5 posts • joined 9 Jan 2009
Imagine a Beowulf cluster of those!
Sorry, sorry, this just hasn't been said in a long time, has it?
I'll get my coat.
TimThumb is not a WordPress plugin.
It is more commonly a part of themes and other WordPress plugins, so you won't know that your TimThumb is out of date. You have to trust that the WordPress plugin creators provide an updated version.
Unfortunately, many of the plugins and themes using TimThumb are commercially paid editions which are not managed directly by WordPress' own plugin database, you download and install them semi-manually or fully manually.
Also, these plugins and themes rarely publish which TimThumb version they use, they don't publish security advisories or notes regarding their products, and and and.
Nevermind that the entire concept of TimThumb is b0rken, technically speaking. :)
Generally, allowing pluggable PHP code is a Bad Thing security wise.
And we never did!
That is, at home we started with a 5 MB HDD connected to the dual-drive IBM PC. We never managed to fill that disk, and couldn't see how it would even be possible.
Later, we upgraded to an IBM PC XT with a 10 MB HDD, and then we filled it, of course. :)
Yes, Flash 10 is vulnerable.
The link IS in the advisory that El Reg links to, but the iDefense advisory sucks royally.
"iDefense has confirmed the existence of this vulnerability in latest version of Flash Player, version 220.127.116.11. Previous versions may also be affected."
Well, that's not the latest version of Flash Player, not by a long mile. This marks down iDefense as an unreliable source for advisories in my book.
It's not as if botnets ...
... have much CPU power available for massively parallel computing, now is it?
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs