• chevron_right

      WordPress owner acquires Beeper, giving it two chat apps to rule them all

      news.movim.eu / ArsTechnica · Tuesday, 9 April - 15:08

    Beeper app with mobile and desktop views, showing multiple chat networks connected.

    Enlarge / Beeper's new apps are now available, without waitlist, across nearly all mobile and desktop platforms.

    Beeper, the multi-network messaging app that recently gave up on trying to engineer around Apple's walled-off iMessage service , has been acquired by Automattic , the company behind WordPress. It is now open to everyone and has a completely revamped Android app.

    All of Beeper's workers will join Automattic and will continue operating as an independent team, according to a press release. Eric Migicovsky, creator of the Pebble smartwatch and co-founder of Beeper, will become Automattic's head of messaging. Beeper and Texts.com , acquired last year by Automattic, will work together.

    Given that Texts.com provides a similar "all your chats in one place" function but also an iMessage bridge using an app you run on your own Apple computers, it's likely that Beeper and Texts will consolidate into one platform that more closely hews to the "all" part of the companies' mission statements.

    Read 6 remaining paragraphs | Comments

    • chevron_right

      WordPress, Tumblr et Reddit vont revendre vos données à l’IA, et c’est inquiétant

      news.movim.eu / JournalDuGeek · Tuesday, 5 March - 09:02

    Intelligence Artificielle

    Les plateformes sociales stars des années 2000 se sont trouvées une nouvelle manne financière à l'éthique discutable.
    • chevron_right

      Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

      news.movim.eu / ArsTechnica · Monday, 9 October, 2023 - 20:48

    Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

    Enlarge (credit: Getty Images )

    Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin.

    The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag . The themes are available through the Theme Forest and Envato marketplaces and have more than 155,000 downloads.

    Tracked as CVE-2023-3169, the vulnerability is what’s known as a cross-site scripting (XSS) flaw that allows hackers to inject malicious code into webpages. Discovered by Vietnamese researcher Truoc Phan , the vulnerability carries a severity rating of 7.1 out of a possible 10. It was partially fixed in tagDiv Composer version 4.1 and fully patched in 4.2.

    Read 8 remaining paragraphs | Comments

    • chevron_right

      WordPress plugin installed on 1 million+ sites logged plaintext passwords

      news.movim.eu / ArsTechnica · Thursday, 13 July, 2023 - 19:19

    WordPress plugin installed on 1 million+ sites logged plaintext passwords

    Enlarge (credit: Getty Images)

    All-In-One Security, a WordPress security plugin installed on more than 1 million websites, has issued a security update after being caught three weeks ago logging plaintext passwords and storing them in a database accessible to website admins.

    The passwords were logged when users of a site using the plugin, typically abbreviated as AIOS, logged in, the developer of AIOS said Thursday . The developer said the logging was the result of a bug introduced in May in version 5.1.9. Version 5.2.0 released Thursday fixes the bug and also “deletes the problematic data from the database.” The database was available to people with administrative access to the website.

    A major security transgression

    A representative of AIOS wrote in an email that “gaining anything from this defect requires being logged in with the highest-level administrative privileges, or equivalent. i.e. It can be exploited by a rogue admin who can already do such things because he's an admin.”

    Read 8 remaining paragraphs | Comments

    • chevron_right

      Comment héberger votre propre podcast gratuitement sous WordPress ?

      news.movim.eu / Korben · Friday, 16 June, 2023 - 07:00 · 2 minutes

    Même si je manque de temps pour continuer mon podcast, il faut quand même reconnaitre que pouvoir partager ses idées et sa passion avec le monde entier, simplement en enregistrant sa voix, ça a quelque chose de magique.

    D’ailleurs, vous avez peut-être envie de vous lancer vous-même dans le podcasting, et vous êtes à la recherche de la meilleure solution pour l’héberger vous-même… Alors vous êtes au bon endroit.

    Même si ça ne vaut pas les services d’Ausha , vous êtes peut-être du genre à tout vouloir héberger vous-même. Dans ce cas, je dois absolument vous parler de Podlove.

    Il s’agit d’un ensemble de plugins WordPress qui vous permet d’héberger votre propre podcast en toute simplicité.

    Cette suite se compose de 3 outils :

    Tout d’abord Podlove Publisher , qui permet de publier de nouveaux épisodes avec une extrême facilité, grâce à son interface conviviale. C’est un peu comme publier un article de blog, mais pour un podcast ! Ce plugin est donc conçu pour s’intégrer parfaitement à notre WordPress, en prenant en charge la publication et la maintenance des flux de podcast de manière simple.

    Et les statistiques, me direz-vous ?

    Hé bien pas de problème, les statistiques sont présentes, avec des graphiques pour suivre la popularité de chaque épisode et la possibilité de comparer différentes périodes. Le tout sans avoir à tracker vos poditeurs, dans le respect de leur déjà trop fragile vie privée.

    Ensuite, il y a le Podlove Web Player qui est un autre élément clé de cet ensemble. C’est un lecteur web en HTML5 conçu pour les fichiers audio et vidéo, et entièrement optimisé pour les besoins des podcasteurs. Imaginez un lecteur audio / vidéo parfaitement intégré sur votre site WordPress, avec une belle présentation et des fonctionnalités assez puissantes comme la possibilité d’afficher des transcriptions textes synchronisées avec l’audio. Les poditeurs pourront même faire leurs propres recherches dans le texte de votre podcast pour aller directement à l’essentiel.

    Enfin, il y a le Podlove Subscribe Button qui n’est ni plus ni moins qu’un moyen rapide pour les lecteurs de votre site et de vos réseaux sociaux, de s’abonner à votre podcast en un clic.

    Le projet Podlove est entièrement open source, ce qui signifie non seulement que c’est gratuit, mais aussi que le projet est maintenu par une communauté d’utilisateurs passionnés et de quelques développeurs dévoués qui améliorent constamment ces outils.

    Bref, Podlove offre une suite de podcasting complète, gratuite et open source, qui vous permettra d’héberger et de publier vos podcasts comme un vrai pros.

    Si ça vous dit d’essayer, cliquez ici !

    • chevron_right

      Une faille technique menace un million de sites web sous WordPress

      news.movim.eu / Numerama · Monday, 15 May, 2023 - 15:24

    Une vulnérabilité dans une extension de WordPress permet de prendre le contrôle du site ciblé. Des attaques auraient déjà été opérées. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      WebOps platform Pantheon defends hosting “hate groups” as developers quit

      news.movim.eu / ArsTechnica · Thursday, 27 April, 2023 - 22:40 · 1 minute

    WebOps platform Pantheon defends hosting “hate groups” as developers quit

    Enlarge (credit: Erika Goldring / Contributor | Getty Images North America )

    Over the past week, backlash erupted on LinkedIn , in a thread where passionate open source developers began criticizing Pantheon. The developers and other Pantheon supporters commenting had just discovered that the website operations platform—which hosts more than 700,000 websites—is currently hosting websites for hugely influential anti-LGBTQ and anti-immigration organizations that have been designated as hate groups by the Southern Poverty Law Center (SPLC).

    The controversy sparked after a digital strategist, Greg Dunlap, posted a link to SPLC’s page designating a Christian conservative legal advocacy group, Alliance Defending Freedom (ADF), as a hate group for its views on the LGBTQ community. On the page, SPLC described ADF as supporting “recriminalization of sexual acts between consenting LGBTQ adults in the US and criminalization abroad,” defending “state-sanctioned sterilization of trans people abroad,” and claiming that a “homosexual agenda” will “destroy Christianity and society.”

    In his LinkedIn post, Dunlap tagged Pantheon co-founders Josh Koenig and Zack Rosen, and asked them why Pantheon is hosting a website for the alleged hate group. ADF also has ties to high-ranking Republicans and has influenced Supreme Court opinions (including the decision to overturn Roe v. Wade ).

    Read 24 remaining paragraphs | Comments

    • chevron_right

      Hackers exploit WordPress plugin flaw that gives full control of millions of sites

      news.movim.eu / ArsTechnica · Friday, 31 March, 2023 - 22:40

    Hackers exploit WordPress plugin flaw that gives full control of millions of sites

    Enlarge (credit: Getty Images)

    Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said.

    The vulnerability, which carries a severity rating of 8.8 out of a possible 10, is present in Elementor Pro, a premium plugin running on more than 12 million sites powered by the WordPress content management system. Elementor Pro allows users to create high-quality websites using a wide range of tools, one of which is WooCommerce, a separate WordPress plugin. When those conditions are met, anyone with an account on the site—say a subscriber or customer—can create new accounts that have full administrator privileges.

    The vulnerability was discovered by Jerome Bruandet, a researcher with security firm NinTechNet. Last week, Elementor, the developer of the Elementor Pro plugin, released version 3.11.7, which patched the flaw. In a post published on Tuesday, Bruandet wrote:

    Read 7 remaining paragraphs | Comments

    • chevron_right

      ~11,000 sites have been infected with malware that’s good at avoiding detection

      news.movim.eu / ArsTechnica · Monday, 13 February, 2023 - 21:03 · 1 minute

    Gloved hands manipulate a laptop with a skull and crossbones on the display.

    Enlarge (credit: CHUYN / Getty Images )

    Nearly 11,000 websites in recent months have been infected with a backdoor that redirects visitors to sites that rack up fraudulent views of ads provided by Google Adsense, researchers said.

    All 10,890 infected sites, found by security firm Sucuri , run the WordPress content management system and have an obfuscated PHP script that has been injected into legitimate files powering the websites. Such files include “index.php,” “wp-signup.php,” “wp-activate.php,” “wp-cron.php,” and many more. Some infected sites also inject obfuscated code into wp-blog-header.php and other files. The additional injected code works as a backdoor that’s designed to ensure the malware will survive disinfection attempts by loading itself in files that run whenever the targeted server is restarted.

    “These backdoors download additional shells and a Leaf PHP mailer script from a remote domain filestack[.]live and place them in files with random names in wp-includes, wp-admin and wp-content directories,” Sucuri researcher Ben Martin wrote. “Since the additional malware injection is lodged within the wp-blog-header.php file it will execute whenever the website is loaded and reinfect the website. This ensures that the environment remains infected until all traces of the malware are dealt with.”

    Read 12 remaining paragraphs | Comments