menu

Advertising

Problems at Wordpress could mean malicious plugins - while Dropbox admits it failed to enforce passwords for logins for four hours on Tuesday.

Dory Carr-Harris, PSFK
  • 23 june 2011

Powered by Guardian.co.uk
This article titled “WordPress.org plugins hacked, Dropbox lets its passwords down” was written by Charles Arthur, for guardian.co.uk on Wednesday 22nd June 2011 17.03 UTC

From the WordPress.org (that is, the code development site, not the blog hosting site, which is WordPress.com):

Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.

We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)

They also offer standard good advice:

As a user, make sure to never use the same password for two different services, and we encourage you not to reset your password to be the same as your old one.

Second, if you use AddThis, WPtouch, or W3 Total Cache and there’s a possibility you could have updated in the past day, make sure to visit your updates page and upgrade each to the latest version.

WordPress has had similar problems in the past, including an occasion when a fake “new” version was rolled out with a backdoor in it.

Meanwhile Dropbox, the digital locker service, has had to face the fact that it broke its own authentication system for four hours on Tuesday – which meant that anyone could log in to anyone else’s account. Dropbox says that it thinks only 1% of people logged into accounts in that time, though of course it doesn’t know if they were the ones who were meant to log in to them.

Many people might say “no harm done – all that’s happened is that someone might stick some files in your Dropbox.” Yes, or read them. Or, as someone suggested, stick a malware-infected file in. It’s a bad lapse for Dropbox. There’s enough hacking going on as it is without this.

guardian.co.uk © Guardian News & Media Limited 2010

Published via the Guardian News Feed plugin for WordPress.

Advertising
Trending

Japanese Face Wash Creates A Perfect Rose Every Time

Arts & Culture
Mobile Today

Get A Better Idea Of How You Are Wasting Your Time

The TouchTime app is trying to revolutionize personal task management by providing detailed insight on how to be more efficient

Culture Today

London Telephone Box Repurposed As A Tiny Mobile Repair Shop

Tools and supplies to replace broken screens or damage are neatly stowed away in these micro-workrooms

Trending

Get PSFK's Latest Report: Future of Retail: Technology Primer

See All
Design Today

Conceptual Sportswear Created Out Of Futuristic Condom Material

A Dutch fashion designer is experimenting with new methods and fabrics to make high performance clothing

PURPLELIST EXPERTS

Chris O’Shea

Creative Technologist

Syndicated Today

Would You Wear Wool Shoes To Save The Environment?

As demand for wool shoes grows, a number of US footwear brands are heading directly to the source: the sheep pastures of New Zealand

Sustainability Today

Self-Healing Material Is Fashioned Out Of Squid Teeth

Penn State researchers have devised a new textile that uses organic proteins

Arts & Culture Today

Search Engine Turns Your Own Drawings Into Photos

This image-matching software accepts hand-made sketches instead of keywords

PSFK LABS REPORT

Future Of Work
Cultivating The Next Generation Of Leaders
NEW

PSFK Op-Ed august 24, 2016

Why Building Better Offices Is The Key To Employee Engagement

Interaction Designer and Audio-visual Technologist at ESI Design illustrates the value in creating environments filled with surprise and delight

PSFK Labs Yesterday

PSFK’s Workplace Vision: How The Nurturing Of Seeds Will Come To Define The Onboarding Process

Our Future of Work vision is a service that allows companies to assemble and deliver welcome packets that are uniquely focused on the concept of growth

Arts & Culture Today

Illustrator Interprets The Experiences Of Blind Travelers

Artist Alby Letoy creates drawings of poignant travel memories for the visually impaired

Advertising Today

Clickbait Titles Used For The Good Of Charity

An agency devised an unlikely campaign that uses clickbait as a positive force to drive awareness to nonprofit initiatives

Advertising Today

The Best In Eye-Catching Olympics Campaigns

PSFK rounds out the Rio Games with our picks for the best advertising moments off the field

Work Today

Editorial Roundtable: The Arrival Of The People-First Workplace

Managed By Q, Soma, Workbar, Primary and thinkPARALLAX enumerate the reasons why companies need an employee-embracing workforce in order to exist

Arts & Culture Today

Transforming Light Waves Into A New Art Form

An artist uses glass treated with layers of metallic coatings to create a unique installation called lightpaintings

INSIGHTS COVERAGE

Rio Olympics
Innovation Coverage From The Rio Games
READ NOW

Design Today

This Windbreaker Lets You Explore The Outdoors While Charging Your Phone

The apparel includes solar panels that allow the wearer to stay connected through the power of renewable energy

Asia Today

The Goal Of This Game Is To Not Get Laid Off From Your Job

A hit mobile app has you working really, really hard to not get fired as you climb the corporate ladder

Advertising Today

Movie Critic Bot Guides Viewers Through Festival Offerings

The Toronto International Film Festival has created a Facebook Messenger chatbot to help attendants curate their schedule

No search results found.