Mathew Bevan, an earlier scapegoat for incompetence in governmental security, discusses the non-threat that Gary McKinnon posed:
"Gary is a self-confessed stoner and perpetrated the 'biggest military hack of all time' whilst completely wasted. This is clearly a sign of how lax the security of these systems was.
I finally began to get on top of Wordpress upgrades a few months ago, with an upgrade to 2.5.1. It worked well, but left me open to what looks like a failed attempt to exploit a cryptographic splicing vulnerability in Wordpress 2.5.x.
Here's a basic rule of account security: you should never give your login details on website X, to a form on website Y. And here's a basic rule of etiquette: if you're running website Y, you should never ask people for their login details on website X.
After much wrestling with hexdumps, Matthew highlighted an issue for us today of the stealthy ninja linebreak. Here it is. Are you ready? Right: " "
Did you spot it? Unlike all the other linebreaks in this Wordpress post, it hasn't been converted to a <br/> or <p/> tag, so Wordpress didn't. Not entirely fair of me to expect it to, though, as strictly speaking it's the line separator, \u2029.
Graceful Exits has just been upgraded to use Wordpress 2.7.1, so please let me know if you see anything amiss.
Incidentally, when I upgraded I saw some evidence of the wordpress.net.in injection attack in some of my files: I don't think it worked because of the way that the straightedge theme is set up, but it's not clear yet.