menu

Advertising

Problems at Wordpress could mean malicious plugins - while Dropbox admits it failed to enforce passwords for logins for four hours on Tuesday.

Dory Carr-Harris, PSFK
  • 23 june 2011

Powered by Guardian.co.uk
This article titled “WordPress.org plugins hacked, Dropbox lets its passwords down” was written by Charles Arthur, for guardian.co.uk on Wednesday 22nd June 2011 17.03 UTC

From the WordPress.org (that is, the code development site, not the blog hosting site, which is WordPress.com):

Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.

We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)

They also offer standard good advice:

As a user, make sure to never use the same password for two different services, and we encourage you not to reset your password to be the same as your old one.

Second, if you use AddThis, WPtouch, or W3 Total Cache and there’s a possibility you could have updated in the past day, make sure to visit your updates page and upgrade each to the latest version.

WordPress has had similar problems in the past, including an occasion when a fake “new” version was rolled out with a backdoor in it.

Meanwhile Dropbox, the digital locker service, has had to face the fact that it broke its own authentication system for four hours on Tuesday – which meant that anyone could log in to anyone else’s account. Dropbox says that it thinks only 1% of people logged into accounts in that time, though of course it doesn’t know if they were the ones who were meant to log in to them.

Many people might say “no harm done – all that’s happened is that someone might stick some files in your Dropbox.” Yes, or read them. Or, as someone suggested, stick a malware-infected file in. It’s a bad lapse for Dropbox. There’s enough hacking going on as it is without this.

guardian.co.uk © Guardian News & Media Limited 2010

Published via the Guardian News Feed plugin for WordPress.

Advertising
Trending

Lyft Gives Free Rides To Those Who Have Had Too Much To Drink

Advertising
Syndicated Yesterday

Banned Books Week Urges People To Seek Out Controversial Works

Joining the annual celebration of the right to read, US author Jessica Herthel called for 'more information, more voices' to protect diversity

Augmented & Virtual Reality Yesterday

Outdoor Camp Presented In 360° VR By X Games Gold Medalist

The video features campers riding BMX trails, zip lining through the woods, and performing big-air jumps

Trending

Get PSFK's Related Report: Future of Automotive

See All
Travel Yesterday

Boeing Wants Passengers To Control Their In-Flight Experience Through Their Phones

The airline manufacturer is embracing automation through a new generation of mobile travel apps

Augmented / Virtual Reality Yesterday

VR Surgery Videos Offer Interactive Medical Education

Dutch startup MDLinking hopes to globalize communication between students and medical care professionals with virtual reality content

Related Expert

Catherine Balsam-Schwaber

Brand Storytelling, TV Entertainment

Culture Yesterday

Use Twitter To Learn A New Language

tDict is an app that uses the social media platform to help you search for words in local dialects

Mobile Yesterday

This Startup Wants To Digitize The Loose Coins In Your Pocket

CoinOut is a new app that lets you save your extra change from cash transactions as electronic funds

Advertising Yesterday

McDonald’s Is Accepting Trash As Currency In Exchange For Burgers

An initiative in Stockholm is trying to keep streets clean while satisfying hunger

PSFK LABS REPORT

Future Of Automotive
Scenarios Driving The Digital Transformation Of An Industry
NEW

PSFK Op-Ed september 23, 2016

Productivity Expert: The Magic Of The Five-Hour Workday

Stephan Aarstol, Founder of Tower Paddle Boards, explains why the modern notion of office hours needs to evolve

PSFK Labs september 22, 2016

The Future Of Work: Why Innovation Is Every Employee’s Job

PSFK Labs sits down with management at Johnson & Johnson to learn how the company comes up with their next ‘big idea’

Culture Yesterday

Google Is Using Virtual Paper Airplanes To Bring People Closer Together

The tech giant released an app that lets people throw their good wishes out into the world on the International Day of Peace

Advertising Yesterday

Get Paid For Traveling In San Francisco After Rush Hour

BART Perks rewards commuters who take early or late trains by giving them extra points to trade for money

Culture Yesterday

Artist Designs Covers For Books That Don’t Exist

Published by the fictional 'Specious Books,' the subversive works facilitate a conversation regarding the artistic integrity of graphic designers

Work Yesterday

Editorial Roundtable: The Arrival Of The People-First Workplace

Managed By Q, Soma, Workbar, Primary, AltSchool and thinkPARALLAX enumerate the reasons why companies need an employee-embracing workforce in order to exist

Food Yesterday

Bringing Food Innovation To America’s Crowded Milk Market

a2 Milk's Blake Waltrip, Chief Executive of the USA region, discusses how the distributor plans on bringing the popular drink for the dairy-sensitive to the States

PSFK LABS REPORT

Future Of Work
Cultivating The Next Generation Of Leaders
NEW

Financial Services Yesterday

Device Makes Digital Currency Feel Tangible

The concept gadget wants you to experience the highs and lows of spending money

Design & Architecture Yesterday

Why Building Better Offices Is The Key To Employee Engagement

Interaction Designer and Audio-visual Technologist at ESI Design illustrates the value in creating environments filled with surprise and delight

Augmented / Virtual Reality Yesterday

NBC Is Planning To Stream The Presidential Debates In Virtual Reality

Partnering with AltspaceVR, the broadcaster offers another way for Americans to engage with the election season

No search results found.