For my own reference - it might be useful for ideas for you too.
Not all of these are free, but the majority are.
If you host your own Wordpress then take note - there’s a php exploit on the loose that’s taken out several well known SEO blogs. Advice is to update to Wordpress 2.0.7 right now. You have no excuse if you’re compromised because you have been warned!
Updated 23rd Jan: there’s a shiny new Wordpress v2.1 that’s just been released - I recommend you upgrade to this, which includes the fix I mentioned below, along with a host of minor and not so minor changes (e.g. database performance caching)
If you don’t know how to upgrade to the latest version it’s quite easy:
That was easy, right?
Technorati Tags: Wordpress, php exploit, Wordpress 2.0.7, how to upgrade
Thanks to Jason for the heads-up - it seems that my Wordpress 2.0 blogs are vulnerable to the exploit listed in Wordpress issue #3142, but the effect is relatively minor.
Every logged in user can spy out the metadata of all other users by typing in the URL /wp-admin/user-edit.php?user_id=XXX irrespective if he has the right to do this or not. If not in fact there will be shown the error message “You do not have permission to edit this user.” but after that message the complete form with all data will also be shown.
Here’s the exploit in action:
I guess it’s a source of valid email addresses for spam, though I’m not sure that bloggers are the best demographic for email spam (not that spammers care). Anyway my blogs are theoretically vulnerable to this exploit, but since I don’t currently allow registered users it’s not an issue.
Technorati Tags: Wordpress, blogs, vulnerable, exploit, email
I’ve currently got my Inspiron 9300 listed on BuyandSell, a free ads paper with an online version. I believe I’ve received a couple of potential fraud inquiries.They mention “the item” I have for sale without mentioning what it is, and talk about PayPal or Moneygram payment. I don’t know precisely how the fraud works, but I imagine it leaves me seriously out of pocket. If you’re familiar with this one, leave a comment below.
Dear BuyandSell customer,
This message was sent by www.buyandsell.ie to you directly on behalf of free-email-address1@gmaildotcom in
response to your adverisement on the BuyandSell WebSite.Please read the message from the interested buyer below, and if you would like to respond please
use the following email address: free-email-address1@gmaildotcomBest Regards
The BuyandSell Team.MESSAGE FROM INTERESTED BUYER: (free-email-address1@gmaildotcom)
——————————————————————————
Hello seller,
i am Mrs Helyn John from New York.i was surfin on the web when i came across your ad and am
very interested in it,but first i will want to know if you are the real owner of the item and what
is it present condition.Moreover i will want to know the total cost of the item and like to let you
know that am paying you thru MONEY GRAM or Paypal ok.so get back to me on my personal email
address at free-email-address2@yahoo.co.uk ok.
thanks await your humble reply soon…………
Helyn John
——————————————————————————(Sent: December 6, 2006, 11:33am AV: 311)
If you have a question or suggestion please contact our HelpDesk:
http://support.buyandsell.ie/?group=General&_m=tickets&_a=submit
Why I think it is fraud:
BuyandSell list a Payment Protection fraud on their Knowledge Base, it’s not the same fraud, but has a couple of similarities.
Update:
BuyandSell responds:
Sorry for the inconvenience & thanks for bringing this to our attention. Please note we would
definitely not advise you to go ahead with this as it looks as one of the current scams listed on our
website. We had to stop the registrations those e-mails were sent from as they did not comply with
with our registration policies.
Thanks & regards.B&S Support
I had to secure a new Dell laptop (a lovely Inspiron M1210) recently, here’s what I did.
First things, first - update Windows as soon as possible. Use Windows Update at windowsupdate.com.
Alternative to using Windows Update:
In the comments, brucew mentioned AutoPatcher XP. He says “Updated monthly, a single download contains all the patches, plus some other useful things. You launch the installer, tick-off the things you want it to do and walk away. Recommended.”.
Sounds great, because you don’t leave your unpatched machine exposed while you’re downloading updates - which, if you’re on a really slow connetion gives a very strong chance of your machine being compromised before it’s patched. So offline patches are good - and the fire and forget interface is really cool - who wants to click buttons when you can be making a cup of tea?
I use Avast Home Edition and register for password.
I normally install these two (and immediately use the online updates after install):
Get Firefox. After installing the browser, install the Adblock Plus extension and use the filter subscription:
Am I missing anything?
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Apr | ||||||
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
