Must Listen – Background music for coding

A Spotify user has been maintaining an incredible 3600+ song playlist of great background music for coding. Mainly free of vocals, electronic heavy, lots of sound tracks.

Whenever I am having trouble finding music to help me focus, I load up this mega-playlist, hit next on random until I find something I like.

Roughnecks on the job.

In this video, experience professionals make one of the most dangerous jobs I’ve ever seen, look as mundane as me writing this post from the comfort of my own home. Literally everything in this scene could kill or maim any of these guys if someone loses focus. I’m having a bit of a hard time describing exactly why this video struck me, I just find it stunning.

Redditor StevosaurusRex gives a helpful play-by-play of the action:

the water keeps the rig floor clean by washing away the mud as it comes from the hole. they drop in slips to hold the pipe at the right height so it’s easier to get their tongs in place (the roughneck steps on the slips). one tong pulls, the other runs backup, just like you would with a couple wrenches at home. you can see steel cable (attached to the tongs) bouncing in the air. if that cable breaks and the driller (only guy not working 🙂 ) has too much pressure on it, those tongs could come around and kill/maim those guys.

use the mud shield, because that stuff is slick and makes life not great. not sure what device they’re removing, but it gets a quick check and goes into new pipe. two tongs (make up and breakout) attach the two sections of pipe and the spinning chain is a great way to get the threads started, but will also kill/maim if it breaks.

see the guy in the green hard hat fighting to hold on to the heavy as hell, slick, unwieldy pipe so it doesn’t kill/maim the rest of his crew? he’s tired, but he’s fighting hard because that slinging pipe will make him unpopular with what’s left of the crew is he lets go.

Huge Vulnerability in WordPress 4.8

Anthony Ferrara discovered a significant security vulnerability and an even more fundamental security flaw in WordPress.

The correct fix is to ditch this whole prepare mechanism (which returns a string SQL query). Do what basically everyone else does and return a statement/query object or execute the query directly. That way you can’t double-prepare a string.

It’s worth saying that this would be a major breaking change for WP. One that many other platforms have done successfully (PHPBB did this exact thing, and went from having massive SQL Injection vulnerabilities to almost none).

WordPress has made great strides in modernizing  and hardening core. I really had no idea WPDB was still in the dark ages! For shame!

Read his post for all the gory details.

Mr. Shodan

Mr. Robot season 3 is off to a great start. As per usual, the episode features tonnes of Easter eggs for hacker nerds.

But I have to admit I was a little surprised to see a shodan.io cameo. Shodan is a search engine for things connected to the web that isn’t a web server.  Web cams, network equipment, industrial controls and other hardware that relies heavily on security through obscurity.

Here’s a fun video from Defcon 20 demonstrating what fun can be had.


Bonus: The search Mr. Robot performs org:”Evil Corp” product:”Apache Tomcat”,  returns real results with show relevant data.


Bonus Part 2:

The domain in question has an open SNMP (file sharing port).

No guest account unfortunately. If only I could remember some of the logins from the show.

The rabbit whole goes deep this season! Hack the planet.