WordPress and Secunia reported on August 9 that there is a critical security vulnerability in WordPress 1.5.1.3. I can attest to that.

Yesterday I had a very important presentation to give as part of my graduation requirement for grad school. My presentation was entitled “Don’t Get Caught in the Web: Using a website to enhance small business opportunity.” Part of the presentation involved a demo of a live website that I created for my wife’s private practice.

2.5 hours before the presentation, I casually checked the site from work and was presented with a page that read, “Account suspended. Please contact support/billing immediately.” What?! After 52 minutes waiting on the customer service line with my webhost, I was told that they do not provide support over the phone. Instead, I needed to use the form submission to communicate support requests via email. Aarrgghh! Now about 1.5 hours before showtime.

I did use the submission form and received a reply more quickly than I anticipated. My provider suspended my account because they thought I had introduced a malicious IRC bot onto my own webspace. Sorry, I’m not that technically inclined, just enough to install WordPress and to customize it for my liking.

Long story short, a hacker infiltrated my webspace through a vulnerability in WordPress 1.5.1.3. It appears a patch may be available to close this vulnerability, but thankfully, my webhost support contact made a file change on my space to hopefully plug this security hole.

Fortunately, the presentation went off without a hitch and I could access the website. After two more weeks of a summer school class, I will be done with my program. In retrospect, I realize that perhaps I need to use a stricter password for my WordPress account. Security has become a serious issue, folks, and yesterday it became that much more personal to me.

Update

On August 14, WordPress 1.5.2 was released to address these security issues.

Tags: [WordPress, security, hackers, hacker, vulnerability, patch]

On Tuesday, Thomas Vander Wal, the person who coined the concept “folksonomy,” came by my summer grad school class with a talk entitled “Designing for the Personal InfoCloud.”

Thomas talked about a variety of topics, but some of the things that struck me revolved around his discussion of folksonomy. Thomas says that he does not like the definition included in Wikipedia because the site allows users to constantly add or remove content to define the concept. He provided us with the following descriptors:

Folksonomy:

• Actual vocabulary used for objects in a community and across communities;
• Network-based selfish bookmarking;
• Free-tagging;
• Socially shared; and
• Externally structuring content

There were a few concepts that clicked in place and resonated with me. First, something clicked when Thomas explained that folksonomy is the “anti-Google.” Essentially, Thomas argued that search tools build algorithms to help you “find what you want.” However, the concept of folksonomies, manifested in collaborative bookmarking tools (such as Flickr, Del.icio.us, etc.), help you “find what you don’t know you want.” He explained that while a majority of people might want results that are in the mainstream, folksonomies let users find information that might be in the long-tail:

Secondly, I really got hung up on the idea that folksonomies involved “selfish bookmarking.” For instance, when my wife bookmarks an article about Apple’s iPod, she might only use the term “ipod” to tag her bookmark, because she only cares about classifying her article so she can find it later. On the other hand, even though I know I can later find the article by searching for “iPod,” I might try to use multiple tags to help others locate my article. I might additionally use the terms “Apple,” “mp3,” “music,” and so on. However, Thomas cuts through this by explaining that if you choose to assist others this way, then this is really your selfish method of bookmarking.

Thomas’ concept really involves no moral, ethical, or “responsibility of the user” argument when it comes to practicing folksonomies. However, as I’ve argued before, for some reason I am stuck on the responsibility of the social tagger. My ideal would be that taggers use multiple tags to describe the content that they choose to bookmark. That way, it becomes easier for other persons to find their content. This does not negate the concept of folksonomies. The social component to this phenomenon is such that we learn to trust others and the tags they use to describe content. Therefore, I still propose that other services that incorporate folksonomies into their systems provide a mechanism for rating taggers on a “trustworthy” scale.

Tags: [Vander Wal, Thomas Vander Wal, VanderWal, folksonomy, tagging, MIM, UMCP]

One of my interests is information culture – are people generally willing or unwilling to share information? In a corporate or military setting, reasons for hoarding information might be perfectly justified. Corporations do not want to make public information that might be used by competitors. The military may not want its adversaries to know of its capabilities and strategies.

Internet and software-savvy persons (e.g., social software users, open source software developers) tend to advocate information sharing. Indeed, an information sharing culture often breeds knowledge and innovation. Nonetheless, some people refuse to share information, for one reason or another. Some people feel that their job security rests on being seen as an expert. If the information they possess is shared, then perhaps their job won’t be seen as necessary.

Although I understand the validity of both the need for information security and information sharing, I feel we need to be ever so careful with how we use the proliferation of social software that has grown in the last few years.

For example, I absolutely love the Flickr service. I use it mostly to share pictures with friends and family. However, if I so choose, I can share pictures with virtual strangers from all over the world. Consider the following picture:

U.S. Secret Service Training Facility, MD

There’s been a recent fascination with Memory Mapping, the process of identifying satellite photos of places one is familiar with, and then identifying specific landmarks with notations.

What makes this photo interesting is that it is a screen capture of a U.S. Secret Service training facility in Maryland. I used a publically available satellite imaging service, in this case Google Maps (see also Terraserver & Microsoft Terraserver USA), to locate the site I was familiar with.

I assume that if the images are provided by the USGS, then they can be used freely by anyone. However, now that GPS devices are readily available and image services offer coordinates for specific locations, how much easier might it be for armchair vigilantes to perform malicious acts? I’m sure some of the images are sanitized or scrubbed, but what if some classified locations are missed?

Information sharing is the cornerstone of the social software scene and is essential in open source development. However, these persons who follow the “information sharing” credo must be careful to understand the local and federal laws they abide by, and understand that sharing isn’t always a good thing.

Tags: [memory maps, Google maps, satellite, security, information security, social software, Flickr]