Category Archives: Uncategorized

As quite a few of you already know (because you emailed to tell me, thanks!) Cipher Mysteries’ WordPress hosting got hacked again. Unfortunately by the time I’d downloaded the access logs from the server (the next day), all the nasty activity was too far back in the buffer to see exactly where it came from. Next time I’ll try to remember to be quicker!

I first had a look around with the Cpanel File Manager, as I initially expected the attack to have originated from a compromised file in the file system. I did find a backdoor php file inserted into ./wp-content/uploads, which from the file date was probably left there by the previous (Bangladeshi) hacker: but nothing else, which was a bit strange. So I reinstalled WordPress 3.5.1, fired it up, and… it was still hacked.

Appallingly, it turned out that the hacker had managed – despite my firewall & security plugins – to change some fields in the local database itself. Basically, he (I’ll call him “him”, for I’ve read that hacking is a largely male subculture) changed three entries in the WordPress wp_options table:-

1. blog_charset (which he changed from “UTF-8” to “UTF-7”)
2. blogname (which he overwrote with a load of script kiddie stuff)
3. widget_text (which was filled with a load of escaped script kiddie stuff)

The most irritating hack was #3, as I could tell it was in JavaScript (hint: disable JavaScript and the problem disappeared) but couldn’t see what file had been changed. And in fact none had, because the script was inserted into a field in the database.

The most interesting hack was #1, because it wasn’t at all obvious to me why changing the charset to UTF-7 would be of benefit. But it turns out that this is a longstanding way of attacking databases (which expect UTF-8, and can be vulnerable to carefully crafted UTF-7 strings causing mySQL to do unexpected things). Here’s a page mentioning this weakness. Just so you know, IE9 doesn’t seem to support UTF-7 satisfactorily, which also had me confused for a while. *sigh*

The hacker may also have made other changes to the database, but I don’t know of any way to see a history of recent mySQL accesses from within WordPress… now there’s an idea for a forensic plugin that would be really useful. Or a Cpanel add-on. Or something.

How did the hacker get in? My guess is by exploiting a just-after-zero-day vulnerability in WordPress 3.5.0, as I hadn’t quite got round to upgrading to 3.5.1, what with work and real life inevitably getting in the way.

Unfortunately, I have no real faith that I’ve solved the problem. Chances are another vulnerability will open up before very long and we’ll go through the same rubbishy process all over again. C’est la vie (du blogging).

I got back from holiday yesterday to find that ciphermysteries.com’s hosting account had silently been suspended. Aargh! webhostingpad claimed that there had been a “load spike” for the home page… but… here are the stats for the site:-

Having been well and truly Slashdotted before, I can say that that ain’t no spike. So, I’m very sorry for the brief interruption to service, but hopefully all is well now!

Apparently this is a real gravestone in the Notre-Dame-des-Neiges Cemetary in Montreal, for 54-year-old John Laird McCaffrey who died in 1995:-

Yes, it does seem to say exactly what you think:-

JOHN

FREE YOUR BODY AND SOUL
UNFOLD YOUR POWERFUL WINGS
CLIMB UP THE HIGHEST MOUNTAINS
KICK YOUR FEET UP IN THE AIR
YOU MAY NOW LIVE FOREVER
OR RETURN TO THIS EARTH
UNLESS YOU FEEL GOOD WHERE YOU ARE!

       MISSED BY YOUR FRIENDS

Blogger RctIfy has the scoop on the story behind it here.

Two more Voynich novels (both by debutant novelists) for our Big Fat List, one from late last year and one just about to come out…

First up there’s Harold W. Allen’s (2009) “The Renaissance Manuscript: A Novel Concerning the Origin and Meaning of the Voynich Manuscript“, which I have to say seems to be competing against Kennedy & Churchill’s “The Voynich Manuscript: The unsolved riddle of an extraordinary book which has defied interpretation for centuries” for some unknown maximally prolixitous book title award. It’s as if the 20th century never happened… Anyhow, Allen’s book is (presumably self-)published by “Yoyodyne Press”: though you may (as I did) possibly recall Yoyodyne from the example given in the Gnu General Public License (“Ty Coon, President of Vice… Yoyodyne Inc“), until recently I didn’t know that it was originally the made-up name of a giant Californian defence (sorry, “defense”) contractor in Thomas Pynchon’s (1963) novel “V”. Just so you know too.

Oh, and I forgot to precis Allen’s plot: a smalltown medieval history professor, his ex-girlfriend, and a Chicago inner-city teacher collectively attempt to work out who killed the professor’s best friend by tracing the origins of the Voynich Manuscript back to Babylonia and the Garden of Eden armed only with some puzzling pornographic emails, while being chased by a bunch of (presumably black-clad) three-letter-agencies and with the fate of the world hanging in the balance. As they say in Lahndahn, wudja Adam an’ Eve it? Review in due course (though I’m not necessarily expecting anything too Pynchonesque, but perhaps I’ll be surprised).

And finally, there’s Author Brett King and his historical mystery rollercoaster novel “The Radix”, due for release on 27th April 2010. Appreciative quotes from big-hitters James Rollins, Steve Berry and Jeffery Deaver, good quality cover photography and a solid-looking website, so it’s definitely supposed to look substantial. Its plotline runs:-

For centuries, the Radix existed in rumor and secrecy. Saints whispered its legend. Alchemists craved its power. Armies fought and died to possess it. Five hundred years ago, it vanished from the earth. History’s greatest mystery, lost to the ages.

And now (to nobody’s surprise) the Radix is back, a root hotly pursued by questing “government agent John Brynstone” (who presumably has a flame-haired partner called Jane Fyre? Hmmm… maybe not.), probably driven by his own personal demons to uncover the no doubt cataclysmically powerful ancient secret hidden in the VMs. Again, we shall see if Brett King’s story overcomes all this airport novel baggage

For the first time in weeks, I had a spare hour to myself last night – and it just happened to coincide with the screening of “Micro Men” on BBC4, a dramatization of the Acorn vs Sinclair personal computer wars of the early 1980s. Particularly poignant for me, because I wrote two of Acornsoft’s early BBC Microcomputer games – in fact, the “Arcadians” retail box appeared on-screen once, as did an “action” (hah!) shot of my not particularly strong chess programme.

So, from the point of view of someone who was vaguely involved, was it any good? Well… I’d say basically yes: but what I most enjoyed about it was neither its depiction of Hermann Hauser’s transition to turtlenecks near the start (though admittedly reasonably accurate), nor its “they’re clever people, I’m sure they’ll think of something” (with the ARM processor feature list on the whiteboard behind) gag near the end, but instead how the drama stayed true to the basic business conflict circa 1984-1985. That is, that the two companies were so jealous of the other’s success that Acorn foolishly moved downmarket (with the Electron) while Sinclair foolishly moved upmarket (with the QL), at a time when both should have been hunkering down to weather the storm.

All the same, the sad truth was that neither company was really in touch with either its corporate customers (most of whom were in financial trouble) or its end-users (most of whom had got the bug for computer games but had nowhere to go with it). If the “curse of the science park” is to concentrate too much on what you’re making while not really listening to what’s going on outside (i.e. all “push” and no “pull”), then looking back at it all you’d have to say that both Acorn and Sinclair were thoroughly cursed. Oh well!

Just to let you know that, following the malware attack that Cipher Mysteries recently suffered, I’ve now moved the entire blog over to a completely new server. Of course, though this should have been straightforward, in practice these things always take days more than they should. Oh well!

To tell which of the two versions you’re looking at, I’ve tweaked the colour of the top picture from blue to green – so if it’s blue, you’re looking at an old (cached) version. Green good, blue bad. 😉

Doubtless the malware warning will linger in places for a few more days, but thankfully Google itself has already dropped the malware warning: by the weekend everything should be just about back to normal. Sorry for the disruption to your surfing, this was due to events beyond my control, yada yada yada. *sigh*

Just a quick note to Cipher Mysteries email subscribers (and if you’re one of those 20-odd people who seem to drop by nearly every day but without actually subscribing – why not have new posts appear in your inbox? It costs nothing, just click on the box at the top right or get the Cipher Mysteries RSS feed through a feed reader.) 

You may have noticed that the free service I use to email the current day’s post is from FeedBurner (which was not so long ago acquired by Google). However, despite the fact that there are a quazillion WordPress bloggers out there, FeedBurner’s WordPress integration remains a bit on the thin side.

A few days ago, I made a tentative first step towards fattening this up, by writing my own WordPress Comment “FeedFlare” (a tiny script that uses XML-based transformation magic to do handy things). So, email subscribers should now see a clickable Click Here To Leave A Comment On The Blog! link at the bottom of new posts – clicking on this should take you directly to the “Leave A Comment” section at the bottom of that post, directly on the website.

If I could automatically fill out the fields on the form for you, I would: but this isn’t something that FeedBurner / FeedFlare can currently do, unfortunately. Like I say, support is s bit thin. 🙁

Just to let you know that the normal summer “news drought” appears to have arrived a little early this year – apart from a couple of shiny new Voynich theories working their way through the pipeline and some long overdue book reviews to write up (most notably Christopher Harris’ novel “Mappamundi”), there’s really nothing much happening.

So… please don’t be unduly alarmed if your daily Cipher Mystery fix fails to arrive – it’s the world’s fault, not mine. 🙂