every device.
Matt Mullenweg responds to Wincent Colaiuta regarding the security-related bugs in recent WordPress releases:
The SQL problem in 2.2 requires both registration to be enabled (off by default) and the blog to be upgraded to 2.2. It is a serious problem but I’ve heard of fewer than 5 exploits from the flaw. Even if you assume there are 100 blogs for every one we heard about, that’s still an incredibly small percentage of the millions of WordPresses out there, especially considering, as Wincent points out, the problem has been in the public for a while now.
★ Saturday, 23 June 2007