security@wordpress.org
Give them any details you can such as server logs etc.
Well, I spent several hours working out what the hackers did and then even more time compiling a decent report that I sent to security@wordpress.org but I’ve heard nothing since.
No thanks, no confirmation, no nothing.
I’m beginning to think I wasted my time if I’m not being taken seriously. in fact, if the security team do not take my report seriously what chance is there of having secure WordPress software?
Most likely all the developers are tied up with working on the new 2.5 release.
We analyze security issues. I didn’t want to leave my e-mail address here. So I went to your website (milonic.com) and kindly requested your information by using the contact form. But I’ve heard nothing since.
No thanks, no confirmation, no nothing.
I also feel that I wasted my time.
OH – Was that you!!!
That message looked WELL dodgy – looked as though somebody wanted me to send them the details so they could publish it and use it themselves for hacking. Hence It got deleted.
Still looks dodgy, so does your reply here.
Are you legit then?
LOTS of ppl “investigate” security issues — take it from someone who knows better — wait and give the info to someone that represents WordPress.
