Badger’s Den

I know its been around for quite a while but I guess I’ll put in my two cents.

Pandora is the best service I have ever seen for discovering new music that you actually might like. Granted there are a ton of different ways of doing this, but the fact that they try to start you out with things you are familiar with before plunging you off into obscurity is a nice touch.

Duracell announces myGrid wireless charger, WildCharge feels a little KIRFed.

As long as you don’t have to wrap the device up in yet another set of plasticwrap, looks like a great concept.

Slashdot Science Story | NASA Probe Blasts 461 Gigabytes of Moon Data Daily.

I Wonder how long it will be until they get sued for sharing data on a high speed connection.

The season change has come early this year it seems. Wind and rain everyday, and the standard atmospheric pressure change plays drums with my noggin.

Finally reached second 8- I gotta say the person doing the training is good, but doesn’t quite have the style of Deke.

It is strongly recommended that all active wordpress accounts apply this fix.  While the vulnerability will not be completely removed (you can still possibly be locked out of the wp account), it reduces the odds of someone else gaining access to the account.

From The Article:

The password of my Wordpress admin account was not valid when I tried to login today. I first thought it was a problem with the LastPass password manager and tried to see if I was still logged into the service. When I checked my email inbox I noticed that I have received a new password for the account. That was strange since I did not request a new password. It was not that much of a concern to me as I thought that someone might have used the password reset functionality to reset the password which meant that physical access to the new password was not possible.

A new post appeared on the Wordpress discussion list today revealing more details about the process. Everyone is apparently able to reset a Wordpress password if the email address of the Wordpress user is known. All that needs to be done is to point the web browser at http://www.domain.com/wp-login.php?action=lostpassword to reset the password. The email address of the account holder has to be supplied in the form. Wordpress usually will send a confirmation email first asking the email account owner if the password should be reset. The vulnerability manipulates the query to skip this step.

It is not possible to exploit this vulnerability further which means attackers cannot get access to the user account. It can however be theoretically be used to reset the password regularly to lock the user or admin out of the Wordpress blog.

A temporary fix for the remote admin password reset vulnerability was posted. Wordpress administrators need to change one line of code in the wp-login.php file of the Wordpress installation to protect their blog from the attack.

Replace

if ( empty( $key ) )

With

if ( empty( $key ) || is_array( $key ) )

It is advised to apply the temporary fix as soon as possible to Wordpress installations.

So after a couple of nights of pain/cold-induced WoW time, I’m feeling like doing something this evening (something productive?? who knew!!). Only problem is, I don’t have a clue what to do around here.

After everything that’s been happening, I think a poster time would do everybody a world of good. Therefore….

‘DON’T YOU DARE TALK DOWN TO ME! I’VE BEEN DOING THIS FOR YEARS!’
‘Very good sir, now please click on the authorized user/’
‘DON’T GET TECHNICAL WITH ME!!’

Whatever this thing is, it took me down hard. FINALLY starting to feel better today (after a 20 minute coughing fit with tons of really-don’t-want-to-think-about-it-gunk). Provided I get some decent sleep tonight normal service should resume tomorrow.