Yesterday the WordPress team announced a new version of WordPress, the blogging software that powers this site, that resolves a couple security issues. So me, being the security conscious person that I am, decided I had to upgrade, that was a two hour adventure.
Due to some of the unique aspects of my theme, I’ve had to modify some of the core WordPress files, that turned out to be a bad idea. I had to convert all of the PHP & JS files to DOS format (after finding a Windows version of unix2dos) and then convert the diff file to DOS format, then the patching began. Getting the patch to apply to my modified files turned out to be an interesting experience, to say the least. Though after about 30 minutes of tweaking, the patch finally applied cleanly.
All in all, it took a little more than two hours, but now I’m secure again. π
Note: This was written in 2012, but not published at the time. The point is still valid, perhaps moreso than ever and deserves to be made publicly. The content has been updated as appropriate, though the core of this article remains intact from the 2012 draft. I would like to note that this doesn’t apply to every environment, there are some where developers are very knowledgeable about security, and write code with minimal issues β my current employer happens to be one of those rare & exciting places.
For the second year I am publishing a year-in-review β something I had generally avoided in the past, as the tone of these posts is typically just cynicism and negativity. Looking back at 2015, it wasn’t all positive (what year is?), but there was certainly some good, and there are great things to look forward to.
In a season filled with empty marketing pitches, worthless predictions, and pointless projections β it’s important to look at the good and avoid the cynicism overload that is all too common.
E-Mail, the venerable old standard for internet text messages, dating back to the early 1980s β and back to the early 1970s in other forms, has long been the “killer app” of the internet. While so many companies try to make the next great thing that’ll capture users around the world β none of these compare to the success of e-mail. It is likely the single most entrenched application-layer protocol used today.
Primum non nocere (first, do no harm) β an iconic phrase in modern medicine, yet also applicable to many other fields. This is something I wish more people would think about, developers especially β and primarily when writing new APIs. In general, developers don’t have an impressive history with security β quite frankly, developers suck. Seeing as I consider myself a developer, that’s painful to admit.
Chris AndrΓ¨ Dale posted an interesting article some time ago that got me thinking: Why it’s easy being a hacker: A SQL injection case study β Chris pointed out the problems with educational material that developers are using, and just how bad the examples are.
As Shapchat has increased in popularity, I’ve been asked several times to revisit my Snapchat API & Security post, to address the changes that they made in response to my complaints. So, here is it β sorta.
I started making detailed notes and looking at the changes they made β but yesterday @tlack made that mostly irrelevant with his release of Snaphax, a PHP library to interact with the undocumented Shapchat API.
