Tag Archives: Security

Something is horribly b0rked

And I don’t have time to fix it now. A bit later. Please hold on

Update: Fixed – Phew.

I think that I will not use the AskApache plugin. Even though it looks very useful (especially since I’ve been mildly hacked once) it managed to b0rk the site twice (although I will admit that the first time it was my fault as well).

However the fact that it is so easy to break your site, even if you have some passing knowledge of web administration like me, makes it a bit dangerous for the faint of heart.

Another problem is that I couldn’t even leave a comment at the plugin’s page due to the heavy spam filtering or whatever. This is especially exasperating when your site is freaking up (not finding the admin pages and whatnot) and you’d like some support. Fortunately I managed to search for keywords and find a comment left by the author of the plugin advising how to fix my problem.

Very big Note: When the author talks about the .htaccess file. He means the .htaccess in the wp-admin/ folder not the one in your domain root. Do not touch the one in the root! I learned that the hard (or rather, the run around in panic, waving my hands around) way,

Nothing is safe anymore

Holy shit. Disk Encryption is cracked, and cracked nastily it is. You are not safe if you are using Windows, Mac or linux as all of them basically use the RAM to store the encryption key.

So currently the only way to fix this is to either use a new memory technology where the RAM is instantly lost on boot or use another place, rather than the RAM. Perhaps we could use an external key? Can DM-Crypt be modified to store the key in a usb-stick? Will that help? Techdirt also mentions that this does not work on disks that decrypt on boot but this is not said in the article…

In any case…ouch!