The Comment

Well, now that i see all the sites i got access to has been reconfigured, i will let you know which is the comment that gave me the password. But first, i want to cite this:

Wow. What a big brain this guy has. Not only did he guess an easily guessed password based on published clues, but he -- a non hacker -- figured out what to do with that knowledge to make an ass of himself! #

This was only to probe that no one is safe from hackers, not even smart people as Matt —not you, obviously— and even more important is that you have to take good care of your information and what you give public access in the web. This may not be the best way to do it, but it gets to the point, so if i make the difference, even for 1 person, then it would have worked. Don´t like it, close the window, It is called freedom. Now, back to the comment thing... forget all the stupid ideas about security risks, password cracking, md5 hashes , exploits and all that crap, OK? It has nothing to do with WordPress. Wordpress is perfectly safe, and you can keep on using it. I got the password in plain text, and i found it in a public web address, that was accessible to ANYONE who has an internet connection. The comment is here http://asymptomatic.net/2006/06/01/2369/dear-web-development-community/#comment-62017

Hack the Matt

Here is the story of some guy who was doing his daily bloglines thing, when he found a comment that triggered the —always dangerous— question, what if <!-- insert EVIL ACTION in here -->... ?. I'm not a hacker, I'm not an expert in system administration nor server management, i don't do password cracking in my spare time, and i don't even speak or write English very well! but i do have common sense, and that is all i need. Matt Mullenweg, the lead developer of WordPress, is a really smart guy, i even admire him and pretty much all of his work, but i couldn't resist to see what would happen if I just... So, here is the story. After reading one of his comments, it only took me 5 minutes to find out Matt's password, the funny thing is that i tried to convince myself that he wouldn't be that silly, but guess what? he is that silly!. It is not that i only got access to his blog, he was using the SAME password —really crappy one— for ALL of his information/server/data/etc, I've got access to EVERYTHING MATT, trust me he is hanging from one of his balls right now. Fortunately for him, as i said before I'm not a hacker, nor a cracker, nor a dirty bastard who did not receive enough love when i was a baby, but imagine what i could have done with that information... just think for a minute. Here is a lesson for everyone, USE your god damn brain! I did nothing besides the redirection (yes, you are welcome), and NO i won't be revealing the password until i get confirmation of Matt that it has been changed and everything is safe. P.S. I'm sorry Matt, but it was so easy... i couldn't resist. Ok, now the Matt is back you can have some screenshots.