It was the evening of the first day of spring and, other than the appearance of jc and his ServerPup on national television, it had been a fairly normal one, too. In the Perl Monks IRC channel, ar0n and tye were working on fixing the homenode image upload problem. Eventually, tye lost his 'patients', and left ar0n with the following words of wisdom:
<tye> &displaytype=hack (: <tye> try that ar0n, on your home node <tye> I'm still away
So zdog explained it to him:<ar0n> Where on my home node? * ar0n hits tye
<zdog> http://www.perlmonks.org/index.pl?node=ar0n&displaytype=hackAt first, ar0n got real excited about his new toy:
But someone had access who shouldn't have:<ar0n> tye!! <ar0n> Rock! <ar0n> Neat!
<zdog> Ha .. your passwd is 8 chars long.And someone else was quick to realize:
<japh> No! Don't look at the source! disable! disable!Some of us became a little discomforted:
And others began to laugh:<ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! <ar0n> !! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!! * ar0n hits tye!!!!!!!
Then all hell broke loose:* japh chuckles <zdog> Hahaaha/
Finally, things settled down:<ar0n> GOD FUCKING DAMNIT <zdog> Where the fuck is tye?! <ar0n> At least we have a god around who has access to the database +. <zdog> You can look at everyone's passwd! <Kanji> japh | um, but if the password is there... <Kanji> "You can't edit this node (unless you view source first :-) <zdog> Damnit tye!! <ar0n> TYE! <ar0n> Oh god... * zdog goes to check japh's passwd. <ar0n> Talk about security holes... <zdog> =) <zdog> j/k. * booradley sells ar0n's info on the black market <japh> TYE <ar0n> TYE <japh> TYE <ar0n> If I kick him, will he autorejoin? <japh> ar0n: I don't know. <ar0n> WAIT I HAVE HIS CELL PHONE NUMBER IN MY LOGS <ar0n> HOLD ON <japh> ar0n: HURRY <cow> tye <japh> TYE * cow beeps <Masem> stop beeping! <booradley> sweet merciful crap. <ar0n> 20:11 <tye> ########## if you want me to back the patch out * zdog blames tye. <ar0n> IM NOT GETTING A RESPONSE <japh> THE MAFIA GOT HIM! NOOOO * cow fights the urge to beep again. * Kanji remmbers that for next time he loses his password... <zdog> So how do you people like my passwd? =) <ar0n> CALL HIM <ar0n> SOMEBODY CALL HIM <zdog> I don't know his number. <zdog> Call jc! <ar0n> zdog: scroll up <zdog> Oh, okay .. <zdog> why can't you call? <ar0n> I DID. NO ANSWER <zdog> I'll call. * cow quietly squishes ar0n's Caps Lock <ar0n> Oh, sorry. <japh> fucking bad time for tye to be away... * cow watches all the passwords get eaten.
Some of us became a little happy:<japh> Oh good. Internal server error. <cow> Oh. <japh> The quick way to disable that. <zdog> ar0n got him. <japh> k, good
ar0n summed it up best:* zdog called. <zdog> I feel special. * japh mumbles <zdog> I got to talk to tye. =) <japh> heh.
It was finally over.<ar0n> I think I speak for all, when I say "..." <japh> Yes, quite. <cow> amen, brotha. <zdog> ar0n: damn straight.
Some of you may want to do the same. However, tye did go through the logs and made sure that all of the passwords that may have been stolen were changed, but if you're paranoid ...<zdog> So now what? <ar0n> Now I change my password.
And what a mess it was. There are several lessons to be learned here: have a test site, pay your admins, don't code faster than the legal speed limit, and always, always blame tye.