Category Archives: Uncategorized

The “Devil’s Handwriting” cipher first appeared in 1539, reproduced in a book by Teseo Ambrogio Albonesi: and, of course, nobody has yet managed to read even a word of it.

But for a short time in the mid-17th Century, oddly enough, it became hugely famous when a copy of Albonesi’s book held by Queen’s College was proudly shown to the newly-Restored Charles II (along with the Queen and the Duke and Duchess of York) on a visit to Oxford on Michaelmas Day 1663. It was the talk of court; and the matter of a small bribe to persuade someone to bring the book out on display became a necessary evil for tourists working their way around Oxford’s wondrous historical sights.

The Devil’s Handwriting then found use a kind of cipher mystery meme: that is, in much the same way that netizens now occasionally use the Voynich Manuscript as a handy metaphoric brick to virtually lob at things they deem incomprehensible, a 1674 poem by Thomas Flatman uses the Devil’s Handwriting to disparage the allegedly impenetrable poetry of Sam Austin of Wadham College:

“We with our fingers may your Verses scan,
But all our Noddles understand them can
No more, than read that dungfork, pothook hand
That in Queen’s Colledge Library does stand.”

[And in fact in 1743, Johann Christian Götze (describing Albonesi’s book) used almost exactly the same phrase to describe the shape of the Devil’s Handwriting’s letters: Mist-Gabeln. Nice.]

Another Oxonian poem (this time from 1746) celebrates rather than execrates the cryptogram:

A dark, oracular, mysterious scrawl:
Uncouth, occult, unknown to ancient Greece,
The Persian Magi, or the wise Chinese.
Nor runic this, nor Coptic does appear;
No, ’tis the diabolic character.

All in all, I think it fair to say that, circa 1665, while the Voynich Manuscript was still on its way to Athanasius Kircher’s to begin a multi-century sleep in Jesuit trunks, the most famous cipher mystery in the world was actually… the Devil’s Handwriting. Just so you know.

PS: I’ve added a page to the Cipher Foundation website containing all the above references to the Devils’ Handwriting.

On Roald Dahl Day 2013

Raise a toast to that Roaldest of Dahls
Whichever world language tu pahl
His witches and twits
And chocolate-based skits
Delight children from here to Nepahl

Lift your glass to that Roaldest of Dahls
Whatever your lodge or cabahl
Read his books and you’ll learn
That his twists and his turns
Are intriguing and never banahl!

— Nick Pelling

As quite a few of you already know (because you emailed to tell me, thanks!) Cipher Mysteries’ WordPress hosting got hacked again. Unfortunately by the time I’d downloaded the access logs from the server (the next day), all the nasty activity was too far back in the buffer to see exactly where it came from. Next time I’ll try to remember to be quicker!

I first had a look around with the Cpanel File Manager, as I initially expected the attack to have originated from a compromised file in the file system. I did find a backdoor php file inserted into ./wp-content/uploads, which from the file date was probably left there by the previous (Bangladeshi) hacker: but nothing else, which was a bit strange. So I reinstalled WordPress 3.5.1, fired it up, and… it was still hacked.

Appallingly, it turned out that the hacker had managed – despite my firewall & security plugins – to change some fields in the local database itself. Basically, he (I’ll call him “him”, for I’ve read that hacking is a largely male subculture) changed three entries in the WordPress wp_options table:-

1. blog_charset (which he changed from “UTF-8” to “UTF-7”)
2. blogname (which he overwrote with a load of script kiddie stuff)
3. widget_text (which was filled with a load of escaped script kiddie stuff)

The most irritating hack was #3, as I could tell it was in JavaScript (hint: disable JavaScript and the problem disappeared) but couldn’t see what file had been changed. And in fact none had, because the script was inserted into a field in the database.

The most interesting hack was #1, because it wasn’t at all obvious to me why changing the charset to UTF-7 would be of benefit. But it turns out that this is a longstanding way of attacking databases (which expect UTF-8, and can be vulnerable to carefully crafted UTF-7 strings causing mySQL to do unexpected things). Here’s a page mentioning this weakness. Just so you know, IE9 doesn’t seem to support UTF-7 satisfactorily, which also had me confused for a while. *sigh*

The hacker may also have made other changes to the database, but I don’t know of any way to see a history of recent mySQL accesses from within WordPress… now there’s an idea for a forensic plugin that would be really useful. Or a Cpanel add-on. Or something.

How did the hacker get in? My guess is by exploiting a just-after-zero-day vulnerability in WordPress 3.5.0, as I hadn’t quite got round to upgrading to 3.5.1, what with work and real life inevitably getting in the way.

Unfortunately, I have no real faith that I’ve solved the problem. Chances are another vulnerability will open up before very long and we’ll go through the same rubbishy process all over again. C’est la vie (du blogging).

I got back from holiday yesterday to find that ciphermysteries.com’s hosting account had silently been suspended. Aargh! webhostingpad claimed that there had been a “load spike” for the home page… but… here are the stats for the site:-

Having been well and truly Slashdotted before, I can say that that ain’t no spike. So, I’m very sorry for the brief interruption to service, but hopefully all is well now!

Apparently this is a real gravestone in the Notre-Dame-des-Neiges Cemetary in Montreal, for 54-year-old John Laird McCaffrey who died in 1995:-

Yes, it does seem to say exactly what you think:-

JOHN

FREE YOUR BODY AND SOUL
UNFOLD YOUR POWERFUL WINGS
CLIMB UP THE HIGHEST MOUNTAINS
KICK YOUR FEET UP IN THE AIR
YOU MAY NOW LIVE FOREVER
OR RETURN TO THIS EARTH
UNLESS YOU FEEL GOOD WHERE YOU ARE!

       MISSED BY YOUR FRIENDS

Blogger RctIfy has the scoop on the story behind it here.

Two more Voynich novels (both by debutant novelists) for our Big Fat List, one from late last year and one just about to come out…

First up there’s Harold W. Allen’s (2009) “The Renaissance Manuscript: A Novel Concerning the Origin and Meaning of the Voynich Manuscript“, which I have to say seems to be competing against Kennedy & Churchill’s “The Voynich Manuscript: The unsolved riddle of an extraordinary book which has defied interpretation for centuries” for some unknown maximally prolixitous book title award. It’s as if the 20th century never happened… Anyhow, Allen’s book is (presumably self-)published by “Yoyodyne Press”: though you may (as I did) possibly recall Yoyodyne from the example given in the Gnu General Public License (“Ty Coon, President of Vice… Yoyodyne Inc“), until recently I didn’t know that it was originally the made-up name of a giant Californian defence (sorry, “defense”) contractor in Thomas Pynchon’s (1963) novel “V”. Just so you know too.

Oh, and I forgot to precis Allen’s plot: a smalltown medieval history professor, his ex-girlfriend, and a Chicago inner-city teacher collectively attempt to work out who killed the professor’s best friend by tracing the origins of the Voynich Manuscript back to Babylonia and the Garden of Eden armed only with some puzzling pornographic emails, while being chased by a bunch of (presumably black-clad) three-letter-agencies and with the fate of the world hanging in the balance. As they say in Lahndahn, wudja Adam an’ Eve it? Review in due course (though I’m not necessarily expecting anything too Pynchonesque, but perhaps I’ll be surprised).

And finally, there’s Author Brett King and his historical mystery rollercoaster novel “The Radix”, due for release on 27th April 2010. Appreciative quotes from big-hitters James Rollins, Steve Berry and Jeffery Deaver, good quality cover photography and a solid-looking website, so it’s definitely supposed to look substantial. Its plotline runs:-

For centuries, the Radix existed in rumor and secrecy. Saints whispered its legend. Alchemists craved its power. Armies fought and died to possess it. Five hundred years ago, it vanished from the earth. History’s greatest mystery, lost to the ages.

And now (to nobody’s surprise) the Radix is back, a root hotly pursued by questing “government agent John Brynstone” (who presumably has a flame-haired partner called Jane Fyre? Hmmm… maybe not.), probably driven by his own personal demons to uncover the no doubt cataclysmically powerful ancient secret hidden in the VMs. Again, we shall see if Brett King’s story overcomes all this airport novel baggage