This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes?
-
This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes?
@briankrebs There is a lot of conversation going on about this new issue.
-
This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes?
@briankrebs How much to buy hypothetical plugin that blocks plugins from updating?
-
This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes?
@briankrebs But what if the plugin that blocks plugins from being automagically updated if the plugin's ownership changes' ownership changes?
-
@briankrebs How much to buy hypothetical plugin that blocks plugins from updating?
@Roses4Cardinals I was being only partially facetious here. IMHO, this should be WordPress's job, whether or not you host a blog with them, seeing as they automatically update your plugins now whether you want them to or not.
-
@briankrebs There is a lot of conversation going on about this new issue.
@jackryder @briankrebs This is NOT a new issue, which is probably why there is conversation. People have a preset viewpoint.
I don't know how they are gonna solve that problem, but with the constant political shakeups at Wordpress, woof. I'm just glad I got my last client off of WordPress.
-
This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes?
@briankrebs and who updates that one?
-
This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes?
@briankrebs@infosec.exchange @andrewnez@mastodon.social would definitely know. He's the supply chain expert.
-
This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes?
@briankrebs Plugin ownership is a slippery concept.
Many wordpress plugins are published by small companies that can be bought outright. -
This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes?
@briankrebs And is it for sale?
-
This discussion atop Hackernews right now about how someone bought 30 WordPress plugins and planted a backdoor in all of them has me wondering, is there a plugin that blocks plugins from being automagically updated if the plugin's ownership changes?
@briankrebs So How many plugins could a hacker backdoor, if a plugin could block backdoored plugins?
