Climate Science Glossary

Term Lookup

Enter a term in the search box to find its definition.

Settings

Use the controls in the far right panel to increase or decrease the number of terms automatically displayed (or to completely turn that feature off).

Term Lookup

Settings


All IPCC definitions taken from Climate Change 2007: The Physical Science Basis. Working Group I Contribution to the Fourth Assessment Report of the Intergovernmental Panel on Climate Change, Annex I, Glossary, pp. 941-954. Cambridge University Press.

Home Arguments Software Resources Comments The Consensus Project Translations About Support

Twitter Facebook YouTube Mastodon MeWe

RSS Posts RSS Comments Email Subscribe


Climate's changed before
It's the sun
It's not bad
There is no consensus
It's cooling
Models are unreliable
Temp record is unreliable
Animals and plants can adapt
It hasn't warmed since 1998
Antarctica is gaining ice
View All Arguments...



Username
Password
New? Register here
Forgot your password?

Latest Posts

Archives

Skeptical Science Widget Hacked

Posted on 1 April 2014 by Bob Lacatena, John Cook

ANNOUNCEMENT — Widget Hacked


This is the widget as it appeared during the hack throughout April 1st.

Late last night, we discovered that the Skeptical Science widget website has been hacked. We are working hard to figure out what's going on.

Rest assured that all credentials and data on this site are well secured. The widget is hosted on an entirely separate server, which also — both fortunately and unfortunately — resides with a completely different host.

We do apologize to everyone who hosts and views the widget. If you are hosting the widget on your blog, there is no need to remove it. We will get it working properly soon. It's only a matter of time.

UPDATE (9:20 AM EDT)

We are working with the web hosting service to resolve the issue. For now, we don't really have a handle on how the hacker got control, or why we can't fix the widget.

UPDATE (10:43 AM EDT)

We have some idea now of how the hacker did it.  Doug is running some tests to confirm our theory.

The widget was designed to help to communicate to everyday people how much energy our planet has accumulated as a result of anthropogenic greenhouse gas emissions, and how quickly that energy continues to accumulate.  That rate is equivalent to a startling 4 Hiroshima atomic bombs per second.

The hacker has chosen to replace the well-considered and meaningful metrics on the widget with rather silly and meaningless numbers.  His first choice was one which John jokingly presented at a conference, the metric of kitten sneezes.

Please rest assured that we are doing everything in our power to recover control of the widget server, and to restore the widget to its proper, educational form.

UPDATE (12:26 PM EDT)

Doug's tests didn't pan out, so we're back to square one.  Every time we reset the widget, it gets set back.  Infuriating... Without knowing how he got in, the hacker is able to return at will (or perhaps he/she has a process running in the background, flipping the widget back whenever we correct it).

Our service provider says they have a "nuclear option," but it will mean that the widget, hacked or not, will be down for hours to days while we rebuild the server, so we hope to avoid that course of action.  It will also cost us per hour for their time, and we're not sure we can afford the size of the bill we'd get.

UPDATE (2:28 PM EDT)

We believe we have found a way to keep the hacker out of the system. We'll know soon. We also identified several trojans which were being executed on system start-up.  They were both re-installing the corrupted widget, and also re-installing other trojans.  We are currently working to confirm that we have found all of the trojans, and are hesitant to go the next step until we're certain we've got them all.  If we miss one, it may just restore everything to a corrupted state, and we have to start over.

Thank you for your continued patience.

UPDATE (3:59 PM EDT)

Still working on it.  This stuff is intricate, and there doesn't seem to be any one person who understands every part of what needs to be looked at.

On another note...

The hacker's choice of metrics is, while probably humorous to him (or her), in poor taste.

While originally conceived as a humorous take on the issue, David Appell at Quark Soup correctly pointed out that it is quite cruel.  In order to generate the number of kitten sneezes equivalent to the rate of global warming, every kitten on the planet — more than sixty seven million of them — would need to sneeze at the heinous rate of 110 million times per second.  Obviously, at that rate of sternutation, every kitten on the planet would vaporize itself in a tornadic blast of fur and cuteness.

That's just cruel.

The hacker's other metrics are no better, mocking such core items of Americana as cattle (well, cow farts), Big Macs, Santa, and the tried and true practice a twerking, a once reviled form of dance that will, some day, take it's place with The Tango, The Charleston, and The Twist.

UPDATE (6:05 PM EDT)

We continue to research the problem and wrestle with unexpected issues.  It will probably be a minute before midnight before this is properly resolved and the widget is restored.

Some people at Skeptical Science have taken the time to track down some of the numbers being used in the hacked widget.  The Santa metric is particularly interesting.  The numbers appear to have come from a book titled From Atoms to Galaxies: A Conceptual Physics Approach to Scientific Awareness.  Section 8.1.3, The Physics of Santa Claus, describes many different aspects of the Science of Christmas. 

Among them it evaluates the energy needed for Santa to travel up and down chimneys.  Perhaps the most amazing fact is that Santa must travel at 688,000 mph — faster than 10% of lightspeed — to get up and down all those chimneys in time.  Accelerating him to that speed accounts for the bulk of the energy use, and that is allowing for a blasphemously skinny Santa weighing only 100 kg.

The bovine flatulence metric appears to get the total methane production from Methane Emissions from Cattle, by Johnson and Johnson, 1995, which puts the figure at 80 teragrams per year.   The energy released by combusting methane is easy to find.  Of course, this doesn’t account for increases in cattle populations in the past twenty years.

Other figures are easier to verify.  The hacker at least seems to have done his (or her) homework.

But twerking by itself is just plain wrong.  Mixing twerking with science is an abomination.

UPDATE (7:43 PM EDT)

The widget has been restored to its proper, more scientific and meaningful metrics.

We will review the hacker's work, to determine if there is anything of benefit that we can tease out of his efforts.

For now, however, this affair is (thankfully) over.  We can finally move on with studying and communicating climate science.

Meanwhile, however, the earth's climate continues to absorb heat at the cruelly frightening rate of 7.4 quadrillion kitten sneezes per second.

0 0

Printable Version  |  Link to this page

Comments

Comments 1 to 12:

  1. How did you build the app, what is the host OS and where is it hosted?  There are innumerable ways to get at a service like this but the notion that if YOU change it it just changes back is intriguing. You have tripwire?  selinux? 

    When you built it you retained your source code.  No?    If the hosting provider is doing its job the virtual machine it is on should be replacable in a matter of hours, not days.  Given that this would be in the same EXACT configuration that the hacker has accessed and defaced however, it is not going to suffice.   You do have to do something to better secure it.  

    It is an indication of just how desperate the denialist community is, that they are resorting to this sort of childishness. 

     

    1 0
  2. On second thought.  Don't tell any of those details on line.  Send to my e-mail if you want.  Bad enough without advertising the details so people can plan how to attack.

    0 0
  3. The artwork on the hack is kinda nicely done though.  And the energy on the big macs seems to actually be correct rather than nonsense....

    April 1 in the USA and Europe.... makes you wonder...

    0 0
  4. You have a really old version of nginx running on that server.  4 years out of date and 4 major versions behind the current release.  Plenty of exploitable bugs in that version.

    You also have a bunch of services listening on other ports, the most critical I would say is X.org listening on port 6000.  The version of Apache listening on port 8080 is also quite out of date.  Even for the 2.2 branch you should be more recent than 2.2.16. There's no SSL on port 8080 either, which means the password you use there is transmitted in the clear.  There are also exploitable bugs in OpenSSH 5.5p1.  It wouldn't surprise me if Postfix was just as out of date and exploitable.

    Considering the attacker has had plenty of time to plant a rootkit, the nuclear option is the only option with a reliable outcome.

    0 0
  5. By the way, serving up a known compromised javascript widget from a trusted domain is irresponsible.  It should be taken down until it can be confirmed to be safe.

    0 0
  6. I think the original and now this hack demonstrates both how effective SKS is in countering the AGW denial and obfuscation movement, and how marginal and thus how desperate that camp has become as they lose ground in the fight for popular opinion and influence on pubic policy. I expect it will get even more intense with the release of the AR5 WG2 report and the building El Nino.

    1 0
  7. You guys are going to be up until midnight chasing down this hack, won't you ;)

    4 0
  8. You would think that they would put that kind of energy into doing something constructive. There are lots of scientific problems that have yet to be "cracked". Why can't they hack way at that kind of stuff?

    0 0
  9. I think numerobis at #7 has it figured out.  Took me a while too.  Hey waitaminnit, it's already April 2 in Australia!

    1 0
    Moderator Response:

    [BL] One of Santa's advantages, helping to fractionally reduce his energy consumption, is that due to timezones and such, it's actually Christmas Eve for 31 hours.  It gives him (and the Easter Bunny, and various other holiday workers) some extra hours to play with.

  10. I am seeing the proper display on the following browsers: Firefox, Google Chrome, Safari and Opera. However the "Kitten Sneezes" can still be seen on Internet Explorer.

    0 0
    Moderator Response:

    [BL] IE isn't as good at managing its cache as other browsers.  It will fix itself eventually.

  11. Doh! We was pawned on fools day.

    0 0
  12. Dunno, maybe the hack has an angle.  

     

    Which of these is more urgent:

    1. Save people living on overdeveloped, already sinking land Florida from invasive species, heat, fire and finally a watery doom. 

    OR

    2. Relieve chronic sneezing from 100 billion helpless wittle kitties!!!

     

    I rest my case.

    0 0

You need to be logged in to post a comment. Login via the left margin or if you're new, register here.



The Consensus Project Website

THE ESCALATOR

(free to republish)


© Copyright 2024 John Cook
Home | Translations | About Us | Privacy | Contact Us