Upgrade Your WordPress to 2.6.2 version 5
Please upgrade your WordPress to 2.6.2 version. Get it from http://wordpress.org.
This is some additional information. I just know about this “Secret Keys on 2.6 version”.
Here’s a detailed explanation on the wp-hackers email list from Mark Jaquith in response to the question, “What is the SECRET_KEY for?”
It is a hashing salt that is not readable through the database. “And what is a salt?” A salt is something that adds randomness to a hash input and makes it much harder to crack. For example:
In these examples, consider that the password is “test”, but that the cracker does not know this (indeed, this is what he’s trying to determine). And yes, I’m glossing over some stuff, but this is the simplistic explanation.
Easy to crack: md5(‘test’);
Since ‘test’ is a short dictionary word, crackers who have the output hash can easily use rainbow tables (dictionary lookup table) to crack that password in seconds, or minutes.
Harder to crack: md5(‘test’ . $known_salt);
In this case, the cracker has to generate a new rainbow table that adds the $known_salt value to their table’s hashes. This slows them down.
Even harder to crack: md5(‘test’ . $unknown_salt);
In this case, they don’t know the salt. And since a good salt is something very random, like “888a7da62429ba6ad3cb3c76a09641fc” — they can’t use rainbow tables to help them. They have to just “brute force” their way through all the possible combinations. This is a huge hurdle. Something that might take 10 minutes before could now take years.
More? Click at this link.
http://codex.wordpress.org/Editing_wp-config.php#Secret_keys_.282.6.29
Ok. About the changelog, please view this link; http://codex.wordpress.org/Changelog/2.6.2.
Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand() , you can read at WordPress Blog.
ikoko: Salah satu daripada blog kepunyaanku dah menjadi mangsa perbuatan hack. Adeih. Nasib la blom banyak entry lagi dalam tu, dan masih boleh dibuat “export”. adiosz semua. sila upgrade wordpress anda. jangan malas.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
Tags: Emotion, wordpress
hari sama release terus upgrade. agak stabil dari versi yang lepas ;)
eh.. bila sebenarnya kluar wordpress 2.6.2 ni..
huwa…kakjie lum update.
dah install plug in aauto upgrade pun
takut nk mencuba pertama kali
ye ke… nanti nak upgrade la… kena upload satu2 tu yg malas sket tu hehe
thank yoou for this interesting tickket, if only people understand whhat you say
it s nice to viisit this nteresting blog 