Wow, a pretty serious one this.

 Version 1.3 of BlogEngine.NET has a security flaw that allows an attacker to view the source code of any file in your blog directory. Update: Make that any file on your website, not just in the blog.

This includes your web.config file, sql.config file and the scariest of all, the users.xml file.

This is the file that, if you're using the default data provider (XML) holds all the user login details for your blog. That's right, admin usernames and passwords, in clear text.

This vulnerability is already in the wild and a quick search on Google reveals about 185, 000 results. That's a lot of vulnerable blogs.

 There's already a patch for this flaw, but it seems that the download link might be broken. In the meantime, as a temporary fix, you could probably rename the users.xml/sql.config file to something different i.e. hard to guess. But if you want to keep your blog online, your web.config is still going to be visible, so make sure there's nothing sensitive in there.

Wow, I've not posted in absolutely ages, which just shows how interesting my life is.

There's been zero fly fishing for months, and all the web development stuff has just been boring stuff for work.

However, BlogEngine.NET has been recently updated to a new version, and now supports Widgets, whatever those are. What caught my attention was a Twitter widget. Now, I've heard about Twitter before, but never really bothered with it because it seemed pretty pointless. The basic gist of it is that it's a service that allows you to tell people what you're doing at that exact moment:

Twitter is a service for friends, family, and co–workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?
 

Why someone would want to know what I'm doing at that particular point in time is beyond me, unless they're intent on stalking me or something. So yeah, I think I might download the latest BlogEngine.NET and give this Twitter malarky a go. I'm sure complete stranger will appreciate being able to follow my every move, especially when they only come here for the TV links post.