Drupal 5.9 has just been released to fix a security hole introduced in 5.8. Sounds serious.
I posted a couple of days ago about a free DNS checker to see if your ISP’s name servers are vulnerable to the DNS poisoning exploit that is now in the wild. I found another reputable one: https://www.dns-oarc.net/oarc/services/dnsentropy. Or at least, it seems reputable. This one has a more elaborate test than the one provided in my previous post.
The DNS exploit is now in the wild. DNS servers that have not been patched can be exploited so that if you type a URL, such as for your bank’s website, you may be directed to some other site pretending to be your bank. You won’t be able to tell the difference, since the DNS name server will tell you that that is actually the bank’s site. From there, the site can steal your user name, password and other data.
To test whether your ISP has patched their DNS servers, go to Dan Kaminsky’s blog and use the Check My DNS button. More than 52% of ISPs have vulnerable DNS name servers!
Whoa, after a long silence, which is unusual for it, WordPress version 2.6 has been released. It doesn’t really look like there’s any real compelling new features. Just some bunch of user interface improvements that make things easier especially for newbies.
Oh yes, there’s also a version control system built into this version as well.