Tag Archive for Bug

| October 30, 2020
Comments Off on WordPress Botched it

WordPress Botched it

WordPress Botched itImagine my surprise when I got a notification this morning (10/30/2020) at 11:42AM (local time)  – Your site has been updated to WordPress 5.5.3-alpha-49449. has been updated automatically to WordPress 5.5.3-alpha-49449. No further action is needed on your part. 

Say what?!?

WordPress botched an update and auto-updated sites from the standard release channel to a development alpha channel – with no warning or reason.


WordPress bug
According to WordPress Development, it’s a bug. Not only did they move my site from the standard release channel to a dev release channel which gets updated every night. They also added back all of the 20xx WordPress default themes – Which I had already deleted.

@hellofromTonya at WordPress.org reports that the unwanted update is, “a side effect of another issue that occurred on 5.5.2.

WP says there are 2 options to resolve this problem:

  1. Click the Re-install WordPress button on the Update screen to reinstall 5.5.2
  2. Wait to update when 5.5.3 is released (coming soon)

Please note, 5.5.3-alpha-49449 also installed bundled themes. Any of these themes the site doesn’t need will need to be deleted manually.

@johnbillion at WordPress.org posted, “When 5.5.3 is released, you’ll be updated to that stable version and you won’t be alpha or beta testing from that point onward.”

WP now recommends – if you trust them – to update to version 5.5.3.

I did and it appears to have gotten me back to a stable version – but we will see overnight. If I get another dev edition – we will know it is still broke.

This smacks of an MSFT type auto-update “feature.” Make me start to question my faith in this new-fangled WP auto-update functionality.

Just as I was about click Publish on this post – I got another alert that I needed to install WordPress 5.5.3 again – so much for their earlier fix !!!!

Get it together WordPress

 

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| June 24, 2014
Comments Off on Heartbleed Old News – Servers Still Vulnerable

Heartbleed Old News – Servers Still Vulnerable

Proof that data breaches like Code Spaces, P.F.Chang’s, Domino’s, Target, Neiman Marcus continue to be inevitable. The Verge is reporting that the Heartbleed Open SSL bug is still running rampant. Despite the initial panic several months ago when Neel Mehta of Google’s (GOOG) security team discovered the major bug which put over a million web servers at risk, the threat is old news.

600,000 still vulnerable to Heartbleed

Being old news does not mean the problem’s solved according to the article. They cite security researcher Robert David Graham who found that at least 309,197 servers out there on the interwebs are still vulnerable to the exploit.

Immediately after the announcement, Mr. Graham found some 600,000 servers were exposed by Heartbleed. One month after the bug was announced, that number dropped down to 318,239. In the past month, only 9,042 of those servers have been patched to block Heartbleed. The author says that’s cause for concern because it means that smaller sites aren’t making the effort to implement a fix.

Affects the OpenSSL protocol

The Verge concludes that it’s likely that the lightly trod corners of the internet will remain vulnerable for many years to come, as sites with sub-par security standards continue to leave themselves and their users exposed. The danger is particularly real now since the exploit has been widely publicized. The bug, which affects the OpenSSL protocol used widely online, can cause some serious damage — it can be exploited to give hackers encryption keys, passwords, and other sensitive information.

rb-

I mean who do all these people think they are the NSA?

CNET has kept a running list of where you should change your password due to Heartbleed.

  1. Google (GOOG)
  2. Facebook (FB)
  3. YouTube
  4. Yahoo (YHOO)
  5. Wikipedia
  6. Bing
  7. Pinterest
  8. Instagram
  9. Tumblr
  10. ESPN
  11. NetFlix
  12. Weather.com
  13. Dropbox
  14. AT&T (T)
  15. OKCupid
Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| September 8, 2011
Comments Off on Adobe Flash Still Full of Holes

Adobe Flash Still Full of Holes

Adobe Flash Still Full of Holes

I wrote about Adobe’s (ADBE) problem with writing secure software earlier. The problems still exists according to an article in Help Net Security. The article lays out claims by Google (GOOG) researcher Tavis Ormandy that he notified Adobe of some 400 holes in  Flash Player. According the the article, Adobe fell short on the latest Flash patch. In the article Mr. Ormandy claims that Adobe’s latest release of Flash:

  • Only patched 13 fixed holes in the application, failed to document other holes; and
  • Did not give credit to those that found the bugs using a technique called fuzzing to reveal the bugs.

the Google researchers wrote on their blog, “The initial run of the ongoing effort resulted in about 400 unique crash signatures, which were logged as 106 individual security bugs … each crash was treated as though it were potentially exploitable and addressed by Adobe. In the final analysis, the Flash Player update Adobe shipped earlier this week contained about 80 code changes to fix these bugs.”

Adobe Flash Still Full of Holes

Help Net Security notes that after an initial silence on the matter, Adobe told Computerworld, that Mr. Ormandy had reported some 80 bugs in Flash Player, but defended their decision to not list all the vulnerabilities in the released security bulletins by saying that it usually doesn’t reveal or mention vulnerabilities found internally – by them or their partners. Also, the question is whether all those 80 flaws would lead to an exploitable hole. It seems that Adobe believes that only holes get a CVE number.

Related articles

What do you think?

Is Flash still worth it?

View Results

Loading ... Loading ...

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,