Following less than two weeks after the release WordPress 2.8.1, which fixed a potentially serious security vulnerability, a new version has been released to patch another potentially serious security vulnerability. In versions before 2.8.2, comment author URLs were not fully sanitized which could lead to a cross-site scripting (XSS) attack. When viewing a page in the administrative interface that contains a specifically crafted comment author URL the user would be automatically redirected to another web page. That other web page could try to infect the user’s machine with malware or try to perform some other harmful activity.
Microsoft Claims Increase In Users Following Bing Launch
Microsoft has reported that they saw an 8 percent increase in unique users for their search engine during the month of June. At the beginning of the month Microsoft launched an update of the search engine and rebranded it as Bing. Microsoft also reported that in their own polling the number of people “likely to recommend” their search engine double during the month. The increase is not unexpected due the press coverage of the rebranding and the advertising campaign for the search engine that also began at the begging of the month. In the past Microsoft has made similar increases, but has been unable to sustain them.
WordPress 2.8.1 Released
WordPress 2.8.1, which fixes a number of problems with 2.8 and addresses a potentially serious security vulnerability, was released yesterday. The problems that were fixed were causing serious problems for some users. A work around was created so that some templates that were not working due how they called get_categories(). Dashboard memory usage was reduced to alleviate an issue where some people were receiving an incomplete page when they attempted to view the dash board. And an issue that caused the rich text editor not load was worked around. The security vulnerability allows any user of the blog, including subscribers, to view and in some cases modify plugin files if they did not explicitly check permissions. In Corelabs advisory about the vulnerability, they mention one plugin whose features could be disabled and another that could be modified to run arbitrary code when the blog administrator visits the plugins page. Extra security has been put in place to better protect plugins from this.
Home Broadband Adoption Continues to Increase in U.S.
A study by the Pew Research Center’s Internet & American Life Project found that 63 percent of adults in the United States had access to broadband at home, an increase of 15 percent in the last year. This follows a 17 percent increase in the previous year and 12 percent two years ago. The study found that only 7 percent of adults use dial-up at home, a 50 percent decrease from 2 years ago. Among the groups who showed the largest increases in broadband access were older adults and rural users. Access among adults ages 65 or older increased 58 percent, 22 percent for adults ages 50-64, and 21 percent for adults living in rural America. The study also reported that 72 percent of adults reported access the Internet from home and that 79 percent of adults identify themselves as Internet users.
May U.S. Search Share Results
Nielsen Online has released its rankings of U.S. search share for May (PDF). Overall search increased 20.3 percent year over year to 9.4 billion searches. Google had year over year increase of 28.2 percent and received 63.2 percent of searches. Yahoo had a year over year increase of 22.3 percent and received 17.2 percent of searches. Microsoft had a year over year decrease of 14.6 percent and received 9.4 percent of searches.
WordPress 2.8 Released
The finalized version of WordPress 2.8 was released today. The changes made include better widgets, a theme browser/installer, performance upgrades, and over 790 bug fixes. The widget admin interface has been changed to allow for making immediate edits to widgets, having multiple copies of widgets, and the ability to save settings for inactive widgets. A new widget API should allow for developers to create improved widgets.
On the security front, changes were made that should improve plugin security from cross-site scripting (XSS) attacks. An empty index file has been added to the plugin directory so that servers that are configured to show the contents of directory when no index file exist will no longer show potential hackers what plugins are located in the directory that they could attempt to exploit.
A full lists of changes in 2.8 is available at the WordPress Codex.
According to a post by Matt Mullenweg on the WordPress Blog possible improvements in versions 2.9 and 3.0 include “improved media handling, better dependency checking, versioning of templates and themes, and of course the fabled merging of WordPress and MU.” Version 2.9 will also requireMySQL 4.1.2 or higher, up from the current requirement of 4.0.
Bing Launch Increases Microsoft’s Search Activity
Comscore today released preliminary data that shows that Microsoft’s search activity in the United Sates has increased following the release of Bing. From June 2 to June 6 Microsoft’s share of search was 11.1 percent up 2 percentage points from May 26 to May 30, according to Comscore. During the same periods the amount the average daily amount of searchers who used Bing increased 1.7 percentage points to 15.5 percent. Bing started to become available on June 1 and officially launched on June 3. Comscore also indicated that the increase “held relatively steady” during the measured period. The gains are not unexpected, due to attention the launch has received and Microsoft’s advertising campaign.
Online Advertising Dropped 5 Percent in First Quarter
Online advertising revenue was 5.5 Billion U.S. dollars in the first quarter, a decrease of 5 percent over the same period last year, according to a report by the Interactive Advertising Bureau and PricewaterhouseCoopers. This is the first time since 2002 that there has been a year over year decrease in revenue. First quarter revenue was 11 percent lower than the fourth quarter of 2008.
Developer Preview of Google’s Chrome Released for Mac and Linux
Google has released the first version of their web browser Chrome for Mac and Linux, plans these were announced last September when Google introduced the Windows version of Chrome. The version released is “developer preview,” Google’s destination for releases that are least stable and designed for testing new features. The version released is missing many of the features currently available in the Windows version. The missing features including Flash support, modifying privacy settings, and printing. The Mac version requires an Intel CPU and Mac OS X 10.5, the Linux version currently requires Ubuntu or Debian, with support for other Linux distributions planned.
Microsoft Begins U.S. Television Campaign for Bing
Microsoft will begin a U.S. television campaign this evening to promote Bing, which was also officially launched today. The first ad will promote that users currently experience “search overload,” getting too much information and not the answers they need. Several weeks later a second set of ads will begin running which will dramatize “what it would be like if people had to talk to their partners or friends the way they do to a search engine” according to a News.com article. News.com also reports that next month Microsoft begin running ads that promote specific types of searches, such as travel search and that Microsoft will also be promoted Bing with online ads. Microsoft has been reported to be spending around $100 million on the ad campaign.