Monthly Archives: July 2011

WordPress 3.2.1

After more than a million downloads of WordPress 3.2, we’re now releasing WordPress 3.2.1 into the wild. This maintenance release fixes a server incompatibility related to JSON that’s unfortunately affected some of you, as well as a few other fixes in the new dashboard design and the Twenty Eleven theme. If you’ve already updated to 3.2, then this update will be even faster than usual, thanks to the new feature in 3.2 that only updates files that have been changed, rather than replacing all the files in your installation.

For a full list of fixes, view the changelog the list of tickets. Our release haiku:

JSON, the admin
A little bit tidier
Edge cases covered

Download 3.2.1 or update now from the Dashboard → Updates menu in your site’s admin area.

CybercrimeThree

Facebook and Social Promiscuity

17 Replies

Last month a botnet infected more than four million PCs. “The way peer-to-peer is used will make it extremely hard to take down this botnet,” said Roel Schouwenberg, senior malware researcher at Kaspersky. What threats do these attacks present, and how can we avoid them?

Phishing

For anyone who suffered from this attack, the threat is serious. Your private data may have been compromised, including credit card and bank account information, so watch out for money being moved unexpectedly out of your accounts. These “phishing” attacks are behind many of today’s identity theft cases.

Protection

So how can you avoid being a victim of phishing? The first, and most obvious action is to make sure that your software, especially the operating system, is up-to-date and has the latest security features installed. With Microsoft Windows, for example, you can allow automatic updates to your computer.

There are two problems with automatic updates, though. The first is that security against viruses, worms, trojans and botnets can only be supplied after the malware has been detected in the wild. In other words, until somebody else gets infected nobody knows the malware exists.

Apart from the delay this causes, the second problem is that sometimes the good guys goof. Occasionally – not frequently – the Microsoft patches cause more problems for your computer. You might do better to subscribe to a service that tests the patches before you install them manually.

Of course, that raises two more problems: first, additional delays, and second spending your own time messing around with installing patches rather than getting on with serious computing! You’re between a rock and a hard place. In case you think this only a Windows problem, malware Mac attacks have been increasing lately, so the rest of this article applies to you Apple users, too. (If you are using Windows, I suggest you subscribe to the Windows Secrets newsletter service.)

Facebook

Clearly, the best idea is to avoid contracting the infection in the first place. As with safe sex, avoiding promiscuity is the most effective way of avoiding infection. Social media can be powerful, but social promiscuity is dangerous.

Facebook promiscuity is a major source of infection. Do you get requests from friends using various apps that want to connect to your Facebook data? These are often (not always) phishing attacks.

When an app asks to connect to your Facebook data, it doesn’t just mean your public data: anybody can see that, of course. No, they are looking also for your e-mail address and your Facebook password, as well as other private information, such as birth date and family members that you may have included. Since Facebook doesn’t throw away your information, any data you have ever supplied is theoretically accessible.

Given your friend list, the malware can now send out spurious phishing messages to all your friends. And if any of them respond (because they think you’re asking them to) their private data is also available. If you, or anybody you “friend” on Facebook, uses their Facebook e-mail address and password anywhere else, that data is now available to the cybercriminals: once they get in, they have everything they need to access credit card and bank accounts, for example.

Precautions

So how do you protect yourself? There are a few simple steps you can take: as with safe sex, the more precautions you take, the safer you are.

The easiest step is to use a different password for Facebook than you use anywhere else. I know, this is a pain, and gives you one more password to remember, but it’s like using a condom for safe sex. You might also consider other social sites similarly, but Facebook is the one that has been most subject to attack recently.

The second precaution is to avoid rogue apps. When I get a message that wants me to use an app I’m not familiar with, I just block it. If you hover over the message, you’ll find a little “X” appears in the top right corner of the message, giving you several options, one of which is to block the app.

The third is to be careful who you’re friends with. The temptation is to be friends with everyone, but unless you have a serious common interest there isn’t really much point in making a person your Facebook friend. And anyone who keeps sending me requests from social apps I unfriend immediately.

Conclusion

I trust you were not hit by the recent botnet, and hope this post has given you some useful information on how to stay out of trouble in the future. Let me know if you have found it helpful. Stay safe out there, and avoid social promiscuity!

WordPress 3.2 now available

Here in the U.S. we are observing Independence Day, and I can’t think of a more fitting way to mark a day that celebrates freedom than by releasing more free software to help democratize publishing around the globe. I’m excited to announce that WordPress 3.2 is now available to the world, both as an update in your dashboard and a download on WordPress.org. Version 3.2 is our fifteenth major release of WordPress and comes just four months after 3.1 (which coincidentally just passed the 15 million download mark this morning), reflecting the growing speed of development in the WordPress community and our dedication to getting improvements in your hands as soon as possible. We’re dedicating this release to noted composer and pianist George Gershwin.

Before we get to the release, in anticipation of the State of the Word speech at the upcoming WordCamp San Francisco (the annual WordPress conference) we’re doing a survey or census of the WordPress world. If you have a moment, please fill out this survey and we’ll share what we learn by publishing the aggregate results in August.

The focus for this release was making WordPress faster and lighter. The first thing you’ll notice when you log in to 3.2 is a refreshed dashboard design that tightens the typography, design, and code behind the admin. (Rhapsody in Grey?) If you’re starting a new blog, you’ll also appreciate the fully HTML5 new Twenty Eleven theme, fulfilling our plan to replace the default theme every year. Start writing your first post in our redesigned post editor and venture to the full-screen button in the editing toolbar to enter the new distraction-free writing or zen mode, my personal favorite feature of the release. All of the widgets, menus, buttons, and interface elements fade away to allow you to compose and edit your thoughts in a completely clean environment conducive to writing, but when your mouse strays to the top of the screen your most-used shortcuts are right there where you need them. (I like to press F11 to take my browser full-screen, getting rid of even the OS chrome.)

Under the hood there have been a number of improvements, not the least of which is the streamlining enabled by our previously announced plan of retiring support for PHP4, older versions of MySQL, and legacy browsers like IE6, which allows us to take advantage of more features enabled by new technologies. The admin bar has a few more shortcuts to your most commonly-used actions. On the comment moderation screen, the new approve & reply feature speeds up your conversation management. You’ll notice in your first update after 3.2 that we’ll only be updating the files that have changed with each new release instead of every file in your WordPress installation, which makes updates significantly faster on all hosting platforms. There are also some fun new theme features shown off by Twenty Eleven, like the ability to have multiple rotating header images to highlight all of your favorite photos.

There is way more, like our new freedoms and credits screens (linked from your dashboard footer), so for the full story check out the Codex page on 3.2 or the Trac milestone which includes the 400+ tickets closed in this release.

A Community Effort

We now finally have a credits page inside of WordPress itself (though a cool revision is coming in 3.3), but for posterity let’s give a round of applause to these fine folks who contributed to 3.2:

Aaron Brazell, Aaron Campbell, Aaron Jorbin, Adam Harley, Alex Concha, ampt, Andrew Nacin, Andrew Ozz, andrewryno, andy, Austin Matzko, BenChapman, Ben Dunkle, bluntelk, Boone Gorges, Brandon Allen, Brandon Burke, Caspie, cfinke, charlesclarkson, chexee, coffee2code, Cristi Burcă, daniloercoli, Daryl Koopersmith, David Cowgill, David Trower, demetris, Devin Reams, Dion Hulse, dllh, Dominik Schilling, Doug Provencio, dvwallin, Dylan Kuhn, Eric Mann, fabifott, Franklin Tse, Frumph, garyc40, Glenn Ansley, guyn, hakre, hebbet, Helen Hou-Sandi, hew, holizz, Ian Stewart, Jacob Gillespie, Jane Wells, Jayjdk, Jeff Farthing, Joachim Kudish, joelhardi, John Blackbourn, John Ford, John James Jacoby, JohnONolan, Jon Cave, joostdevalk, Jorge Bernal, Joseph Scott, Justin Sternberg, Justin Tadlock, kevinB, Knut Sparhell, kovshenin, Kuraishi, Lance Willett, linuxologos, lloydbudd, Luc De Brouwer, marcis20, Mark Jaquith, Mark McWilliams, Martin Lormes, Matías Ventura, Matt Martz, Matt Thomas, MattyRob, mcepl, mdawaffe, Michael Fields, MichaelH, michaeltyson, Mike Schroder, Milan Dinić, mintindeed, mitchoyoshitaka, Mohammad Jangda, mrroundhill, natecook, nathanrice, Niall Kennedy, Nick Bohle, Nikolay Bachiyski, nuxwin, Otto, pavelevap, pete.mall, Peter Westwood, Prasath Nadarajah, Ptah Dunbar, Rafael Poveda, Rahe, Ramiy, Rasheed Bydousi, Reuben Gunday, Robert Chapin, Ron Rennick, Ross Hanney, Ryan Boren, Ryan Imel, Safirul Alredha, Samir Shah, saracannon, sbressler, Sergey Biryukov, shakenstirred, Sidney Harrell, Simon Prosser, sorich87, szadok, tetele, tigertech, trepmal, Utkarsh Kukreti, valentinas, webduo, Xavier Borderie, Yoav Farhi, Ze Fontainhas, and ziofix.

Bonus: On their WordPress.org profiles over 20,000 people have said they make their living from WordPress. Are you one of them? Don’t forget to take a minute for our survey.