SECRET_KEY is the new addition to wordpress Security which is introduced in the Wordpress 2.5. SECRET_KEY is used to secure Wordpress Cookies. But an attacker can use this Key to intrude the Wordpress system. In a recently found vulnerability discovered by xiam and published in Security Focus shows that an attacker can get into the system through this technique.
Continue Reading »
Author Archives for
WordPress 2.5 SECRET_KEY and SALT Cracking Vulnerability
Wordpress 2.5 SECRET_KEY
The New Wordpress 2.5 has intoduced a security feature for wordpress cookies called SECRET_KEY. It will make cookies secure against attacks where someone has hacked into your database via an SQL injection exploit. SECRET_KEY is defined in the wp-config-sample.php file like this :
// Change SECRET_KEY to a unique phrase. You won’t have to remember it later,
// so make it long and complicated. You can visit http://api.wordpress.org/secret-key/1.0/
// to get a secret key generated for you, or just make something up.
define(’SECRET_KEY’, ‘put your unique phrase here’); // Change this to a unique phrase.
Wordpress Automatic Upgrade Plugin
Wordpress Automatic Upgrade (WPAU) is a plugin that automatically upgrades your wordpress version to the latest Wordpress Version provided by wordpress.org. The plugin is designed and maintained by Keith Dsouza of Tech Buzz. For your knowledge WPAU won a Wordpress Plugin Competition in the Past year organised by Weblog Tools Collection.
Continue Reading »
Wordpress 2.5.1 Security Fix
Wordpress has recently released their 2.5.1 version with some security fixes and over 70 annoying bug fixes according to their say. Allgeeks.info is currently upgraded to the new version 2.5.1 and I am fully satisfied with the new upgraded wordpress system. It is really cool. If you still haven’t updated your wordpress I will suggest you to do so as soon as possible and enjoy the new features and secured wordpress system. You will get the latest version of Wordpress here :
Continue Reading »
Indian Data Entry Industry of Myspace Profile Creation
There is no doubt that indian man power is cheap in price. Lot of Companies in the world are outsourcing their data entry jobs to India. So What’s new in this Industry?
Recently I was browsing Digital point forum and found this service offer “Cheap Myspace Accounts Creating”
I will offer new service for creating myspace accounts..
I offered it before but now am offering it with different and cheaper prices
Msplinks.com Good for Myspace Bad for Spammers and SEO
Myspace.com has recently taken link redirection approach to track down link spamming in their Social space. You will notice links in profile and comments posted in Myspace are converted automatically to http://www.msplinks.com/ .
Example: http://www.msplinks.com/MDFodHRwOi8vd3d3LmFsbGdlZWtzLmluZm8v
When first introduced there were some misconceptions came up about this automatic link conversion which spread like wild fire throughout Internet. We will try to talk about some of them to know the facts.
Myspace Train of Password stealers
I wish everybody knows what is Myspace Trains are. Here some words for those who doesn’t have any idea about Myspace Trains -
Myspace Train is a Technology used by the myspace users to create more friends. The users are not known to each other. They just have a friend adding spree. So they participate in the Process. In their language “Do you want to be famous in Myspace - Join the Train”
So what you have to do to get into a Train?
You have to add every persons in the Train (A page of links where the links lead to add a person). When you are finished adding all the friends then you have to put your myspace friend id in a input box and join. Done!
Myspace SWF Hack - it works
Myspace users can use SWF (Flash movies) to make their Layout. But Flash movie can be more than a simple animation. It has the ability to do action. This is called Action Scripting. While you are viewing someone’s Profile with Animated Flash movie your profile data’s like your email address and password can be hijacked from your cookie and saved in a place in behind.
I have recently came through a Digg story published by kinematic where he mentioned the Myspace hack technique. He actually decompiled a SWF file in Myspace to see it’s action script which revealed the secret of the hacking. It is advanced Javascript called AJAX which was used to hack.
Unblock Myspace everywhere
It is easy to unblock myspace where it is blocked. You can use a Proxy server to access Myspace. But most of the cases Proxy servers are not highly anonymous. The best way still now is using a Web based Proxy servers.
What is a Web based Proxy Server?
Web based Proxy server is no different than a simple webpage as we see regularly. But it has a script which let you browse other website through it. So your Local ISP, the website you are browsing can’t detect your actual identity. You become fully anonymous. In some places some websites are banned to be accessed by the minors. You can use Web based Proxy servers to access the website in that place.
Wordpress and Technorati Tags
Wordpress doesn’t have any Tagging solution by default. So you have to use a wordpress plugin to get the tagging functionality. Wordpress codex provides a big list of plugin for tagging functionality. You will find it here. Some of the well known Tagging Plugins are UTW (Ultimate Tag Warrior), Jeromn’s Keyword.
But after some digging I have found something much simpler and effecient. It is Simple Tagging. First created by Michael and transferred to Amaury Balmer (Administrator of Wordpress Franch). Now the Page for the plugin is here.
Continue Reading »