WordPress has issued an urgent upgrade for users who downloaded WordPress 2.1.1 within the past 3-4 days: It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution. This is ... read more

A company that makes phone-security tools bought 10 phones on EBay and shared their contents with a reporter, finding evidence of marital affairs, business deals and other juicy private information. One phone surrendered the secrets of a chief executive at a small technology company in Silicon Valley. It included details of a pending deal with Adobe Systems Inc., and e-mail proposals from a potential Japanese partner: "If we want to be exclusive distributor in Japan, what kind of business terms you want?" asked ... read more

Dell is recalling 4.1 million batteries from its laptop computers because they have the unfortunate tendency to burst into flame, as these photos demonstrate. The recall covers four models of Dell laptops sold from April 2004 to July 2006: Potentially affected batteries were sold with the following models of Dell notebook computers or separately as secondary batteries: Latitude: D410, D500, D505, D510, D520, D600, D610, D620, D800, D810 Inspiron: 500M, 510M, 600M, 700M, 710M, 6000, 6400, 8500, 8600, 9100, 9200, ... read more

An underhanded advertiser trick that hit LiveJournal demonstrates a risk of accepting Flash ads -- they can pop up windows: ... the Flash ad contains code to open a popup that leads to a very different destination -- it's what I assume is an affiliate link that attempts to download and install ErrorSafe on your computer (link is to Symantec's description of it). This, of course, would be totally against any ad company's guidelines. Masquerading as a banner ad, but discreetly opening a popup -- and not only that, ... read more

Robert Scoble's departure from Microsoft is getting major-news treatment from the mainstream media this morning: Mr. Scoble's blog, called Scobleizer, is widely seen as helping to humanise Microsoft and shift its stance from arrogant and aloof to one that is more inclusive and accepting of criticism. It also commented on broader changes in the net world and how they affected the company. Scoble began his blog around the time he left UserLand Software and deserves credit for using an employee blog launched in ... read more

My mom has a Windows XP system with an always-on high-speed Internet connection that's occasionally used by relatives and other guests. The PC had become glacially slow, opening new web pages after a pause of 10 or more seconds, so I started looking for spyware or viruses that might be causing the problem. I brought the virus definitions in Norton Anti-Virus up to date and installed Ad-Aware to look for other junk. As they were running, shortly after midnight the PC began sending hundreds of spams that triggered ... read more

One in 20 people fall for phishing scams and provide their account information to bogus versions of PayPal, EBay and other ecommerce sites, according to a study by Rachna Dhamija of the Harvard Center for Research on Computation and Society. The study presented real online banking and fake phishing sites to subjects to see if they could tell the two types apart. ... The most sophisticated site caught out 90 percent of the 22 people participating. I began using the Netcraft Toolbar in October, which works on ... read more