Skip to content

WordPress Upgrade 4.3 breaks wordpress cron wp-cron.php

WordPress Upgrade 4.3 breaks wordpress cron wp-cron.php published on No Comments on WordPress Upgrade 4.3 breaks wordpress cron wp-cron.php

There is a fresh bug in WordPress 4.3, it will cause a race condition in the wordpress cron, and the contents option_value of the option_name cron in wp_options will continue growing.

It will continue growing unchecked, this caused our binary log to fill up the disk.

You can check the size of the cron with:


mysql> select option_name,length(option_value) from wp_options where option_name ='cron';

If it continues growing unchecked you have hit the bug.
 
Here is the mailing list discussion of the bug:
http://lists.automattic.com/pipermail/wp-trac/2015-August/265144.html
 
Here is the changelist with the fixes for this bug
https://core.trac.wordpress.org/changeset/33647
 
If after applying the patch the old crontasks don’t get executed you may need to clear the cron:

mysql> UPDATE wp_options SET option_value = '' WHERE option_name = 'cron';

Bank decreases security in attempt to increase password strength

Bank decreases security in attempt to increase password strength published on No Comments on Bank decreases security in attempt to increase password strength

I was asked to set my phone password by my bank, following these rules:
1. Password must have 7 digits
2. No digits can repeat in a password
3. Consecutive digits are not allowed

Some security expert thought the best way to protect the “stupid” users from choosing easy passwords.
Was to enforce rules 2 and 3.
Lets keep in mind that without the rules 2 and 3 we had 9’999’999 possible passwords.

Rule 2 means you must pick 7 numbers out of the 9 digits without repeating any digit.
Using simple math we have
nPr = n! / (n-r)!
Were n is 9 as there are 9 digits in a phone, as r is 7 as that is the digits we must pick out.
We have: 9! / 2 = 181,440
As a result we have only 181,440 Valid passwords, this rule alone reduces the hackers guessing effort in a 98% Nicely Done!

*Rule 3, sequences of numbers are not allowed, this is the cherry on top.
NCm – ( N – m + 1 )Cm
We have: 6435 – 84 = 6351
Thats 6351 passwords we are unable to use.
181,440 – 6,351 = 175,089

It reduces even further the possibilities, this alone is not a bad rule, but since someone reduced the set most users will not be able to choose a password they can relate, so they are confined in this set, so my guess is most users ended up choosing a password based on the phone layout, as the rules above are too restrictive.

Look at the common phone digits layout:
1 2 3
4 5 6
7 8 9
    0

This are my guesses on the most common passwords:
1-4-7 2-5-8-0
3-6-9 2-5-8-0
2-5-8-0 1-4-7
2-5-8-0 3-6-9

* http://www.albaiges.com/matematicas/combinatoria/combinacionesordenadas.htm