Click images for more details



Recent comments
Recent posts
Currently discussing

A few sites I've stumbled across recently....

Powered by Squarespace
« Climate models hopelessly simplistic | Main | On Nature's data policy »

RealClimate's take on the year

Gavin Schmidt has posted up his take on the past year. It's pretty much as one might have predicted, but this comment and response from Lucia was interesting.

LUCIA: Gavin– My visitors always ask and I can’t answer: Was the break-in to the Wordpress Admin area only? Or did they hack onto the hosted account on the server?

GAVIN: They used something to directly access the backend mySQL database (to export the password/user details to file prior to erasing them in the database) and to monitor logins to the ssh account. Neither of these things are standard Wordpress functions. I conclude therefore they must have hacked both, though the actual entry point is obscure. - gavin]


PrintView Printer Friendly Version

Reader Comments (41)

12 months makes a lot of difference to some!

Nov 21, 2010 at 10:03 AM | Unregistered CommenterLord Beaverbrook

Bad post. I hate going to RC and being subjected to all those unctuous articles and even more unctuous comments.

Nov 21, 2010 at 10:09 AM | Unregistered CommenterPhillip Bratby

Two words - dynamic sql - big problems.

Nov 21, 2010 at 10:25 AM | Unregistered CommenterMac

They probably had a blank SA (system admin) account password or worse the SA account password was "SA" or "password", Gary McKinnon compromised NASA workstations because the had blank administrator account passwords.

Culpability if this is the case is just as much with the owners of the hacked system as with the hackers, look at what happened to the recent hacking of the law firm that was making profits from alleged P2P downloading of movies when you P off people with more technical knowledge than you possess; same for climategate.

Nov 21, 2010 at 11:20 AM | Unregistered CommenterJason F

SQL back-end, Web front-end - generally bad news. Unless they take extreme care, an SQL injection attack will reveal much more than intended.

That is: in a web form field you include SQL code that can be executed. This has been done thousands of times.

e.g. "select username password from users"

Nov 21, 2010 at 12:17 PM | Unregistered CommenterJerry

Wikipedia explains sql injection here:

Although now the wiki page has been mentioned in a climate related blog I expect Connolley will be busy changing the page so that CO2 is blamed for the code injection ;)

Nov 21, 2010 at 12:54 PM | Unregistered CommenterTerryS

I'm reminded of Feynman and his lock-picking.

Nov 21, 2010 at 12:59 PM | Unregistered Commenterkim

Heh, it is a nice thread at RC. Balasz has it around #30, and Isotopious is cutting close to Gavin's bone.

Nov 21, 2010 at 1:18 PM | Unregistered Commenterkim


Nov 21, 2010 at 2:21 PM | Unregistered CommenterBBD

Gavin says:

"The posts we put up initially are still valid today – and the 1000’s of comment stand as testimony to the contemporary fervour of the conversation:"

This is pure propaganda. Literally a dozen of my posts went swirling down the hole at the time. Realclimate is deleting comments *now*, as we speak.

Rewriting history must be hard work indeed.

Nov 21, 2010 at 2:31 PM | Unregistered CommenterShub

That is: in a web form field you include SQL code that can be executed. This has been done thousands of times.

It's pretty easy to prevent that from happening if you know anything about security p.

Nov 21, 2010 at 2:49 PM | Unregistered CommenterRobinson

You have ask why there still trying to sell the ‘hack idea’ despite the police finding no evidence, after all it makes no differences to the contents and their implications how these e-mails got out.
Is just of case of them not being able to face up to the idea of it being an insider, or are they still hanging on to hope that they can discredit the contents by claiming ‘hack’ ?.

Still I do hope GAVIN has put his ‘evidence ‘ proving it was a hack forward to the police , as perverting the course of justice is a crime .

Nov 21, 2010 at 3:29 PM | Unregistered CommenterKnR

This must narrow it down but equally makes it possibly more likely than not that this was an inside job. Who at CRU had site admin privileges for realclimate?

As for Wordpress, I very strongly doubt that there is an open SQL injection vulnerability: it's a massively widely used and open source blog platform - someone would have encountered this and raised a bug.

Nov 21, 2010 at 3:46 PM | Unregistered CommenterThe Pedant-General

I read the response comments down to around 25 and not one comment was critical of Gavin or RC. The moderator must get paid extra to delete all those other comments.

Nov 21, 2010 at 4:13 PM | Unregistered CommenterDung

I haven't been to RC on this thread but the description quoted here sounds an awful lot like "I don't have a clue but I'm going to throw a bunch of stuff up there that doesn't point at me being sloppy."

Nov 21, 2010 at 4:21 PM | Unregistered CommenterJEM

As for Wordpress, I very strongly doubt that there is an open SQL injection vulnerability: it's a massively widely used and open source blog platform - someone would have encountered this and raised a bug.

Try looking here

This lists some of the security vulnerabilities in wordpress (there are many more). More are being found continually and some remain unpatched for relatively long periods of time.

Nov 21, 2010 at 4:22 PM | Unregistered CommenterTerryS


Ouch. I have (very) recently become (very) concerned about the apparently multitudinous security vulnerabilities of blogs.

Nov 21, 2010 at 4:28 PM | Unregistered CommenterBBD

The Bish is to be complimented on his choice of host (no pun intended; too awful).

Unlike Wordpress, as RC and others have discovered, SquareSpace is apparently regarded as pretty watertight. Which is encouraging.

Nov 21, 2010 at 5:01 PM | Unregistered CommenterBBD

Any one involved in IT security will tell you that most successful hacks are inside jobs or some one who left with the passwords. After that it is misconfiguration, followed by a failure to patch.

Nov 21, 2010 at 8:17 PM | Unregistered CommenterjV

Like Philip B above, I can't stay long in RC's comments without risking losing the contents of my stomach (we're told they set this up for PR, apparently), but this is just jaw-hangingly delusional:

Gavin says: (Comment 31)

"...If you mean the mainstream IPCC view (i.e. most of the warming in recent decades is due to ghgs - and I note this is not a theory, but rather a result)."

Result? He's discussing the output of ClimateGate here - with the likes of Ed 'we know we know [snip]-all' Cook and Kevin 'where's the warming' Trenberth.

Give me strength.

Nov 21, 2010 at 8:18 PM | Unregistered CommenterSayNoToFearmongers

There was a climatologist from NASA
Who could argue in terms post-Kafka
He hid the decline
Upheld the team's line
Endlessly reciting the old mantra

Nov 21, 2010 at 9:24 PM | Unregistered CommenterZT

Slightly OT Andrew. I watched the Swedish video about AGW on Steve M's site and at one point they asked Gavin about the email in which Jones described MM05 as "garbage". Gavin looked straight at the camera and said "It is garbage". MM05 to any independent statistician is not "garbage" and anybody describing it in that way forfeits the right to call himself a scientist. The comment says all you need to know about Gavin.

Nov 21, 2010 at 9:54 PM | Unregistered CommenterJohn Hewitt

Elmer bit and Elmer had a look at RC. Now Elmer feels pure manky, by the way.

Nov 21, 2010 at 10:11 PM | Unregistered CommenterElmer Fudd

There was a climatologist from Penn State
who studied tree rings and their growth rate
he found quite a few
which grew fast with CO2
but none after 1960, hence climategate.

Nov 21, 2010 at 10:49 PM | Unregistered Commenterlapogus

"Gavin says: (Comment 31) '...If you mean the mainstream IPCC view (i.e. most of the warming in recent decades is due to ghgs - and I note this is not a theory, but rather a result).' "

Yes, a result of running Wank-O-Matic climate models. [Garbage in] => [Garbage out]³

Nov 22, 2010 at 12:01 AM | Unregistered Commenterjorgekafkazar

Reminds me of Little Bobby Tables

Nov 22, 2010 at 12:32 AM | Unregistered CommenterEric (skeptic)

Well, my theory is still that Tamino unwittingly provided the gateway into the Team circle that eventually led to Climategate - and very likely the break-in to the RC server. He was using a Hotmail account for his emails which (apparently) is notoriously easy to crack. All it would have taken is for someone to quietly snoop on his exchanges for a few months and the cat would be very much out of the bag. He also went offline for a few weeks with a mysterious double hand injury just before Climategate broke into the public domain.

Nov 22, 2010 at 1:37 AM | Unregistered CommenterPeter S

I've given my opinion over at Lucia's, and I'll repeat it here. Anyone who knows a reasonable amount about the subject will conclude the attacks' most likely vector was social engineering. It's not certain, but it is almost overwhelmingly likely. Any half-competent social engineer - phisher, if you're not aware of the term - could have duped the CRU crew into revealing all the necessary information to log-in as admin on any system they had the details for.

Occam's razor strongly favours this explanation, since it explains everything in one go, and is extremely simple. All the other vectors require multiple hacks - vanishingly unlikely, in the real world, since hacking in the Hollywood sense is basically non-existent - or multiple server misconfigurations by multiple sysadmins on different networks.

Nov 22, 2010 at 1:37 AM | Unregistered Commenterdave

Isotopious persists with an excellent stretch run, but manacker closes with comment #100. Don't miss the finish.

Nov 22, 2010 at 2:09 PM | Unregistered Commenterkim

How much RC work is on NASA time I wonder? Is it approved, tacitly or otherwise, or does Gavin wait until he gets home..?

Nov 22, 2010 at 3:14 PM | Unregistered CommenterJames P

Oh, that's been asked before, James P.

'Your tax dollars at work'...

Nov 22, 2010 at 3:45 PM | Unregistered CommenterBBD

I wonder if you have paid any attention to this, from Phil Jones

“Real Climate were given information, but took it down off their site and told me they would send it across to me. They didn’t do that. I only found out it had been released five minutes ago.”

Look at the camirror website thread where Jeff ID reports bizarre emails from Gavin during this period. (here

Nov 22, 2010 at 4:51 PM | Unregistered CommenterShub

Patchy's doing an anniversary piece too

Quote Nov 2009

"IPCC studies only peer-review science. Let someone publish the data in a decent credible publication. I am sure IPCC would then accept it, otherwise we can just throw it into the dustbin."

Quote Nov 2010

He also defended the use of reports by advocacy organisations and official agencies, especially in developing countries which may not have funding for scientific expeditions.

Thats ok then.

Nov 22, 2010 at 5:35 PM | Unregistered CommenterJohnH

"IPCC studies only peer-review science"

So how did the other stuff get in?

Yeah, I know, it was a long document, and they didn't have the time/money/IQ/biscuits to check it...

Nov 22, 2010 at 6:16 PM | Unregistered CommenterJames P


Your link is interesting.
Try this

WordPress Charset SQL Injection Vulnerability

Executing this attack alone results in exposure of all database content on web interface without need of authentication. However, if combined with other exploits (such as cookie authentication vulnerability in, any remote user can obtain WordPress admin privilege, resulting in server compromise.

Nov 22, 2010 at 6:39 PM | Unregistered Commenterandyscrase

"Locks are to keep honest people honest"

Just a thought. And, BTW Gavin - I'd be real interested in seeing some logs showing said SQL injection attack. If in fact it occurred.

Nov 22, 2010 at 7:11 PM | Unregistered Commentermojo

PS: Am I supposed to be surprised that the UEA is running old, unpatched software?

Nov 22, 2010 at 7:12 PM | Unregistered Commentermojo

My frank take is that Gavin is lying about his hack.

Nov 22, 2010 at 7:49 PM | Unregistered Commenterhunter

I agree with hunter. He's not savvy enough to realize the injection vector but more than enough to have noticed the intrusion in the first place? Even a 2nd rate data security company would have identified the injection vector or vectors, addressed them with their customer (Gavin) in full and included full documentation for the exploit and their counter along with the bill. Its all part and parcel of the data security service itself and as far as I know personally, been that way since 1989. The only way to NOT have such is in its never having occurred.

Nov 22, 2010 at 9:27 PM | Unregistered CommenterAlan F

Hottest year ever?

In conclusion to that post he says ..

"In the meantime we’ve had one of the hottest years on record"

Is it, it certainly hasn't felt like it and I know the UK and the USA had unusually cold spells at the
start of the year.

Does anyone have a link to an 'honest' assessment?



Nov 23, 2010 at 9:33 AM | Unregistered CommenterNial

"... though the actual entry point is obscure. - gavin"

The actual entry point was probably the Administrative passwords that these geniuses shared among themselves by e-mail!!!


Nov 23, 2010 at 9:47 PM | Unregistered Commenterkuhnkat

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>