[wp-hackers] SQL Injection again

[Jason Bainbridge]

On 6/22/05, Frederic de Villamil <fdevillamil at gmail.com> wrote:
> > Semi-related to this, I know the dashboard by default already
> > includes the last handful of posts from the WP Development blog that
> > lists any updates but a lot of the time I just breeze past that page
> > so I don't realize there are any updates. Now of course you could
> > say the due diligence should be on me to read it, but wouldn't it be
> > a good idea to make security alerts stand out so people see it and
> > understand that it is important they upgrade straight away?
> 
> I think there is already a mailing list for release announcement. If people
> are concerned with security, they will subscribe at download I think. And
> telling them there is a security flaw won't make 90% of them upgrade. Thay'll
> just think "this won't happen to me, my blog is not known enough".

I was thinking more for your every day user than those of us that are
tech savvy enough to follow a release announcement mailing list. Most
users are likely to often see the dashboard so when a security alert
is right there in big, bold text with a thick red border and a very
stern recommendation that they should upgrade ASAP or risk being
hacked then I think people would be a lot more likely to upgrade.

Although you are right in that people will still ignore it if they
read it but if we can at least make sure they read it then that is one
more step we can take.

regards,
-- 
Jason Bainbridge
http://kde.org - webmaster at kde.org
Personal Site - http://jasonbainbridge.com