ALWAYS ALWAYS ALWAYS TRIPLE CHECK the TO address…

Well, if you’re visiting my site after my major blunder in the discussion about WP security, please feel free to leave a comment!

(No Images Please! 🙂 )

Sigh, yes during a public discussion of Word press security on a public email list, I discovered some minor holes that could be exploited under certain conditions.

So, I emailed them to very exclusive Security@Wordpress.com. This morning I wanted to provide all of the details in an update to them. So I cut and pasted the details of the attacks into an email. The result was basically a one stop shop of how to attack a website – creating admin users and stealing cookies. I made sure I had no mistakes in it and sent it off. However, I grabbed the wrong email address.

I sent it to the public mass mail list.

Sigh…. I’d intended this site to discuss security issues. Just not so openly…

So, Welcome!

If the public record can’t be cleared off of the mailing list archive, I guess we move on to discussing the best way to protect yourself.