By John Gruber
Jiiiii — Free to download, unlock your anime-watching-superpowers today!
Matt Mullenweg on WordPress security:
Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it. I’m talking about this not to scare you, but to highlight that this is something that has happened before, and that will more than likely happen again.
And:
There is only one real solution. The only thing that I can promise will keep your blog secure today and in the future is upgrading.
Robert Scoble:
A few weeks ago some hackers broke into my blog here (this was before 2.8.4 was released). At first I thought they just left some porn sites in a couple of blog entries. So we upgraded Wordpress (I was on 2.7× back then). Deleted a fake admin account. Deleted the porn sites. And thought we had solved the problem. We didn’t.
They broke back in, but this time they did a lot more damage. They deleted about two months of my blog.
All versions other than the very latest are apparently susceptible. I have to wonder when WordPress users will start switching to some other platform.