Popular Wordpress Plugin Leaves Sensitive Data In the Open

chicksdaddy writes in with a warning about a popular Wordpress plugin. "A security researcher is warning WordPress users that a popular plugin may leave sensitive information from their blog accessible from the public Internet with little more than a Google search. The researcher, Jason A. Donenfeld, who uses the handle 'zx2c4' posted a notice about the add-on, W3 Total Cache on the Full Disclosure security mailing list on Sunday, warning that many WordPress blogs that had added the plugin had directories of cached content that could be browsed by anyone with a web browser and the knowledge of where to look. The content of those directories could be downloaded, including directories containing sensitive data like password hashes, Donenfeld wrote. W3 Total Cache is described as a 'performance framework' that speeds up web sites that use the WordPress content management system by caching site content, speeding up page loads, downloads and the like. The plugin has been downloaded 1.39 million times and is used by sites including mashable.com and smashingmagazine.com, according to the WordPress web site."

Rule #1 of the internet

[slashmydots]

- You will get hacked if you use something 1 million+ other people use. It's just a matter of time.

No fucking shit

[Legion303]

"Popular Wordpress Plugin Leaves Sensitive Data In the Open"

This happens at least twice a week. Don't use Wordpress. Or if you have to use Wordpress, lock it the fuck down and don't install plugins.

You said it!

[psychonaut]

This is precisely why I don't use PGP, TrueCrypt, ssh, or any of those other "cool" encryption tools used by millions of sheeple. All my data privacy and security needs are taken care of by my own custom-written, unbreakable encryption algorithm.