WordPress 2.8.3 Password Reset Vulnerability

After the release of the new 2.8.3 security update, WordPress faces a dangerous vulnerability that can lock out blog owners from their admin account. Using the online password reset function, hackers can remotely reset the admin password.


This issue was first reported by Laurent Gaffie on August 11 in a mailing list for Grok. WordPress developers have already been informed and a solution was incorporated in a development version of WordPress.

In a standard situation, for a user to recuperate their password, they will first need to request it via the “Reset password” link. The user will then receive, on the registered email account, a message containing a verification link, which, when clicked, will delete the old password and replace it with a new one. This new password will be sent to the user registered email as well.

By passing an array to the $key value inside the wp-login.php module, the script can be forced to reset the admin password. This hack jumps the email verification step, and so the attack is invisible to the blog's owner. All these actions can be done from a simple browser window.

This vulnerability can be used solely to reset the administrator password and not to remotely break and access the blog platform. It can only be used to lock out administrators from their blog.

The changeset in the development version introduced by WordPress prevents any kind of array to be passed to the $key variable value in wp-login.php

Dragon Quest VIII: Journey of the Cursed King Hints XVII (PS2)

Dragon Quest VIII: Journey of the Cursed King is a videogame developed by Level 5 Inc. and published by Square Enix Co. Ltd. The game was released exclusively for the PlayStation 3 from Sony. It was launched on November 27, 2004 and classed as a role playing experience played from a third person perspective with elements of anime and manga and with medieval influences. It is played entirely turn based.


Dragon Quest VIII: Journey of the Cursed King tells the story of the evil Wizard Dhoulmagus, who comes to the ancient Kingdom of Trodain in order to obtain a very powerful magic scepter that has been long sealed under the Castle of the Kingdom. He gets it and destroys the Castle of Trodain while also turning the King, Trode, and his Princess into beats through a powerful curse. The player takes on the role of the soldier surviving the destruction of the castle. He joins the King, the Princess and Yangus, a former bandit turned good, in order to take on the wizard.

Dragon Quest VIII: Journey of the Cursed King is very traditional in its role playing mechanics. There are a lot of combat encounters and players get experience points in order to gain levels. The character classes are pretty different and using heal powers is crucial to surviving. The presentation is anything but traditional, with full day-night cycles being implemented and with full animated menus and complex 3D graphics.

GAMEPLAY HINTS

Get easy experience

After you are leveled up with your Hero and Angelo, go to the casino and purchase two Falcon Swords. Make sure you have the Metal Slash ability for both. Travel to Hollow Wind Hill (accessible by air next to Rydons Tower). This is where you will find the most Metal Slimes in the game. King Metal Slimes run in pairs or alone with six Liquid Metal Slimes.

Try and psyche up at least once with the Timbrel Of Tension. Use Metal Slash with the Hero and Angelo, Executioner (axe technique) with Yangus, and Twin Dragon Lash with Jessica. You can land between 10 and 20 HP on the Metal Slimes. If the King Metal stays around, keep using Executioner on it. This has about a 50% success rate. If all goes well, you can land between 10,050 and 60,000 experience points in one battle.

Rumor: Dell Launching Phone in China This Week

We've heard tons of rumors about a Dell smartphone in the last six months or so and if this week's rumors prove true, China is going to see the fruit of Dell's labor in the next few days.


This past weekend, TechCrunch cited a source who, claiming to have knowledge of the situation, said Dell is at the very least announcing (if not launching) its smartphone in China in just a few days time.

Michael Arrington reports that while hardware sources in Asia are usually very reliable, information on this rumor is still thin on the ground so we'll have to wait and see how this one pans out over the coming days.

Rumors about the Dell smartphone have been circulating since March. Analysts later reported that a prototype developed by Dell had been rejected by carriers for being too boring.

We'll keep you posted and update if we hear back from Dell.

Roadmap May Reveal Windows 8 Date

Will Microsoft release Windows 8 in 2012?


With Windows 7 poised like a racehorse huffing at the start gate, it's hard to imagine plans for the next version. However, if a leaked roadmap from the Italian Microsoft subsidiary is correct, consumers may see Windows 8 sometimes around 2012. Granted it's easy to doctor a roadmap image using Photoshop and whatnot, a new OS three years from now certainly isn't unlikely.

This blog points out the tilda next to the date, indicating that Microsoft isn't exactly locked on a 2012 deadline, giving the company some breathing room. "That tilda keeps things nice 'n loose for Microsoft's public deadline, but if Windows 7's development is exemplary of how future versions of Windows are to be developed, (2nd half of) 2012 could be considered a worst-case scenario for the delivery of Windows 8 Server," the blog reads.

As pointed out by PC Games Hardware, Microsoft's chief of development Steven Sinofsky introduced a method of planning conservative release dates with Windows 7 to prevent another Windows Vista scenario. With that said, Microsoft may internally target an earlier release date with Windows 8.

USA is the Top Spam Offender Nation in Q2

Currently the United States is the biggest spam-contributing nation, however Asia still ranks #1 as the largest continent distributing spam worldwide.


A report from IT security solutions provider Sohpos reveals that the United States currently reigns as #1 on the company's top twelve list of spam-relaying countries. In the second quarter of 2009, the U.S. was responsible for 15.6-percent, followed closely by Brazil's 11.1-percent. Turkey, third on the list, only comprised 5.2-percent of the world's spam, with India taking up another 5-percent.

Russia, the former spam "super-power," continues to fall down the ranks according to the report. "Russia currently resides at ninth position in the chart, relaying a mere 3.2-percent of spam messages," Sophos said. "This represents a significant reduction compared to the same time last year when the country came second only to the United States and was responsible for relaying 7.5-percent of all spam emails."

Sohpos paints a different picture when observing sources of spam on a continent level. During the April to June quarter, Asia proved to be the dominant spam distributor, providing 31.7-percent. Europe came in second, comprising 27.1-percent while South America followed with 19.4-percent. North America was the fourth largest culprit on the list, cranking out 18.8-percent of the world's spam.

"Clearly the problem isn't going away, as is illustrated by the large number of sprawling spam campaigns we see on a daily basis," said Graham Cluley, senior technology consultant for Sophos. "Although it may seem encouraging to see reductions in the volume of spam that certain countries are contributing, authorities, ISPs and home users across the world need to be doing more to crack down on the spam problem."

Amazon Cuts the Price of the PS3

Amazon slashes $50 from 160GB PS3 price

Online retailer Amazon has cut the price of the PlayStation 3 160GB bundle by USD 50 for its customers in the US.

The console, normally selling for USD 499 is now available for USD 449, and includes Uncharted: Drake's Fortune and a voucher to download PAIN.

The move comes ahead of Gamescom, which is taking place in Cologne in two weeks, and at which several sections of the industry believe an official price drop for the console will be announced by Sony.

The Corporation announced earlier this week that it had now sold 23 million consoles worldwide, as well as over 190 million software units.

Samsung Dan AT&T Perkenalkan Ponsel Solstice Secara Resmi

Baru-baru ini Samsung dan AT&T telah mengumumkan kehadiran produk terbaru Samsung Solstice. Ponsel ini dilengkapi dengan quad band GSM/EDG dan dual-band 850/1900 3G radios, dan fitur layar sentuh 3 inchi.


Ponsel ini dapat menjalankan antar muka pemakai TouchWiz dan memiliki keyboard QWERTY software landscape untuk input teks dan data. Selain itu, dilengkapi pula dengan kamera 2 megapiksel dengan video capture, Bluetooth dan mendukung kartu microSD hingga 16GB.

Menurut rencana, Solstice akan dipasarkan pada bulan Agustus 2009 mendatang. Dan menegnai harganya sendiri, ponsel ini dibandrol seharga 100 USD atau sekitar 1 juta rupiah (setelah diskon disertai dengan masa garansi)

T-Mobile Perkenalkan Ponsel Layar Sentuh HTC Touch Pro2

Baru-baru ini T-Mobile dan HTC umumkan kehadiran produk terbarunya HTC Touch Pro2. Ponsel yang satu ini sangat powerful, perangkat yang bergaya dengan sebuah layar sentuh dan antar muka pengguna yang bisa mempermudah komunikasi pelanggannya dan pengalaman internet mobile meski tetap terhubung sekalipun, menginformasikan dan mengontrol pekerjaan dan aktifitas hidup Anda. Perangkat ini akan segera hadir dalam bentuk Mocha yang diperuntukkan bagi para pelanggan T-Mobile dan mulai dipasarkan tanggal 12 Agustus 2009 mendatang.

Produk ini dapat diterapkan pada Jaringan 3G berkecepatan tinggi yang dikembangkan T-Mobile dan Wi-Fi (802.11 b/g). HTC Touch Pro2 menawarkan pengiriman data yang cepat dan browsing web dengan fitur yang propular seperti GPS built-in dan layanan berbasis lokasi. Fitur sebuah layar sentuh warna WVGA berukuran 3,6 Inchi yang bergeser belakang dan miring ke atas untuk menampilkan keyboard QWERTY secara lengkap. Layarnya ditempatkan pada posisi yang sempurna untuk membaca dan membuat e-mail, browsing web, menggunakan aplikasi dan memainkan video dan game. Kamera 3,2 megapiksel dengan auto fokus juga disediakan untuk pengguna dengan cara yang mudah untuk memotret dan berbagi foto/gambar/video berkualitas tinggi serta menampilkannya secara cepat.

HTC Touch Pro2 juga menawarkan cara yang efisien bagi penggunanya untuk mengatur aktifitas keseharian penggunanya. Dapat menampilkan histori aktifitas telepon baik secara suara, teks atau email. Ponsel ini juga dilengkapi teknologi Straight talk, email yang terintegrasi, suara dan speakerphone yang tersedia dengan mudah untuk merespon ke email melalui sebuah panggilan, memungkinkan pengaturan panggilan konferensi dari email group, dan mempermudah berganti lokasi manapun ke dalam ruang konferensi. Straight Talk mengirim pembicaraan rekaman dan suara yang ditingkatkan dengan speaker dan penimpaan gangguan dengan akustik full dupleks.

Antar muka TouchFLO 3D terbaru milik HTC diintegrasikan ke dalam versi kustomisasi Windows Mobile 6.1 untuk mengirim konsistensi maksimum sepanjang aplikasi dan menu Windows Mobile. Hal ini akan mempermudah pengguna untuk menampilkan, meralat dan memperbaharui dokumen-dokumen Microsoft, akses kalender dan mengatur daftar yang harus dikerjakan. Akses ke Microsoft Voice Command juga menyederhanakan alokasi kontak pada buku alamat, membuat panggilan telepon, memperoleh informasi kalender, bermain musik dan memulai program tertentu. TCH Touch Pro2 juga dilengkapi dengan kemampuan stereo Bluetooth.

Mengenai harganya sendiri belum diumumkan sampai saat ini. Dan bagi yang ingin memperoleh lebih lanjut mengenai HTC Touch Pro2 ini, Anda bisa mengunjungi situs http://www.t-mobile.com. Sedangkan untuk informasi layanan 3G T-Mobile atau melihat T-Mobile’s Personal Coverage Check tool, kunjungi situs http://www.t-mobile.com/Coverage.

Peredaran Conficker di Indonesia Meningkat

Berdasarkan laporan dari Kaspersky Lab, dalam periode 23 Juli - 30 Juli 2009, conficker alias kido ini masih menjadi momok malware yang paling menakutkan di Indonesia. Peredaran Worm conficker di Indonesia meningkat hingga level 50%.

Kaspersky Lab melaporkan wor ini jauh meninggalkan malware HEUR:Trojan.Win32.Generic di posisi kedua dengan presentase hanya 8,2%. Selanjutnya ada Heur.Win32.Trojan.Generic di posisi ketiga dengan 5,8%.


Kaspersky menjelaskan, konten berikut merupakan konten yang dikumpulkan dari server Kaspersky berdasarkan jumlah serangan yang dikirimkan ke Kaspersky Security Network melalui interaksi antar peserta user dari masing-masing negara.

Untuk menyeleksinya menjadi Top 100, setiap deteksi malware berdasarkan negara membutuhkan serangan kepada koleksi server Kaspersky yang berjumlah lebih dari 7.000.

Berikut adalah 10 besar daftar malware yang beredar di Indonesia versi Kaspersky, yang dikutip TeknologiNET, Selasa (4/8/2009):
Net-Worm.Win32.Kido.ih 50.5725%
HEUR:Trojan.Win32.Generic 8.2538%
Heur.Win32.Trojan.Generic 5.8683%
Trojan-Mailfinder.Win32.Agent.pt 2.0992%
HEUR:Trojan-Downloader.Win32.Generic 1.7653%
Trojan-Dropper.Win32.Small.axv 1.7176%\
Trojan.Win32.Agent.crgc 1.5267%
Trojan-GameThief.Win32.Magania.biht 1.3359%
Trojan-Dropper.Win32.Agent.zje 1.1927%
Trojan-Downloader.Win32.Agent.ansh 1.145%

Internet Super Cepat 32 Miliar Kbps

nternet super cepat siapa yang tidak mau. Dengan internet cepat maka pengguna dapat melakukan aktifitas di dunia maya serba cepat sehingga akan menghemat waktu dan biaya yang dikeluarkan. Dengan hadirnya teknologi optik yang sedang diujioba di Jepang. Maka kecepatan data untuk pengaksesan internet dapat mencapai kecepatan 30 terabit perdetik (Tbps) atau lebih dari 32 Miliar Kbps. (Tepatnya 32.212.254.720 Kbps, berdasarkan konversi via Google)

Uji coba itu telah dilakukan oleh KDDI R&D Labs bersama National Institute of Information and Communications Technology (NICT) di Jepang. Teknologi yang diujicoba memanfaatkan transmisi bernama OFDM alias orthogonal frequency division multiplex.

Sekadar pembanding, kecepatan koneksi internet saat ini masih jauh --sangat jauh-- dari yang dicapai dalam ujicoba tersebut. Kecepatan 500 kilobit per detik (Kbps), misalnya, sudah termasuk lumayan untuk penggunaan normal sehari-hari. Sedangkan rata-rata kecepatan internet di dunia, berdasarkan data akhir 2008, adalah 1.5 Mbps atau 1500 Kbps.

Nah, 30 Terabit per detik itu kurang lebih setara dengan 32 miliar kilobit per detik. Dengan kecepatan seperti ini, per detiknya data yang sanggup dikirimkan mencapai 3,9 juta MB, atau hampir 1.000 keping DVD film per detiknya.

Seperti dikutip TeknologiNET dari Nikkei, Kamis (30/7/2009), ujicoba itu dilakukan pada jarak 240 kilometer, artinya bukan sekadar ujicoba jarak dekat. Rencananya KDDI akan mengkomersialkan teknologi ini pada 2012.

Acer Rilis 3 Laptop TravelMate Timeline 8571, 8471 dan 8371

Acer telah meluncurkan laptop untuk kalangan bisnis, tiga laptop TravelMate Timeline yang didukung oleh kehandalan daya tahan baterainya. Seri laptop TravelMate Timeline ini merupakan laptop slim yang didesain untuk memberikan performance tinggi dalam paket laptop ultra tipis dan format warna hitam yang stylish. Model laptop TravelMate Timeline ini menurut Acer memang digunakan untuk melengkapi model Aspire Timeline, yang telah diluncurkan bulan April lalu.

Ketiga model laptop terbaru Acer TravelMate Timeline tersebut yakni tipe 8571, 8471 dan 8371, dengan masing-masing memiliki ukuran display 15.6 inch, 14 inch, dan 13.3 inch. Sebuah akselerator grafis ATI Mobility Radeon juga menjadi pilihan dari ketiga laptop. Ketiganya berbasis processor hemat energy Intel Core 2 Duo SU9600 1.6GHz, dengan memory DDR3 4GB dan pilihan harddisk 500GB, atau sebuah SSD Intel 80GB.

“Timeline ini merupakan desain laptop yang ultra tipis, ditambah dengan kelebihan daya tahan baterainya, layar LED, dan juga teknologi PowerSmart.” ungkap Paul Dutton, business manager untuk produk Acer. Teknologi PowerSmart menggunakan software untuk optimasi system guna menambah daya tahan baterai hingga 8 jam untuk model TravelMate Timeline ini. Untuk laptop TravelMate 8571 dibandrol harga sekitar £609, tipe 8471 seharga £599, dan £579 untuk tipe 8371. Ketiganya dilengkapi dengan memory 3GB dan harddisk 250GB. Acer TravelMate Timeline ini juga hadir dengan wireless 3G sebagai pilihan koneksinya.

Specifications Acer Travelmate Timeline 8371/8471/8571:
* 13.3-inch / 14.1-inch / 15.6-inch display with a resolution of 1366×768 pixels
* Windows 7 or Windows Vista Operating System
* Processor Intel Core 2 Duo SU9400/SU9600 or Intel Core 2 Solo SU3500
* Chipset Intel GS45
* Up to 8 GB of RAM DDR3
* Graphics ATI Mobility Radeon HD 4330 or Intel GMA 4500M HD
* Storage 160/250/320/500 GB HDD or 80 GB SSD
* Drive is DVD Super Multi Double Layer 8X
* HD Audio
* Wireless Wi-Fi 802.11a/b/g/Draft-N, Bluetooth 2.1 EDR, UMTS/HSPA and GSM / GPRS / EDGE
* Web camera
* Fingerprint sensor
* Card reader with support for SD, MMC, MS, MS PRO, xD
* Connectors are 4x USB 2.0, VGA, microphone, headphone, RJ-45
* 6-cell lithium-ion battery
* Size is 323.6×228x26/29.4 mm (8371); 341.9×235x25.9/29.6 mm (8471); 377.5×254.5×26.4/30.9 mm (8571)
* Weight is 1.65 kg/ 1.93 kg / 2.19 kg

PayPal targets students, parents with debit cards

PayPal on Tuesday is introducing a new service for parents with kids who are in high school or college. Called Student Accounts, it centers on the use of a special PayPal-branded Mastercard debit card that's tied to a parent's PayPal accounts. The parent acts as the provider and can funnel money in whenever they feel like it at predetermined dates, or--at what will most-frequently happen--the behest of their kids.

Some of the perks include no overdraft fees and the use of a debit card that's not tied to a particular bank account, meaning the balance can come from a variety of sources.

The system has more of an allure for parents though. It's easier for them to dole out cash and track where it goes. In other words, your kid can have the $20 they said they needed for gas money, but if it ends up being for the late-night beer run, you're going to know about it.

The other design behind the card, and one that goes far beyond tracking beer money spending, is to create an ecosystem of PayPal users that become acclimated to handling their finances within the service's confines. Considering parent-child money transfers may happen long after college attendance is complete, PayPal has incentive to get both parties used to dealing with its system.

A good example of this is that these students will one day have the option to "graduate" to having their own full PayPal accounts that they manage on their own and that includes a complete history of transactions they made when they were in school. Don Fotsch, who is PayPal's VP of user experience and design, told me that you cannot currently do this--but that it would be worked in by the time some of the early users reached that point. PayPal will also be working on a way to let students integrate any outside income they're getting from an after or during school job to be able to continue using that debit card on other purchases
Of course, PayPal being PayPal there is a cost to this service. PayPal takes a $1 cut for every ATM withdrawal, which comes on top of any ATM fee considering the card is not affiliated with any banks. There are also the typical PayPal percentage fees for using that debit card outside of the U.S. either on purchases or trips to the ATM. For things like online purchases, or in-store purchases, there are no fees or limits though. There also aren't any sign up fees, load card fees, or annual fees.

One thing that makes the service really neat is that if the child runs out of money, they can send a text to PayPal to request more. The parent then gets a text message from PayPal asking if they want to transfer the money and can reply with a simple yes or no. The money is then piped into the account within two minutes.

As Fotsche explained to me, this system worked out great for him when his daughter needed to spend an extra $10 on a checked bag at the airport. But parents could also just set up one of these cards for their kids as a real emergency credit card and one they wouldn't have to worry as much about if it were stolen since it couldn't be maxed out. And even if some parents do end up setting up one of these cards for such a purpose, that's two users already in PayPal's pocket.

google mengundang tanggapan tentang pencarian super rahasia

Dalam sebuah posting di blog-nya Webmaster Central Namun, teknisi Google Sitaram Iyer dan Matt Cutts bersikeras bahwa pengguna biasa bahkan tidak akan melihat perbedaan.

"Selama beberapa bulan, sebagian besar dari tim Google telah bekerja pada proyek rahasia: sebuah generasi arsitektur Google untuk pencarian Web," pos dibaca, sehingga semua suara samar-samar seperti beberapa jenis elf lokakarya. "Ini adalah langkah pertama dalam suatu proses yang akan membuat kami mendorong amplop pada ukuran, indeks kecepatan, akurasi, kelengkapan dan dimensi lainnya." User interface yang tidak berubah.

Pengembang dianjurkan untuk mencoba teknologi baru di "bak pasir" halaman kemudian memberikan umpan balik dengan memasukkan kata "kafein" di Google masukan teks lapangan, rahasia-sandi gaya.

Perusahaan mengakui bahwa "beberapa bagian dari sistem ini tidak sepenuhnya belum selesai." Tetapi industri buzz jelas banyak bagiannya: There's a sah pendebat baru di pasar mesin pencari, Microsoft Bing, yang berat oleh fueled pemasaran dolar dan telah mulai inch-nya jalan di pasar tersebut sejak awal debut musim panas ini .

CEO Google Eric Schmidt memberikan kesan bahwa dia tidak khawatir khususnya tentang Bing. Tetapi sulit untuk tidak melihat pada suram blog post about under-the-radar upgrade ke indeks pencarian Google dan tidak mengambil sebagai Googly jalan berkata, "pada permainan."