[wp-hackers] Evaluating impact from yesterday's Trojan'dplugins?

Mitch Canter mitch at mitchcanter.com
Wed Jun 22 14:19:52 UTC 2011

http://wordpress.org/news/ - The official blawg :)

This was updated pretty quickly after things were fixed, and the major tech 
blogs (Mashable, Techcrunch, etc) picked it up from there.


-----Original Message----- 
From: Claude Needham
Sent: Wednesday, June 22, 2011 9:12 AM
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] Evaluating impact from yesterday's 

On Wed, Jun 22, 2011 at 6:27 AM, Alexander Concha <alex at buayacorp.com> 
> I do not know any specific list related to WordPress security.
> Sometimes, there are reports in the Full Disclosure list
> (http://seclists.org/fulldisclosure/).

Thanks for the link to seclists.org fulldisclosure
Quite an onslaught of sec info.

As I understand the situation here:

wp.org is hosting some plugins.
Three (or more?) plugins were updated with trojans
wp.org (and friends) discover these trojans
wp.org takes steps to remove the trojans.
wp.org pushes an update.
wp.org takes steps to prevent or mitigate such future events.

All of this is quite laudable. Good job.
The one step that seems to be missing is
wp.org sends message to interested listeners letting them know what is

Based on the excellent performance in each of the other steps, I
figure there must be a twitter, facebook, email list, blog, something
where this information would have been communicated.

Thanks to Doug, I found out about it here. But, it would be good to
have a little more of an ear to the ground on such issues. Hence, the
hunt for where to put my ear.

wp-hackers mailing list
wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list