WordPress 2.1.1 bad, WordPress 2.1.2 good

It’s a little late to be posting this, and my vision is slightly blurry from passing out on the couch. Still, just checked a few sites and some folks are passing this word on. I figure that I should pay it forward as well. Ugh… Did I just use a crappy Hollywood reference?

If you’ve upgraded to the world of WordPress 2.1.1, you are in considerable danger. Nothing life threatening, but before some dude from Turkey cracks into your blog, you need to update your installation to version 2.1.2.

A hacker was able to add a vulnerability to the version of 2.1.1 that was pushed out about a week or so ago, but those still in the world of 2.0.x are fine for now. Essentially, it was a back door that got in by some dude who really, really sucks. So do the right thing and get yourself covered. I’m sure they are trolling for whatever they can get into as you read this.

Max Headroom: TV pirate

Max Headroom TV PirateA story that I caught over on BoingBoing has me fascinated. The basic low down is that one night in November of 1987, a couple of TV stations in the Chicago area were hijacked of their signals. This means that someone had the right knowledge and equipment to pull off this amazing stunt. For a brief period of time, people were treated to a guy in a Max Headroom[wiki] mask with a moving background and garbled audio.

You can see the event transpire on WTTW[wiki] as it actually aired during an episode of Doctor Who[wiki] via this YouTube link. I know that if I would have caught this in 1987, when I was nine, I would have been creeped out. Below is a CBS news report detailing the event[wiki].

The fine for a prank like this from the FCC isn’t cheap, and the “masked man” was never found. Getting onto WGN[wiki] is what really blows my mind. Even though that attempt didn’t last very long, you’d have to be close by to get it to work. However, you think someone would notice a bunch of people hauling large pieces of broadcasting equipment around. Also, you can see in both of these video examples that there was at least another person who helped pull this off. Curious that after nearly twenty years, the secret has remained safe.

The BoingBoing post goes on to point to other links that further the background of this story, and I’ll post them here as well because they are nothing short of incredible pieces of underground history. Damn Interesting has an article about the event itself, especially a closer look at the audio from the signal hijack of WTTW. Signaltonoise offers further background on the incident involving Captain Midnight’s hijacking of HBO in the year prior[wiki], which the CBS report mentions above.

I instantly sent this to my former chief engineer at WSUI because he eats up this stuff just like I do. Jim has some experience dealing with the realm of TV as well as radio, and we both worked in tandem with a bunch of TV guys. Of course, he still does.

X on CheneyAs much as TV is changing to a more IP delivered system, you know that this will inspire someone to try something just as daunting. They go to great lengths to keep those systems closed, but nothing is ever secure enough to someone who really wants to stir something up. Just look at what happened during an airing of a press conference with Dick Cheney on CNN in November of 2005. A producer exercised their feelings about him by slapping a big “X” graphic on his face during the live feed, and CNN dropped the producer when it was discovered to not be an accident or technical error.

The human will is a marvelous thing, and this is the most incredible element in all of this. Fines and security won’t stop someone who really wants to stir things up. I would bet that this got a lot harder to do, especially after 1987.

Hackers got into MG.org

MG.org This pisses me off to no end. Being a recent victim of a hacker myself, I can totally sympathize to as to what happened to Matthew Good. In fact, there’s a little bit of my help that I gave him that was a victim of an attacker to his site as well. Good needed some help getting PodPress to work on his site, so I was more than happy to help him out. None of that seems to matter a whole hell of a lot now.

I’m not sure what the complete story is, but the hack seemed to go deeper than just getting into WordPress and making a stupid post, like what happened to me. According to a post by his friend Sonny, another person who has helped him on numerous aspects of his site, files were compromised and are missing. I really liked the recent design to his site, but all of that is lost.

I’ve always been one to proceed with restraint, but right now, lynch mob is the phrase that immediately comes to mind.

NPR.org hacked or letting something slip?

NPR.org hacked?Just as I was heading towards bed last night, I made a last dash through my RSS feeds on Vienna. A headline on one NPR.org feeds read, “series hub!” Click on the preview and the body simply said, “It’s almost 1 BIOTCH”. Opening the link to the page, I get the image you see to the left. Click on it to see the full size.

Either NPR.org got hacked or some one is working on a project behind the scenes that shouldn’t have been available to the public. Nothing huge, but I found it interesting enough to grab a capture of and share.

My blog was hacked

When I woke up this morning, I went to delete a spam comment that got through my defenses, but WordPress wouldn’t let me log in. I tried my login and password a few different times and got nothing. That’s when I started to get that feeling. You know that one I’m talking about?

“This site hacked by” whatever the name was. I’m kicking myself for not getting a screenshot of it, but there was a large wolf image with some language that I was unfamiliar with. There was also a sound file that was posted along with it. It started out with some deep voiced man saying something very foreign, followed by some drums and horns. I was still sleepy eyed and increasingly pissed off that I didn’t take in all the details.

I was able to work around WordPress and get into the SQL database, delete the post, and get my user accounts reset. On top of that, I was running WordPress 2.0.3. I might have waited too long to do the 2.0.4 upgrade that apparently had some “important security updates”.

I’m not sure how this person hacked my site, but everything seems to be back to normal. I’ve done all the neccesary steps. Backed up my site, changed all my passwords, and done needed upgrades. All this after being knocked down with a troubling sinus cold thing all this week, this morning being the first day that I’ve woke up and actually felt good. I’m totally going running right now because that’s a lot better than punching a wall.

Update: Rebecca was able to grab a screenshot of it this morning and has it on this post.