Google launches a program to alert thousands of Webmasters using Google Webmaster Tools that they are using an out-of-date version of WordPress, a popular blog publishing application. The move serves as a reminder of the importance of using current versions of software and applications to ensure security.
has taken a different tack to improve Web security-it's going to the
Web site owners directly.
The effort, announced by Google Oct.16, is a way for Google to warn
Webmasters that their sites are vulnerable to hackers.
According to Google,
the test will focus on 5,000 to 6,000 Webmasters using Google Webmaster Tools
and will notify them if they are using an old version of WordPress.
Google Webmaster Tools is a set of free products designed to help Webmasters
make their sites more Google-friendly. For example, the tools can be used to
provide metrics to show what the top queries are that are driving traffic
to a site.
"WordPress generates meta tags on their site... and it basically just
identifies the version of WordPress that the sites are running," explained
Jay Nancarrow, a spokesperson for Google. "When we crawl those sites we're
able to view those meta tags, and this is basically just an opportunity for us
to give a heads-up to Webmasters ... that they are running this version that has
been identified as potentially having vulnerabilities."
Click here to read about why Google is downplaying concerns about security issues tied to cross-domain Web application sharing.
Google's effort also serves as a reminder to Webmasters and others that it
is important to keep software and applications up-to-date. This test is aimed
specifically at users of Version 2.1.1 of WordPress-a version known to be
vulnerable. In 2007, it was made public that a hacker had gained user-level
access to one of Wordpress.org's Web servers and modified code for
WordPress 2.1.1 to allow for remote PHP execution. The issue was addressed with
the release of WordPress 2.1.2.
Google has left open the possibility of expanding the testing program to
other types of software on the Web. The messages about the current test are
expected to go out Oct. 21.
"We will be leaving messages for owners of
potentially vulnerable sites in the Google Message Center that we provide as a free service as part of
Webmaster Tools," said a post on Google's Webmaster Central Blog. "If
you manage a Web site but haven't signed up for Webmaster Tools, don't worry.
The messages will be saved and if you sign up later on, you'll still be able to
access any messages that Google has left for your site."