Yesterday, WordPress released a new version of their popular blogging software in response to a security issue. Apparently, there is a concern about the parsing of the xml remote procedure call. It seems specially crafted requests could allow anonymous, unauthenticated users to edit posts or even potentially deface a blog.
On another note, has anyone else seen the enormous spike in blogspam over the past few days? The amount of spam I see has more than tripled.
Most of the spam comments were designed to pull search engine hits away from authentic, reputable Web sites (such as auto dealers) to new sites hosting malware. This represents a shift in tactics employed by phishers.
In light of this, you may want to exercise caution when visiting sites resulting from search requests. If you haven’t already done so, download and use McAfee’s SiteAdvisor utility. It is free and will validate search results, ensuring the sites you want to visit are not malicious before you click on them. It keeps me from visiting sketchy sites every day.