Having fun right now with some people. Many of them are well known but some of them are pretty unknown.
Were here with a absolut vodka bottle and energy, sprite etc. Will be nice. Hope you have a nice weekend. 
Cheers
A vulnerability in the current 2.8.3 release of the popular WordPress blogging software can be exploited remotely via a web browser to temporarily lock out administrators. The cause of the issue is an error in the web-based password reset function. Normally when a password reset is requested, the user would be sent a link to their registered email address. Once the link is clicked, the old WordPress password is removed and a new one is generated which is again sent by email.
The password reset function in the wp-login.php PHP module can be abused to bypass the first step and then reset the admin password by submitting an array to the $key variable. This can be done remotely through any web browser and no confirmation of the password reset will be sent to the admin. Laurent Gaffié first reported that the vulnerability could be used to “compromise” the admin account, but has since issued a correction advising that it could only reset the admin account and cannot be used to break into the system.
The WordPress developers have been advised of the issue and have corrected the problem in a development version of the blogging software, in which they prevent arrays from being passed in the $key variable. The fix updates wp-login.php and replaces
if ( empty( $key ) )
with
if ( empty( $key ) || is_array( $key ) )
Administrators that have already been locked out of their systems should use the “Emergency Password Reset Script“, which needs to be loaded into the root of the WordPress installation (the same directory as wp-login.php). Instructions on how to proceed can be found here: Resetting Your Password.
See also:
I’ve updated it already with the auto-update function!
Today the weather here in Germany was so nice. So I couldn’t realy make something new on my 2nd computer. I reinstalled Ubuntu (9.04 Jaunty) because there was a system crash and I wasn’t able to fix it after a aptitude dist-upgrade.
After the installation was finished I wanted to test new applications. At my work I’ve heard of a small application that makes the work with GNOME easyier – but not really faster. So I searched in my brain and the result was GNOME Do.
GNOME Do allows you to quickly search for many items present on your desktop or the web, and perform useful actions on those items.
GNOME Do is inspired by Quicksilver & GNOME Launch Box.
You can install the application with a
aptitude install gnome-do
but don’t forget the plugins
aptitude install gnome-do-plugins
You can also do this with one command: aptitude install gnome-do gnome-do-plugins
There are a few plugins available for GNOME Do. I’ve already tested the twitter plugin (follow me: http://twitter.com/ikkerus).
Thank you for reading!
Hello out there,
yesterday I registered myself at twitter.com and made my new own design. There are a few tweets out and I hope you can follow me. Twitter is a microblog-plattform where you can “tweet” sending short messages with a maximum capable number of characters (140).
So I would be pleased if you follow me. Everything will be allright then.
