Careful what you post online, be very careful.

Steven J. Murdoch , a security researcher at the University of Cambridge Computer Laboratory recently had his WordPress blog hacked. The hacker created an administrator account on the blog. However Steven quickly deleted it. He then began investigating how this happened. In the process of doing this he was curious about the password that the hacker used.

WordPress stores raw MD5 hashes in the user database. It is believed to be computationally infeasible to discover the input
of MD5 hash from an output. Someone would have to try out all
possible inputs until the correct output is discovered.

Steven looked at various lengthy methods of uncovering the password, but in the end he turned to Google. It seems that many sites use hashing for query strings. His search led him to a genealogy page with the surname of Anthony. Bingo, this was indeed the password.

More detail can be found in his original posting about Google as a password cracker.

Bookmark to:

Here are some very sucinct tips for growing your website's reader base.

5 Things That Will Improve Your Web Site Traffic (Plus 1 to Avoid)

Webworker Daily - 9/10/2007

Bookmark to:

WordPress 2.3 Beta 1 is now available for download and testing. Some of the features of 2.3 include automatic notification for plugin and core code version updates, built-in tags support, faster javascript, and SEO-friendly URL redirection.

There have been reports of compatibility issues with a few plugins due to the changes to the category system (plugins that only used the API functions should be okay, but those that used direct SQL queries may break). Also, some file moves in the admin area have affected a few other plugins. Please report problems on Trac, and document compatible plugins on the Codex.

I've already installed the beta on one of my blogs and quite like some of the new features, such as tags and automatic notifications. In fact I already found the plugin notification useful, and upgraded one. I have also however seen some bugs. I'm looking forward to the final release. 

Bookmark to:

One of my social media enabled clients, Rebecca Caroe recently blogged about her burgeoning FaceBook profile. Reading the comments on the article she references, and many others I've come across on the internet, it would appear there are a rash of anti-cool nay sayers who are waving their red flags attempting to warn people of the "evils" of the closed model that FaceBook is.

FaceBook serves a purpose and is filling a niche that other sites such as LinkedIn are failing on. The issue is not whether one should be using either for professional verses social play, the issue is that LinkedIn is showing its age and unwillingness to adapt to the changing needs of online community members and provide the tools they want or need.

Both FaceBook and LinkedIn have their pluses and negatives, but what astounds me with this current fad for social networking sites is how some of the most seasoned internet denizens are foregoing putting real effort into their what should be their main web presence, their own websites and bemoaning what the social networks are not.

You make your website as feature rich and as socially enabled as you want. The clamour of the social tech commentators voices are calling for Glastnos, openness, Open Source goodness from these socially irresponsible networking websites. Open the APIs and let the people in to claim what is their own, their own personal information. If you truely want to claim control of your own personal information, do it on your own web space, and not that of the latest and greatest web business sky rocket.

Why is it that people feel compelled to complain about something that
they get for free? You get what you pay for. You are playing on their
space. There are those who think that these companies have a moral responsibility to bow to the every whim of the proletariat. These are the people that come to a party, but hold themselves above it, and proceed to complain loudly to everyone who will listen, that various details are amiss. If these social networks aren't doing it for you, then go elsewhere, or do it for yourself. The Open Source tools are out there.

To complete this, yes I do have a profile on LinkedIn, FaceBook, but also, Xing, Tribe, MySpace, DeviantArt, and a string of other art networking websites. The main windows on my world are this site and my art site. All of those others will always be secondary.

Bookmark to:

I have a client Rebecca Caroe of Rowperfect that I work closely with on her blog. She will often send me little tip bits of information that she comes across when surfing the internet, and asks whether it is of any benefit for her site or my other customers. There have been many times that this has been invaluable. An extra pair of eyes on the internet never goes astray.

On this occassion I was directed towards Andy Beard's post "Akismet False Positives & Spam Karma Configuration". While Andy does not actually say Spam Karma is the be all and end all for blog spam, his enthusiasm does. It may indeed warrant a closer look, however as I've noted, many people are looking for that holy grail of the ultimate spam killer, a "set it and forget it" solution.

The sad reality is that because bloggers are using freely available plugins, the very same plugins are also freely available to the programmers working for the spammers. The plugins become victims of their own success. The more popular they are the more targeted they will be. 

Towards then end of his post, Andy goes on to suggest a combination of spam filter plugins. This the best solution, a combination of filters makes your defenses less predictable and more complex for the spambots, especially if you choose your own cocktail of spam filters.

Bookmark to:

I'm a fan of WordPress. It produces clean extensible markup. It also has huge user base, and consequently a developer base also.

However, I've always found the admin rather ugly, and its navigation menu rather annoying, as I miss having the easy access to sub-pages via a drop down menu system. So after doing a little googling, I finally located two plugins which give me a look and feel that I've been craving. Tiger Style Administration by Steve Smith provided the slicker look, and Admin Drop Menus by Andy Staines provided the drop down menus

On first activation of both WordPress plugins, they don't appear compatible. After closer inspection, the solution to their happy co-existence lay in making modifications to the Tiger Style Administration CSS.

After activating the two plugins, and implimenting this modification, my client feedback was overwhelmingly positive, making WordPress far more intuitive to navigate.

 I'll post the CSS solution soon.

Bookmark to: