306 lines
27 KiB
Plaintext
306 lines
27 KiB
Plaintext
|
Episode: 526
|
||
|
|
Title: HPR0526: Interview with a whitehat
|
||
|
|
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0526/hpr0526.mp3
|
||
|
|
Transcribed: 2025-10-07 22:29:20
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
Let's have a look.
|
||
|
|
Hello and welcome podcast listeners, to Hacker Public Radio, I'm your host Fenix and I'm
|
||
|
|
joined tonight with fellow HPR host and new boy Tom McKenzie. Tom has been running
|
||
|
|
the recent series of interviews with Blackhats, which has had to make some reviews but
|
||
|
|
the latest episode has left everyone thirsty for more and on February the 13th, Tom released
|
||
|
|
an advisory with regards to a book. He also released a brief of concept for a bug that
|
||
|
|
he found in WordPress versions 2.9 and 2.91 and was later patched in version 2.92. So
|
||
|
|
without delay, welcome to today's guest, Tom McKenzie, hi Tom, how are you doing?
|
||
|
|
Yeah I'm doing good, Fenix, glad to be being interviewed by you, can follow us to the
|
||
|
|
bottom a little bit of up. If anyone, if any of the Hacker Public Radio
|
||
|
|
listeners are on aware, Tom and I podcast together on another podcast, we released the
|
||
|
|
shows on Hacker Public Radio as well but we're here, both podcasts and our podcast
|
||
|
|
called Trackset. So yeah, I know Tom a little bit and I heard about what was going on at
|
||
|
|
the time and Tom approached me, sorry I interesting getting the news about this this advisory
|
||
|
|
out. Tom, I think probably the easiest thing to do, I think to start off with should probably
|
||
|
|
get yourself to introduce yourself to the Hacker Public Radio listeners that might not have
|
||
|
|
time to cross you before. Yeah, that's fine, so I'm Thomas McKenzie, and my
|
||
|
|
screen name is Team at QK. I currently studying at Northumbria University at School Hacking
|
||
|
|
for Computer Security, so I'm in the first year. I have been involved within, well I've been
|
||
|
|
involved with computers since the age of 11, 12 and my dad's a big fan of, well he was a big
|
||
|
|
fan of binary coding, so I've been brought up around with that for a while and I built my
|
||
|
|
own computer when I was younger and then as I got into GCSEs I was interested in website building
|
||
|
|
and from there I went into web applications and that's where really like my love of security
|
||
|
|
came from, I'd say that I'm quite well, I'm quite well versed in web applications stuff and
|
||
|
|
currently just actually received a job for London Storm doing some web up testing, some network
|
||
|
|
penetration testing and yeah that's pretty much it, I mean I'm just regular 18 year old student
|
||
|
|
likes growing out to the pub and likes learning at uni. And Tom the, I suppose the next question
|
||
|
|
for me is, could you in layman's terms describe the bug that you found in there? At the time that
|
||
|
|
you released this I'm writing thinking that this was the the the the prescribed version of WordPress
|
||
|
|
that up to date version 2.9.1 I think it was at the time problem was in 2.9. Could you, because
|
||
|
|
I'm aware that many people on HPR probably run some versions of WordPress blog quite about
|
||
|
|
the current electronic community and might not come across this this report, but could you
|
||
|
|
kind of in layman's terms explain exactly what the bug was that you found?
|
||
|
|
Yeah well what I'll do is I'll just explain how I came about it because that's probably the
|
||
|
|
easiest way to do it. Yeah sure. And the first, your first of all after he was is that
|
||
|
|
I have a person on my blog at the moment called DAC Otter and he's currently doing a
|
||
|
|
guest series on cryptography and what I did is I created an account on my WordPress so that he
|
||
|
|
could upload them and what he does is he does draft copies and has them so that they're published
|
||
|
|
in the future so like at the end of the week so that I can check them before they go live.
|
||
|
|
Now I was sat in C Pro running at university when I got an alert saying that he posted one
|
||
|
|
and I checked it and as I checked it I looked at the it's called Permilinks in WordPress and it's
|
||
|
|
basically just like the URL and how the post is posted to the website and how it is shown in the URL
|
||
|
|
and it's like question mark P calls and then the number. I grabbed that and I put it into
|
||
|
|
I put it in the URL bar. Fairly in mind obviously this was a draft post at the time it actually
|
||
|
|
came within the title, the title of the post. So I played around with it and I did happy new year
|
||
|
|
2011 and anybody could see that as well. So from there I got a bit excited thinking you know
|
||
|
|
ebay, PlayStation, they all use it and imagine if you saw an announced PlayStation 4 or whatever
|
||
|
|
our famous you would be. So I went about researching a bit further into it. I got a bit further
|
||
|
|
and what Apple was is that the actual title book was part of the theme that I was running called
|
||
|
|
Pixel. I fixed that and got into it with the creator and the updated version of the theme. So
|
||
|
|
in actual fact I found two books one within the theme and one within the actual WordPress.
|
||
|
|
I went a bit further into it and I figured out that you can basically view trashed posts
|
||
|
|
by doing the exact same URL manipulation, URL traversing I think it's called. Basically in 2.9
|
||
|
|
WordPress incorporated a new feature called trash which is pretty much the same as Windows
|
||
|
|
and Microsoft's recycling bin. What it does is it doesn't delete the post it just puts it into
|
||
|
|
an allocated space and what that means basically you are able to still see the post when it's trashed.
|
||
|
|
So what it does is it doesn't just bring it in the title it actually shows the full deleted post
|
||
|
|
and I had a few posts that I was drafting and I thought nah you know that's a bit dodgy I may not
|
||
|
|
post that or you know I haven't got permission from whoever so I deleted it without realizing that
|
||
|
|
you know some of the that you could do a draft you could view them. So along with Ryan Jewhurst
|
||
|
|
we wrote a proof of concept which searched through each URL and found these posts and you could
|
||
|
|
view them on any WordPress version no matter which type of perm link they were running. So any
|
||
|
|
blog with any trashed post was vulnerable to the attack really that's the layman's terms that's
|
||
|
|
quite long. Tom let me get this right we write a blog post about something we save it in the drafts
|
||
|
|
then we decide we're not going to post this for whatever reason and we delete it and yet you've
|
||
|
|
written a proof of concept code that will enable good guys and bad guys to to to enumerate the
|
||
|
|
the the possible URL variations and retrieve what's in the trash is that that's that's right yeah
|
||
|
|
I mean that that's right yeah I mean not you you mentioned draft post not just draft post if you
|
||
|
|
posted anything as well and then decided now delete that or someone got into a tree and said
|
||
|
|
this was wrong or whatever and you deleted it doesn't get deleted it gets put into the trash so
|
||
|
|
basically this no matter how how the post was published or if it wasn't published when you click
|
||
|
|
the trash button then anyone can view it as if it was a normal post. Okay and I'm writing saying that
|
||
|
|
this is not an unauthorized user error and this is not to say that that basically it's not a random
|
||
|
|
robot that can do it that you actually have to have an account to log on be a subscriber someone
|
||
|
|
able to account but you do have to be authenticated that's right yeah I mean most
|
||
|
|
most themes actually don't have a link to register on people's blogs but a lot of people don't
|
||
|
|
realize is that within the admin panel of WordPress there is a button or an option to turn registration
|
||
|
|
off but what a lot of people didn't do is they didn't actually you did do that a lot of people
|
||
|
|
because obviously it's quite easy to use a lot of people just you know change the theme or
|
||
|
|
got rid of that part and just start yeah I'm safe but as long as you put wp hyphen register
|
||
|
|
dot php after the url and and most sites you can register you can register on the site and run
|
||
|
|
the script that you can find on my website okay so okay I think what would be really good at
|
||
|
|
this point is maybe to talk through the steps that you did to actually prove the vulnerability
|
||
|
|
okay yeah that's cool and you've got a bit complicated because obviously I mentioned before
|
||
|
|
about the theme and that kind of like threw me off course a bit because I thought well I found
|
||
|
|
this book on though maybe I haven't it's the theme and then well maybe there is a book there
|
||
|
|
and I got in touch with you and you gave me some advice and Ryan gave me a bit of advice
|
||
|
|
as well and gave me a lot of help and my guy off the course called Matthew Hughes gave me some help
|
||
|
|
and also did you ninja he gave me a hand as well in proxy yeah Ryan got in touch with him he's
|
||
|
|
in the proof of concept but basically I went about download in the old versions so I got 2.8.6
|
||
|
|
and I got 2.9 and 2.9.1 and I put the new virtual machines and I also put them in
|
||
|
|
used xamp to basically put them on my local machine and I did the same test over and over on each
|
||
|
|
one and I think I've got about 50 screenshots on my computer just documenting what I did
|
||
|
|
I then got in touch with Ryan we wrote the advisory together
|
||
|
|
and I went to go basically WordPress has this book system called Track and I went on there
|
||
|
|
and I searched for the book how I would explain it I mean on my website if you through it's on
|
||
|
|
the website it's name it a failure to restrict URL access and we got that like name from from
|
||
|
|
old wasp, old wasp has a similar vulnerability for something else and we basically got the title
|
||
|
|
from that so when I was searching track I was searching for you know failure to restrict URL
|
||
|
|
access or URL manipulation or enumeration and I didn't find anything so I thought well you know
|
||
|
|
I must have found this book so I tried going on tracking you know putting it up but there's
|
||
|
|
too many rules and regulations and to be honest like I just wanted to get it fixed so I emailed
|
||
|
|
security at WordPress dog and within an hour I got a reply from Ryan then
|
||
|
|
I got a reply and he basically told me I said will this fix it gave me a bit of code
|
||
|
|
tried out and said yeah that fixes it and what it basically did is there's already some pre-defined
|
||
|
|
code that says if it's in spam or if it's in the deleted folder or if it's in this folder
|
||
|
|
or whatever you can't view it and all he did was just moved trash up into the same
|
||
|
|
into the same part of the code there was a simple fix but obviously for some big companies
|
||
|
|
that were used WordPress there may be something in the trash that they don't want other companies to
|
||
|
|
see yeah if they're not keeping up to date with their advisories or their update policies
|
||
|
|
then they could still be vulnerable to it yeah I mean from there basically what I did is
|
||
|
|
you all got fixed a release the advisory and yeah when I went about my day got I was trying to
|
||
|
|
hit some of my website a lot of Google hits and that was pretty much about it really and then
|
||
|
|
you're going to ask me now about the the bus that came from it yeah I mean having some inside
|
||
|
|
of knowledge on the podcast does help yeah there's no there's no easy way of saying I believe a
|
||
|
|
couple of days afterwards they got raised to your attention that this wasn't a freshly discovered
|
||
|
|
vulnerability all that you were probably the first one from what I understand by the looks of
|
||
|
|
that you're the first one to recognize it as actually a security vulnerability it seems that
|
||
|
|
this bug was discovered previously and reported to WordPress you didn't do anything that's correct
|
||
|
|
isn't it but I think you were the first one to do to apply it in a hacking context and say
|
||
|
|
actually this is rather not a bug but rather a vulnerability that it could be exploited
|
||
|
|
yeah I mean then I'll mention the guy's name because at the end of the day you know this guy
|
||
|
|
this guy found it first so Caesar's grunt he's called he found a vulnerability and reported it
|
||
|
|
oh well he found a bug and reported it on track and from track you put it as like a medium like a
|
||
|
|
medium bug but as soon as it went on there it got moved straight down to low it wasn't considered
|
||
|
|
the only reason I can I can think why WordPress didn't do anything about it or it was it was
|
||
|
|
shunted to the back of a long queue is that if you look if you look on track it isn't explained
|
||
|
|
very well like all he says is he basically mentions trash he mentions about being able to see
|
||
|
|
some posts but he doesn't he don't go into detail he posts once and then that's it and then
|
||
|
|
somebody else tries to back him up so I think when I like I said when I searched track
|
||
|
|
I was looking for specific things I was looking for what I called what I called the air
|
||
|
|
what I called it so you know like I was looking for failure to restrict URL access
|
||
|
|
enumeration URL traversing then types of things and that's why I didn't find it and like you say it
|
||
|
|
came it came to my attention in quite a it was quite strong really the blog post that was on it
|
||
|
|
and I have received a few comments on my website which I haven't published that have been
|
||
|
|
quite offensive saying that you know I've stalled the idea or this isn't anything to do with me
|
||
|
|
you just got all the credit for it and well if that's what they want to think then that's fair enough
|
||
|
|
but I know you know and I know that Ryan Jewish knows and I know quite a lot of people on my course
|
||
|
|
know that I put hours into you know trying to prove this and actually liking any advisor do you know
|
||
|
|
I mean I mean in your in your defense I you know I spoke to you at the time about what I believe
|
||
|
|
to be an appropriate testing mechanism for doing this so just in my opinion I mean I read the
|
||
|
|
blog post just recently I thought it was a tight judgmental about lots of things it didn't really
|
||
|
|
take into account that yes okay this issue was reported it was reported in my opinion but bearing
|
||
|
|
in mind I'm a security guy so I tend to look at these things this way that it was reported in a
|
||
|
|
true developer's way of reporting problems that this is the problem with the code and this does this
|
||
|
|
and there was no for me there was no if you'd have looked at that you wouldn't have thought my
|
||
|
|
godness of vulnerability here your points absolutely right that a company could have could have had
|
||
|
|
data being released leaked for for quite a while now while this books are in in track for for
|
||
|
|
three what is it there three or four months or something three three months yeah that's right yeah
|
||
|
|
yeah I mean I thought yeah I thought it was particularly harsh and in your defense I was
|
||
|
|
definitely coming up and joining jump yeah I mean what are you supposed to do it I mean you draw
|
||
|
|
assembly to the Dan Kaminsky and and Moxie Marlon Spike found the null prefix SSL attack round
|
||
|
|
about the same time independently researchers do this all the time it's not it's not nothing new
|
||
|
|
I certainly wouldn't be questioning someone's honesty I mean this is
|
||
|
|
yeah that's what came across I mean yeah the thing the thing that I will say in the defense of the
|
||
|
|
blog post is that it was very well-argumented and the the guy I mean I've spoke to him since and
|
||
|
|
there's been no apologies or anything because there hasn't needed to be because the posters very much
|
||
|
|
argumented in the way that well maybe Thomas McKenzie did this and didn't you know didn't check
|
||
|
|
or didn't do this or do this or maybe the you know WordPress didn't do this or didn't do this or
|
||
|
|
maybe the original finder didn't do this didn't do this it was very argumented but in in in every case
|
||
|
|
it was really strong so if any of the people so if I'd read it if WordPress had read it if you
|
||
|
|
know if Caesar's grunted reddit he might have any of us might have felt upset about what this guy
|
||
|
|
posted I mean the only problem the only the only reason obviously that I am I seem to have come
|
||
|
|
out of it well I think I've come out of it good you know I mean but in the same time the same
|
||
|
|
the same time you know like to say I've had a lot of comments a lot of negative comments as well
|
||
|
|
so I think the only reason is because I am getting I am getting the credit for it and to be fair
|
||
|
|
I know I understand I mean I'm now going to jump to the other side of the fence you
|
||
|
|
front what front page news on the WordPress developers blog with this where you're not yeah
|
||
|
|
no I'm not just not just on the developers blog I was on the front page of WordPress
|
||
|
|
my name if you type it into Google has gone up to number three and considering that there
|
||
|
|
was a prime minister called Thomas McKenzie it's a very you know it's that's quite good to really
|
||
|
|
Tommy I just I didn't come how you can draw draw similarly between yourself and a prime minister now
|
||
|
|
I mean in defense of the dude that he raised some interesting questions but for me I'm going to
|
||
|
|
do this as a security dude I think you did this appropriately and did it in a right way
|
||
|
|
how you came about it this is the lesson this is the lesson that is very very important and I'm
|
||
|
|
quite sure that you're back this up you need to document everything you do when you discover
|
||
|
|
a vulnerability or a bug you need to you need to take care I've been just been reading the book called
|
||
|
|
Cook who's asked by a guy called Clifford Stoll who does uh who who was involved in in computer
|
||
|
|
security but be a long long time ago he was uh he's an old physicist and basically what he says is
|
||
|
|
in physicist circles you know if you don't write if you don't document it never happened and for
|
||
|
|
you it was probably very very handy to have a ton of actual proof that you went through these
|
||
|
|
processes and independently discovered this book um then the screen shots your documentation
|
||
|
|
your actual honesty integrity even though it should never have been questioned even if it was
|
||
|
|
questioned that you actually said know up here's the evidence here's the proof that I actually
|
||
|
|
did my work and I found it and I certainly am not guilty of stealing anything um yeah which is
|
||
|
|
the the lesson that I think is is incredibly important to take out of this apart from as well
|
||
|
|
that if you don't publicize vulnerabilities they don't get patched because you know credit where
|
||
|
|
credits do your proof of concept was the one that word price quoted and got if I'm correct to fix
|
||
|
|
out pretty quickly was it not within like three or four days or something it was it was within
|
||
|
|
two days yeah me well I had the unofficial either unofficial patch that they actually incorporated
|
||
|
|
into the into the official 2.92 within the hour so and I posted that straight on my website
|
||
|
|
I as soon as um as soon as they sent me the the code that fixed the vulnerability because that's
|
||
|
|
all it was it was just just another former sanitization um I as soon as I got I put it on my website
|
||
|
|
and uh that that was that that was you know people people's wordpresses were getting fixed
|
||
|
|
which you know props yeah what would you you know the fluffy question next what would you do
|
||
|
|
differently definitely um I'd probably take a lot more time finding out if it had been if it had
|
||
|
|
spoke about before or found out about before um I'd also as well hurt of
|
||
|
|
worked a lot harder in distinguishing the differences between the bug that I found in the theme
|
||
|
|
and the bug that I found within wordpress itself because that that really did put me off guard um
|
||
|
|
and it really did knock me for six just basically because I thought at first I found a wordpress
|
||
|
|
and then figured out I hadn't and then kind of thought that I did and then I thought I hadn't and then
|
||
|
|
I did and it took a lot I mean I can't remember when I spoke to you about it but I probably did
|
||
|
|
sit on it with it for a good for a good two good two weeks just thinking about what I can do to
|
||
|
|
document it what I can do to test it and I do remember ringing you and saying look I've I've got
|
||
|
|
this and I am struggling a bit can you give us an hand and you did point me in the right direction
|
||
|
|
with that and like say Ryan did give me a hand and Matthew used off my course gave me a hand with
|
||
|
|
it as well so um it was the biggest thing that I would do is probably just try and try and um
|
||
|
|
differentiate between the two bugs yeah I mean if I'm correct and and and remember why I said to
|
||
|
|
us was basically what you need to do is set up a number of test cases with themes with randomly
|
||
|
|
selected themes as well and so on and so forth it was just trying to lay out a scientific
|
||
|
|
proof of that that we took a random selection of themes and you know we made it work on one and
|
||
|
|
that was it was able to just partition where the the error itself lies I understand that
|
||
|
|
this is very very different web applications or it'll maybe in some ways web applications are
|
||
|
|
sometimes a little bit harder to to actually diagnose exactly what's going on because
|
||
|
|
they're basically multi-tiered services when we boil down to it um yeah so
|
||
|
|
everyone you the advice now the countermeasures to this is to update to 2.92 or or or keep it to
|
||
|
|
2.8.9 then 2.8.6 yeah I mean it's funny really because I've got obviously I like to say I've
|
||
|
|
got a lot of publicity about it and I've had a few job offers um I've got a few job offers on
|
||
|
|
from from people and from companies and I've had an interestingly I've had that I've had
|
||
|
|
nothing from somebody who wants me to test um to test their WordPress blog and I've been doing it
|
||
|
|
have come across a few things that they've inputted themselves on their own theme that you know
|
||
|
|
were a problem but the biggest the biggest thing is is they allow registration on the blog
|
||
|
|
as well as running the old version so the first thing I did was use the proof concept that me and
|
||
|
|
Ryan wrote and I numerated all the trash posts at the app so I would definitely agree that you
|
||
|
|
need to update um needs to update WordPress. I thankfully did the link for me next
|
||
|
|
what happened to you last week it's probably the easiest way of putting it on but on top of it you
|
||
|
|
joined a friend of Hucka Public Radio in Tracksack, Ryan Duhurster at random storm
|
||
|
|
um due to the work that you you'd found here um so I believe first and foremost congratulations
|
||
|
|
um so what will you be doing for for random storm?
|
||
|
|
um I I will be undergoing some training on network penetration testing and the reason for that is
|
||
|
|
because I can drive and obviously my holidays are coming up soon so I've got the summer coming up
|
||
|
|
and they want me to get get me on site so I'll be undergoing training for that and first and
|
||
|
|
foremost I'll be working alongside Ryan and also on my own and doing web application testing
|
||
|
|
and yeah that's basically it has been offered a contract which um it gives me a
|
||
|
|
part-time work and then also as the holidays come and um as the holidays come I will get some more
|
||
|
|
hours and can work can work a bit more and I can also obviously hopefully if it all goes well
|
||
|
|
other I've also got a placement for my third year and hopefully you know a job.
|
||
|
|
um Tom in in rock and up what do you what what what what is your advice to people that
|
||
|
|
find a vulnerability how do you think they should go about you know disclosing that and so on
|
||
|
|
and so forth um I definitely think it's worth getting a second opinion um or maybe a third or
|
||
|
|
even a fourth and getting somebody to try and help you help you you know along with that um
|
||
|
|
obviously as well go about checking it hasn't been talked about before and if it has
|
||
|
|
how um you're speaking about it differently how you're making it how you're going to make a
|
||
|
|
difference to what other people have said um but like you said before the biggest thing you need
|
||
|
|
to do is documentation um screenshots and bias labs and obviously you know times and dates of
|
||
|
|
everything that you're doing because um in the sake of web applications um I could test something
|
||
|
|
tonight uh midnight which is you know something that could happen I could test it and it could be
|
||
|
|
vulnerable I could then go write my report handy off to a client expect however much money
|
||
|
|
um I'm selling this this web application test for and then later I'll say well actually we've
|
||
|
|
just tried that and it you know nothing's happened so definitely document when everything's
|
||
|
|
happening as well um otherwise you're going to get yourself into a hole which you aren't going to
|
||
|
|
be able to easily come out of without having you know the documentation that we talked about before
|
||
|
|
so documentation documentation documentation documentation
|
||
|
|
uh to be honest yeah I'm kind of old-school when it comes to documentation I have to be honest
|
||
|
|
to do I uh I have some great advice from a friend of mine that the the Apatailinic Society leaves
|
||
|
|
you who is a morphel in Dondi for saying these very words that software is documentation and
|
||
|
|
documentation is software and I I couldn't agree anymore and certainly when it comes to
|
||
|
|
vulnerability it's the proof has to be has to be there um in wrapping up people can find your
|
||
|
|
blog post your blog at www.teamack.co.uk is that correct no no sorry it's um there's a couple
|
||
|
|
of ways to get to it there's www.teamack.uk.com uh Teamack.uk spelt TMAC.uk um you can get it to
|
||
|
|
it.com.co.uk um you can also get to it. Thomas McKenzie.co.uk Thomas McKenzie.net and I think
|
||
|
|
you can get it at Teamack.uk.net now oh no sorry can't not yet hello that's something that's coming up
|
||
|
|
you know enterprise enterprise was it was it like like a seven for one deal going on at the
|
||
|
|
domain register or something we'll be well wish so obviously like like you all know I'm at
|
||
|
|
university and I'm registering all these domain names when I've got the money and then I'm spending
|
||
|
|
the money thinking they've already gone out and then I'm up from down the line I'm going over
|
||
|
|
drawing in an overdraft I don't even have because because I've bought all these domain names two
|
||
|
|
months before and I believe you can be found on Twitter uh I'll personally put you Twitter handle
|
||
|
|
yeah it's uh Teamack.uk spelt the same as way before TMAC.uk and to anybody who's listening
|
||
|
|
who wants to be involved in the industry or is you know a prospective student for any university
|
||
|
|
theoretical hacking or even forensics it's definitely somewhere that you need to go on to
|
||
|
|
add me and give us a shout and I'll send you a DM or an email with everybody that you should
|
||
|
|
follow because without without Twitter um I wouldn't I wouldn't have probably got gone to the
|
||
|
|
on the course and probably wouldn't be in the position that I'm in now just because of all the
|
||
|
|
networking that I've got yeah okay we all know that security guys are Twitter junkers
|
||
|
|
free software guys are all identical by the way just a lot of free-tard listeners out there
|
||
|
|
so in wrapping up if you want to get involved in HPR the best way that you can help HPR
|
||
|
|
is maybe look at producing shows yourself you know if you have a friend who's found a vulnerability
|
||
|
|
and why don't you get a microphone and record it and release it to HPR or maybe you'll use a
|
||
|
|
group's having a talk and speaker doesn't mind you recording it if it is something that you're
|
||
|
|
interested in doing then why don't you contact Klaatu or enigma at hackpubbleradio.org all that's
|
||
|
|
left for me to do is firstly thank our guests tonight Thomas McKenzie and do make sure to
|
||
|
|
catch isn't if you were the black cat and go and visit his website and you can also catch him
|
||
|
|
on tracksack.com Tom from me thank you very much for for joining us at hackpubbleradio is there
|
||
|
|
anything you want to say to the hackpubbleradio a lot before you go yeah definitely there is one
|
||
|
|
thing I'm currently trying to start my own open source content management system it's very very
|
||
|
|
in the beginning stages this evening I've actually just written the login page
|
||
|
|
currently struggling with getting this md5 encryption working I'm not amazing at my php code
|
||
|
|
and just starting out so if there's anybody involved with any php code and I don't even know
|
||
|
|
any more than I do and do get in touch with me at my email which is teemac at teemacuk.co.uk
|
||
|
|
I'll get in touch with me on my website more on twitter just because I definitely definitely
|
||
|
|
appreciate some help with that and it will be on source for soon I hope
|
||
|
|
awesome what's a figure the name just make sure no one else is chosen it before you hear
|
||
|
|
you know what the name is right differently or something
|
||
|
|
all that left for me to do as well is thank you guys at home for listening to hackpubbleradio
|
||
|
|
and we'll catch you again on the next episode thank you very much goodbye
|
||
|
|
thank you for listening to hackpubbleradio
|
||
|
|
hpr is sponsored by caro.net so head on over to caro.nq for all of us in
|