3 min listen
Gravitas of Gravatar
ratings:
Length:
7 minutes
Released:
Dec 8, 2021
Format:
Podcast episode
Description
Was Gravatar hacked or not? It depends on what you have read or what your definition of “hacked” is I suppose. The password breach monitoring service HaveIBeenPwned alerted users to a large-scale data leak by Gravatar, an add-on service for user profiles owned by Automattic.
In October 2020, a security researcher published a technique for scraping large volumes of data from Gravatar, the service for providing “globally unique avatars," HaveIBeenPwned warned. This technique allowed the details of just under 114 million users to get into hackers' hands.
Sarah Gooding over at WPTavern wrote that Automattic said they were not hacked. The Gravatar service gives you control over what you want to share online through their API. So this information can be made public and somebody can scrape that data and use it nefariously.
Jeff Chandler pointed out that this has been an issue since 2009 and shared the information from developer.it. Security researchers and privacy advocates have warned about privacy attacks on Gravatar for years.
Gravatar did not send out notices about the breach and left it to the user to accept the risk or use something other than Gravatar.
WordPress updates
There is a new directory for FSE block themes. Over on make.WordPress.org during the run-up to the release of 5.9 developers should note that the directory names for templates and template parts are being changed. With the release of 5.9 these will instead be:
templates
parts
It's pretty straightforward.
Events
Ellen Bauer will be sharing a twitter space with Justin Mahinyala discussing #Freelance opportunities for developers, designers, writers, and marketers in the #WordPress ecosystem. They will share advice and tips on how to get started. DM any questions you want them to talk about.
In October 2020, a security researcher published a technique for scraping large volumes of data from Gravatar, the service for providing “globally unique avatars," HaveIBeenPwned warned. This technique allowed the details of just under 114 million users to get into hackers' hands.
Sarah Gooding over at WPTavern wrote that Automattic said they were not hacked. The Gravatar service gives you control over what you want to share online through their API. So this information can be made public and somebody can scrape that data and use it nefariously.
Jeff Chandler pointed out that this has been an issue since 2009 and shared the information from developer.it. Security researchers and privacy advocates have warned about privacy attacks on Gravatar for years.
Gravatar did not send out notices about the breach and left it to the user to accept the risk or use something other than Gravatar.
WordPress updates
There is a new directory for FSE block themes. Over on make.WordPress.org during the run-up to the release of 5.9 developers should note that the directory names for templates and template parts are being changed. With the release of 5.9 these will instead be:
templates
parts
It's pretty straightforward.
Events
Ellen Bauer will be sharing a twitter space with Justin Mahinyala discussing #Freelance opportunities for developers, designers, writers, and marketers in the #WordPress ecosystem. They will share advice and tips on how to get started. DM any questions you want them to talk about.
Released:
Dec 8, 2021
Format:
Podcast episode
Titles in the series (100)
$596 Billion with a B: Jetpack gave us all a boost by pushing out a forced update patching a vulnerability in the Carousel feature. Tony Perez illustrated his point of view on how forced updates, in the hands of bad actors, could be a risk for the software. Brandon Kraft, part of the Jetpack team, tweeted that the forced update was justified by the meta/security team since 18% of Jetpack sites were affected. We weren't part of the discussion. Provided details and got the response, but I wouldn't expect a security convo to be public. But, yes. Single feature impacted. A few things need to be all true for it to matter on a site, which looked like qualified about 18% of sites IIRC.— A Guy Called Kraft ❤️ by The WP Minute - WordPress news