Tag Archive for Fail

| October 30, 2020
Comments Off on WordPress Botched it

WordPress Botched it

WordPress Botched itImagine my surprise when I got a notification this morning (10/30/2020) at 11:42AM (local time)  – Your site has been updated to WordPress 5.5.3-alpha-49449. has been updated automatically to WordPress 5.5.3-alpha-49449. No further action is needed on your part. 

Say what?!?

WordPress botched an update and auto-updated sites from the standard release channel to a development alpha channel – with no warning or reason.


WordPress bug
According to WordPress Development, it’s a bug. Not only did they move my site from the standard release channel to a dev release channel which gets updated every night. They also added back all of the 20xx WordPress default themes – Which I had already deleted.

@hellofromTonya at WordPress.org reports that the unwanted update is, “a side effect of another issue that occurred on 5.5.2.

WP says there are 2 options to resolve this problem:

  1. Click the Re-install WordPress button on the Update screen to reinstall 5.5.2
  2. Wait to update when 5.5.3 is released (coming soon)

Please note, 5.5.3-alpha-49449 also installed bundled themes. Any of these themes the site doesn’t need will need to be deleted manually.

@johnbillion at WordPress.org posted, “When 5.5.3 is released, you’ll be updated to that stable version and you won’t be alpha or beta testing from that point onward.”

WP now recommends – if you trust them – to update to version 5.5.3.

I did and it appears to have gotten me back to a stable version – but we will see overnight. If I get another dev edition – we will know it is still broke.

This smacks of an MSFT type auto-update “feature.” Make me start to question my faith in this new-fangled WP auto-update functionality.

Just as I was about click Publish on this post – I got another alert that I needed to install WordPress 5.5.3 again – so much for their earlier fix !!!!

Get it together WordPress

 

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| December 21, 2019
Comments Off on Stop Using These Passwords Now

Stop Using These Passwords Now

Stop Using These Passwords NowThe annual list of the worst passwords is out. People are lazy and still use the same old compromised passwords. Not much has changed since 2018, 2017, or 2016. SplashData’s 9th annual list of worst passwords looked at 5 million passwords that were leaked in various data breaches in 2019 and found that 123456 is still the most frequently used password.

Some other interesting password factoids from the survey include:

  • SplashData logopassword has been knocked out of the top two spots for the first time in the list’s history.
  • Simple patterns using contiguous keys on the keyboard like 1q2w3e4r, qwertyuiop, and !@#$%^&* are new for 2019. They may seem complex but will not fool attackers.
  • QWERTY is a big mover in 2019. qwerty moved up 6 places to #3 in 2019 and qwerty123 moved up 13 spots to #13 in 2019.
  • After making his debut on the 2018 annual list “donald” fell to #34 on the most dangerous password to use.

RankPasswordChange
1123456(Rank unchanged from 2018)
2123456789(up 1)
3qwerty(Up 6)
4password(Down 2)
51234567(Up 2)
612345678(Down 2)
712345(Down 2)
8iloveyou(Up 2)
9111111(Down 3)
10123123(Up 7)
11abc123(Up 4)
12qwerty123(Up 13)
131q2w3e4r(New)
14admin(Down 2)
15qwertyuiop(New)
16654321(Up 3)
17555555(New)
18lovely(New)
197777777(New)
20welcome(Down 7)
21888888(New)
22princess(Down 11)
23dragon(New)
24password1(Unchanged)
25123qwe(New)

Morgan Slain, CEO of SplashData, told Gizmodo,

Our hope … is to convince people to take steps to protect themselves online, and we think these and other efforts are finally starting to pay off. We can tell that over the years people have begun moving toward more complex passwords, though they are still not going far enough as hackers can figure out simple alphanumeric patterns.

rb-

So how can you keep your online personal information safe?

  1. how can you keep your online personal information safe?Make sure none of your passwords are on SplashData’s worst passwords of the year list. If they are log on and change them immediately. See the full 100 worst passwords on SplashData’s site.
  2. Use two-factor authentication, whenever possible. Even if a hacker has your password, they won’t have that random code and therefore won’t be able to get into your account. Not sure if your favorite website supports two-factor authentication, search the Two Factor Auth List to find out.
  3. Consider a password manager. Your brain is no longer an adequate password manager. SplashData makes several password managers SplashIDTeamsID, and Gpass depending on your needs.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| October 27, 2019
Comments Off on Church Wearable Device Very Holey

Church Wearable Device Very Holey

Church Wearable Device Very HoleyThe Vatican recently launched a holey wearable app onto the Internet of Things (IoT). The Church’s wearable IoT device, Click To Pray eRosary, is a bracelet of rosary beads along with a smart cross. The device is part of the Vatican’s mission to pray for peace. But the app is bedeviled by what sources call a “significant cybersecurity flaw.”

Pope’s Worldwide Prayer NetworkThe $110 device syncs with Click to Pray, the official prayer app of the Pope’s Worldwide Prayer Network. It tracks the user’s progress as they work through different sets of themed prayers. Oh, it also tracks your steps, too, for those that want to exercise both body and soul.

The Verge reports the gadget, designed by GadgeTek, a division of Acer, and pairs with an iOS or Android app you can download. The device can be bought through Amazon Italy or , the specs include:

  • eRosarySix-axis inertial sensing
  • Bluetooth 5.0
  • IP67 water and dust resistance
  • Wireless charging
  • a 15mAh lithium-ion battery
  • 10 black agate beads and 11 hematite beads

The “smart cross” stores all technical data. The app, however, appears to handle all of the actual user-interaction — the “smart cross,” does not appear to interact directly with the user. Engadget claims that the device also tracks health-related information. It’s basically an adapted fitness tracker, and it still doubles as a fitness tracker. The Vatican News explained the Church’s moved to the IoT like this:

The Click To Pray eRosary is an interactive, smart and app-driven wearable device that serves as a tool for learning how to pray the rosary for peace in the world. It can be worn as a bracelet and is activated by making the sign of the cross. It is synchronized with a free app of the same name, which allows access to an audio guide, exclusive images and personalized content…

Its target audience is:

the peripheral frontiers of the digital world where the young people dwell (rb- Maybe something got lost in translation)

The Catholic Church proved it is merely mortal when it comes to the Internet of Things. Like Most things IoT it was released with security holes. Sopho’s Naked Security blog explains that Fidus Information Security discovered a flaw in the prayer app’s authentication mechanism. The pious can safely log in via Google and Facebook but in the good catholic tradition, any alternatives cause issues.

flaw in authentication mechanismThe flaw rises when a user resets their account using the Click to Pray app. it makes an API call to the server, which then sends the PIN to the user’s email. The server also returns the PIN in its response to the API request, meaning that someone accessing the API directly could get the user’s PIN without having access to their email.

The researchers say they used this method to easily log in and obtained phone numbers, height, weight, gender, and birth dates. CNet says the Android version of the app also asks for access to location data and permissions to make calls.

Also, there was no limit to the number of login attempts, which is a dream for any hacker who wants to make automated, or brute force, attempts to break in.

brute force attackSecurity researcher Elliot Alderson not only found the eRosary vulnerability, but he also reported it to the Vatican first.  And of course, the Vatican respond via Twitter with appreciation. The Vatican’s representative, a self-described “Digital Jesuit in Rome,”  Father Robert Ballecer, understood the significance of having a security researcher attempting to contact the Vatican.

The church’s developers reportedly patched the eRosary within 24 hours.

rb-

The quick response by the Vatican is more than we can say for most organizations. So when it comes to the security of the Vatican’s new wearable device, it’s a good thing the Digital Jesuit is on the team.

They moved pretty fast for an organization that took 350 years to forgive Galileo.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| October 29, 2018
Comments Off on Halloween Fails

Halloween Fails

Halloween FailsHalloween is here – giving techies a reason to dress up as your favorite tech-inspired costume or better yet costume fails. You won’t believe these incredible Halloween costume fails. When people get Halloween costume ideas from their job, things can get scary fast. … here is some proof!

Google Map Guides

Google Maps costume

Code Coding costume

Identity theft

Identity theft costume

Clippy

 

The Blue Screen of Death

BSOD costume

Error 404 Page

Costume not found costume

Computer Man

Computer guy halloween costume

 

iPug

iPug halloween costume

Cloud computing

 

Cloud computing halloween costume

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Holidays | Tags: , , , ,
| April 19, 2018
Comments Off on System Fails Tax Day Delayed

System Fails Tax Day Delayed

System Fails Tax Day DelayedTax day 2017 was delayed one day due to a hardware failure in a system supporting the oldest IT system in the U.S. federal government. (rb- I wrote about the almost 60 years old system here.) Nextgov reports that 18-month-old hardware supporting the Internal Revenue Service’s Individual Master File experienced a caching issue causing the system to fail.

IRS logoThe failure disrupted almost all other IRS systems and services because those systems ingest data from the Individual Master File. When those systems—such as Direct Pay and the structured payments portal—called to the Individual Master File mainframe and got no response, they too failed.

Dave Powner, GAO’s director of IT management issues, told Nextgov, “This was our biggest fear about one of these mission-critical systems crashing. Fortunately, it wasn’t down for a long period of time, so in that way, we dodged a bullet.”

The crash delayed the submission of some 14 million tax forms. It could be several years before the Individual Master File is fully modernized and rid of 1960’s-era technology. The article speculates that the update timeline could slip because the IRS says it needs to hire at least 50 more employees—while backfilling any attrition—plus an extra $85 million per year in annual non-labor funding over the next five years. Trump’s fiscal 2018 budget request called for a $239 million reduction in funding for the IRS, which has faced many cuts in recent years.

Uncle Sam beggingThe author explains that the Individual Master File has data from 1 billion taxpayer accounts dating back several decades and is the chief IRS application responsible for receiving 100 million Americans’ individual taxpayer data and dispensing refunds. IRS first attempted to replace the system with a modernized Customer Account Data Engine, but that effort was canceled in 2009. A delivery date for CADE 2, the IRS’ subsequent modernization effort, has slipped several years even as contractors working on the project have earned as much as $290 million.

GAO identified the Individual Master File as the oldest technology system still working in government in 2016.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
« Older Entries