So there is a new wordpress hack that is running rampant right now. It is exploiting the TimThumb.php script that is commonly found in many wordpress themes, and plugins. The image resizer script “timthumb.php” has a known and very large security hole that has recently been the target of many hacks. This script is widely used in WordPress themes and plugins, as it provides a simple and quick way to resize and modify images “on-the-fly”, and is easily integrated into both themes and plugins.

What does this security compromise do?

This security hole allows the attacker to arbitrarily upload or create files and folders on a compromised account, which then can be used for a myriad of nasty things. This compromise often causes the site to be flagged as Malicious by Google, driving away customer traffic. Furthermore, it infects the database, several WordPress core files, the .htaccess file, and typically adds additional deeply-hidden “backdoor” files, intended to re-infect an account on demand.

How can I tell if my account is compromised?

Unfortunately the code and referring URL’s in the offending hack are continually updated, showing different referrers and script names periodically, making searching for this compromise either very difficult or impossible to do on a wide scale. However, there is a guide here that can be used to at least determine if your file is compromised:

http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/

There is also a tell-tale error that will appear on customer sites; they typically look like this:

Warning: Cannot modify header information – headers already sent by (output started at /home/user/public_html/wp-settings.php:332) in /home/user/public_html/wp-includes/pluggable.php on line 934

What should I do?

It is strongly advised that if you are using this script to immediately either patch the existing copy of timthumb.php or upgrade it to a version above 2.0, which are supposedly secured by it’s developers. The latest code can be found here, at the Google Code website:

http://timthumb.googlecode.com/svn/trunk/timthumb.php

Alternatively, the file can be updated without going to Version 2.0, by using a patch available here:

http://code.google.com/p/timthumb/issues/list

It would appear that a number of developers using “timthumb.php” have already updated their scripts to the safer version, or patched it with one of the available patch scripts floating around on the Internet. However, please note if the site was compromised already, patching will not fix anything. Have them check with their developers of theme vendor for a patch.

But I need my site up NOW!

You can temporarily restore functionality to the website by removing the 4 or 5 blank lines at the end of the settings.php file, but this simply allows the site to run again, versus actually remove the compromise. Because the compromise arbitrarily creates, uploads and modifies files and directories, removal can be difficult or nearly impossible for even a skilled user. In fact, the best way to recover from this is to restore a clean backup then patch your site from there.

I found this online, and think its quite amusing! Enjoy! credit to the original source.

Zack Hiwiller is a video game designer who wondered what Super Mario Brothers would look like if it were designed with today’s video game customs in mind. In eight entertaining images, he takes Mario through tutorials, achievements and Facebook sharing: things we see in most games today that weren’t even imaginable back then.

Super Mario Brothers was a first introduction to the world of video games for many of us. Back then, a video game didn’t come with tutorials – or even instructions in some cases. Of course, controls were much simpler to master on an NES than on one of today’s mega-confusing controllers…but we miss those uncomplicated days of figuring out how a new game worked.

Mario’s characteristic graphics haven’t changed in Zack’s version, but he imagines a game where you have to purchase credits to use the Warp Zone and gameplay is interrupted every few steps by a new achievement.

Although most people aren’t complaining about the modern game characteristics pointed out in Hiwiller’s illustrations, it does highlight the differences between the games of yesteryear and the highly-commercialized gaming experience of today. Mario may not have been very exciting by today’s standards, but we managed to stay entertained by the Italian plumber and the legion of baddies out to get him.

This is why NO ONE is a vegetarian, or vegan. Its all a LIE!

So I have worked in technical support for many companies over the years, and occasionally you get the caller who is adamant that their right, and we need to fix something that is clearly not our issues. Today i came across this site that has many examples of why the customer is NOT always right. Hope you can enjoy as much as I did.

The Hackers Manifesto:

“Another one got caught today, it’s all over the papers. “Teenager Arrested in Computer Crime Scandal”, “Hacker Arrested after Bank Tampering”… Damn kids. They’re all alike. But did you, in your three-piece psychology and 1950′s technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world… Mine is a world that begins with school… I’m smarter than most of the other kids, this crap they teach us bores me… Damn underachiever. They’re all alike. I’m in junior high or high school. I’ve listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. “No, Ms. Smith, I didn’t show my work. I did it in my head…” Damn kid. Probably copied it. They’re all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it’s because I screwed it up. Not because it doesn’t like me… Or feels threatened by me… Or thinks I’m a smart ass… Or doesn’t like teaching and shouldn’t be here… Damn kid. All he does is play games. They’re all alike. And then it happened… a door opened to a world… rushing through the phone line like heroin through an addict’s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought… a board is found. “This is it… this is where I belong…” I know everyone here… even if I’ve never met them, never talked to them, may never hear from them again… I know you all… Damn kid. Tying up the phone line again. They’re all alike… You bet your ass we’re all alike… we’ve been spoon-fed baby food at school when we hungered for steak… the bits of meat that you did let slip through were pre-chewed and tasteless. We’ve been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert. This is our world now… the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn’t run by profiteering gluttons, and you call us criminals. We explore… and you call us criminals. We seek after knowledge… and you call us criminals. We exist without skin color, without nationality, without religious bias… and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it’s for our own good, yet we’re the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all… after all, we’re all alike.”

This was quoted in the movie Hackers, but this is the original article that they quoted from.

Portal Cake Recipie:

One 18.25 ounce package chocolate cake mix.
One can prepared coconut pecan frosting.
Three slash four cup vegetable oil.
Four large eggs.
One cup semi-sweet chocolate chips.
Three slash four cups butter or margarine.
one and two third cups granulated sugar.
Two cups all purpose flower
Fish shaped crackers.
Fish shaped candies.
Fish shaped solid waste,
Fish shaped dirt.
Fish shaped ethyl benzene.
Pull and peel licorice..
Fish shaped organic compounds and sediment shaped sediment.
Candy coated peanut butter pieces, Shaped like fish.
One cup lemon juice.
Alpha resins.
Unsaturated polyester resin.
Fiberglass surface resins.
And volatile malted milk impoundments.
Nine large egg yolks.
Twelve medium geosynthetic membranes.
One cup granulated sugar.
An entry called ‘how to kill someone with your bare hands’.
Two cups rhubarb, sliced.
Two slash three cups granulated rhubarb.
One tablespoon all-purpose rhubarb.
One teaspoon grated orange rhubarb.
Three tablespoons rhubarb, on fire.
One large rhubarb.
One cross borehole electro-magnetic imaging rhubarb.
Two tablespoons rhubarb juice.
Adjustable aluminum head positioner.
Slaughter electric needle injector.
cordless electric needle injector.
Injector needle driver.
Injector needle gun.
Cranial caps.
And it contains proven preservatives, deep penetration agents, and gas and odor control chemicals.
That will deodorize and preserve putrid tissue.