LHC not haX0red- shock

My understanding of the Large Hadron Collider could be written in longhand on the back of a postage stamp and there would still be a sizable space for you to lick it without getting your tongue covered in ink.

However, I’m pretty certain that it doesn’t operate over the internet.

There’s a black hole of non-connectedness between the LHC and a website that reports on it. Although you might not immediately assume this to be the case, if you are a journalist. Someone has hacked a Cern discussion website. This was presented almost as if it was a near miss hack of the LHC.

Hackers claim there’s a black hole in the atom smashers’ computer network
Hackers have broken into one of the computer networks of the Large Hadron Collider (LHC). …..
The work of the scientists was not derailed and insiders scoffed at claims that the hackers were “one step away” from the systems controlling the experiment itself.

Of course, it is always possible that CERN are running a public webserver off the same computer that it uses to control the LHC. Just almost off the scale of “unlikely”…..

It truly would be “one giant step for mankind” if you could make elementary particles collide by writing really elegant php code.

Wittering on about blog spam again

This blog feels slightly shortchanged in the weird searches department. For example, if you look at HjHop’s site, he gets searches that are bizarre enough for him to make a funny feature of them.

Search engine choices that bring unsuspecting people here are generally just odd. Not entertaining, just odd. Normally, there are between 5 and 15 for Schwarzenegger (?) and similar numbers for pictures of guns. (??????) Sometimes, castles come top, usually Bodium castle – but there were only 7 searches for this today. Today’s search referrals also included Rorschach (?7) art and fine art, (?6) and (?5). 5 Fruit and veg is normally a front runner but came nowhere today. I defy anyone to make a readable post out of that lot.

I suspect noone has ever been directed by a search engine to what we fondly believe is the normal content of our posts.

But this blog could acquit itself well, if it ever gets in a competitive event relating to volumes of blogspam. According to WordPress stats for this blog, there have been 2,624 approved comments but

Akismet has protected your site from 13,409 spam comments already

Akismet doesn’t even cover the whole life span of the blog and it’s probably been reinstalled a couple of times – hence, reset to 0 – but even on these figures, that’s a good few times as many spam comments as there were legit ones.

There are clearly spam fashions. I quite admire the craftsmanship involved in the ones that have generic phrases designed to flatter you into allowing the comment through the filter:

Love your blog. I’ll bookmark it and return later.

or the old favourite from last year, with words to the effect that:

I didn’t quite understand what you said on [insert name of blog] but I’m interested to know more.

However, it’s as if the heart has gone out of the spammers. This week’s “new black” for spam seems to involve sending some random syllables, occasionally with a load of links:

qkncihdf tjnprcd mitqlanp oznqx eaqrpzu imfwatulo sjmxrqgh

for example. Or, what about this, where even the links don’t make an effort to disguise their innate spammishness, let alone entice the unwary with promises of free meds or unfeasible bodily expansion?

biprong unbrimming martinetism bosn amative biota spongida expectingly
ziafm wnwwqwuy
ktuhbdk info
uosgu wcmqjs
kxrrd qzfkagqn

What’s going on? There are eleven of these in the Akismet spam queue today. Not one has an English word in it.

The Register had a long security post about blogspam, on Friday. The article was about a malware scam that claims to take the user to various legit sounding places.

Over the next several weeks I noticed a lot more of these, not only pointing to Google but also to Yahoo and MSN. The servers they pointed to all had the same basic structure, such as google-homepage.google-us.info, msn-us.info, yahoo-us.info, etc. Every one resolves to the same IP address: That IP address is registered to Piradius.net in Singapore. The server appears to be hosted out of Kuala Lumpur. The domains, however, are registered in Ukraine:

(They’ve all moved since the article was written, of course.)

The rest of the article is fascinating. Click on one of these imaginary images and they run an executable. The article shows a series of legit looking screendumps, with the alerts very well designed. They put the fear of malware into you and offer you apparently Microsoft-approved solutions. There’s even a blag Microsoft Security Centre. The only intrinsic design flaw was that it said XP Security Centre, which was immediately suspicious to someone running Vista.

I’m as much of a mug as anyone. I just hope I haven’t fallen for any of these…….

One thing I’m pretty sure this blog been subject to (thanks to Firestats’ fund of fascinating information on referrers) is a hack of restricted WordPress content using the Google cache. It just involves asking for things from the cache by modifying the url request string. (I’ve done that by accident I suspect)

That password-protected site of yours – it ain’t
It’s one of the simplest hacks we’ve seen in a long time, and the more elite computer users have known about it for a while, but it’s still kinda cool and just a little bit unnerving: A hacker has revealed a way to use Google and other search engines to gain unauthorized access to password-protected content on a dizzying number of websites.

We don’t have any restricted or pay-per-view content,so no loss as far as this blog is concerned. But, it’s sort of blog-validating to be in there in a “dizzying number.” 🙂

Security Madness

We at WhyDontYou would never consider suggesting people had insecure computers when it comes to dealing with their work, or personal data, but there comes a point at which madness takes over.

For example, today I was give access to an IT system by my employer. Being very zealous at the thought of evil people from the internet getting access, they have instituted quite strong policies when it comes to people being able to access data. Amazingly, some IT guru has convinced them of the need for all users to have very strong passwords. This has translated into a policy which requires all passwords to be 14 characters long, have a mix of upper/lower case letters and numbers, not include your user name or common words (whatever that means) and not be the same (or a variation of) any of the last 36 passwords. Passwords must also be changed every 30 days.


At first I thought it was just me, but upon asking around my workplace there is no one who claims to be able to remember their random string of gibberish password. Almost every one eventually admits to writing the password down and either carrying it with them or leaving it by the terminal.

Now, it strikes me that this pretty much undermines the point of having the password in the first place… In the quest for Fort Knox style security, my employer (or at least the BOFH IT team) have largely undermined everything. Isn’t technology great?

[tags]Computers, Technology, Security, IT, Hacking, Corporate Culture, Culture, Logic[/tags]

WordPress Security Problem

This is from the WordPress development blog and worth noting if you run WordPress as your blog software:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

This is the kind of thing you pray never happens, but it did and now we’re dealing with it as best we can. Although not all downloads of 2.1.1 were affected, we’re declaring the entire version dangerous and have released a new version 2.1.2 that includes minor updates and entirely verified files. We are also taking lots of measures to ensure something like this can’t happen again, not the least of which is minutely external verification of the download package so we’ll know immediately if something goes wrong for any reason.

Finally, we reset passwords for a number of users with SVN and other access, so you may need to reset your password on the forums before you can login again.