WordPress: we are protecting your blog

As the WordPress team scramble around trying to resolve the latest set of security issues, and doing all the wrong things like giving their users a 14-step process for upgrade, the following Jewel came up:

4. WordPress is Not Secure: WordPress is incredibly secure and monitored constantly by experts in web security. This attack was well anticipated and so far, WordPress 2.8.4 is holding. If necessary, WordPress will immediately release a update with further security improvements. WordPress is used by governments, huge corporations, and me, around the world. Millions of bloggers are using WordPress.com. Have faith they are working overtime to monitor this situation and protect your blog.

This is funny on so many levels.
(HT: Jericho, AKA security curmudgeon)

  • http://blogs.securiteam.com mike

    WordPress is very insecure and their “WordPress hackers” are a joke. They accused me of smoking crack because they didn’t understand it and didn’t bother to use my exploit code. After going full disclosure, they patched the flaw.

    I highly recommend going full disclosure with all vulnerabilities that affect wordpress.

  • XenoMuta

    Full Disclosure is the cure for the ungratefulness is a disease, and I think most vendors are sick. Very disapointing when software vendors address you in such an respectful manner when all you really want is to help.

    I think that full disclosure is the only choice left to help in an indirect way.