More details can be found here http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

Summary from Mark Maunder

An image resizing utility called timthumb.php is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. I haven’t audited the rest of the code, so this may or may not fix all vulnerabilities. Also recursively grep your WordPress directory and subdirs for the base64_decode function and look out for long encoded strings to check if you’ve been compromised.

Today, remembering this, I ran a search across the 90 websites hosted on the webserver we use in the office (only 4 or 5 are wordpress installations) and was surprised to find that we were using a theme with timthumb in it!

The command to find all files named timthumb.php in subdirectories of the current directory on linux is

find . -name ‘timthumb.php’

It turned up for us in a theme we had recently modified to suit a new client. The theme is Athena - Athena’s author is on holiday at the moment but I have emailed to ask them to update the version of timthumb to the latest to ensure no one else is vulnerable in this way.

Timthumb’s author has already released a patched version after being subject to the vulnerability being exploited.

After finding any timthumb.php copies, the quick solution is to find an array named $allowedSites and remove any entries from it. This will stop unauthenticated users from being able to download remote files to the timthumb temporary files folder and executing them.

Incidents like this really highlight the (justified) risks one takes in using 3rd party code.

http://strengthandperformance.wordpress.com/2011/07/13/uksa-2011/

About 2 weeks ago I heard about a local novice “strongman” competition being put on by a local gym.

For full details you can view their blog article at http://strengthandperformance.wordpress.com/2011/04/28/uksa-i-july-12/

After a couple of days deliberating whether it was worth trying, I applied for the over 90kg weight class (after checking that my 105kg would be allowed!) – I’ve paid my £20 and will be participating as long as I don’t injure myself between now and then.

Since then I’ve been doing my regular gym routine interspersed with a couple of days a week doing event training. This has been at Olympic Sports Gym in Ashton and near home using a sandbag created with cheap bits from Amazon and B&Q (another post will follow with suggestions for that at some point.)

Although the competition is very light in strongman terms, i’ve decided to get some films online of my training attempts, using my 5 year old youtube account. Adam Bell on youtube

The blog software is configured to automatically post any videos I upload as articles on here, so expect to see some of those popping up (or subscribe to the channel)

Training

Farmers Walk

Training Weight: 95kg x 2
Competition Weight: 90kg x 2

Olympic Sports Gym has been great for letting my push my lifts up – my first attempt at the farmers walk only resulted in about 4 metres of walking, about 8% of what I need to do on the day! I’ve uploaded a video of my current best attempt – 50 metres in about a minute including rest time. I’ve got 2 more farmers walk sessions planned before comp day to sort that out.

Tyre Flip

Training Weight: 330kg
Competition Weight: 250kg

My first try was a total failure, I got the tyre about a foot off the ground, not close enough to result in a flip.

There’s a video on here of my later tries from Monday, flipped the required 3 times, just need to improve the speed before the 10th July.

Log Press

Training Weight: 80kg
Competition Weight: 80kg

This wasn’t an issue the first time I tried, I’ve just been trying hard to increase the number of reps I can do in one go from 6. I need to time this with a stopwatch and decide how long I can rest between reps to get the best count.

Sled Drag

Training Weight: 160kg (on cement)
Competition Weight: 140kg (on astro)

This wasn’t a problem, just needs practice to improve technique and speed

Arm over Arm Sled Pull

Not done any training for this, i’m planning on just winging it