
Blog post id enumeration can lead to unwanted information disclosure

With the rampant speculation there will be a new Raspberry Pi model released next week, I was wondering if the official Raspberry Pi blog might reveal anything of interest; they just posted a Four Years of Pi blog post on the 26th, which highlighted the past four years, and mentioned the excitement surrounding 4th anniversary of Pi sales, coming up on February 29th, 2016.

Glancing at the blog's source, I noticed it looks like a Wordpress blog (using httpie on the cli):

$ http | grep generator
<meta name="generator" content="WordPress 4.4.2" />

Having set up a few WP sites in the past, I knew there was a simple way to load content by its ID, using a URL in the form:

Staying Current - Tech News and Development Trends

Ever since I've been able to access the Internet, I have been passionate about finding reliable, informative sources for news about all things tech. I have limited bandwidth, so I like high quality, low noise sources.

Joy of Tech - Information Overload
Source: Joy of Tech

People who don't closely follow tech news and the hacker culture closely wonder how I stay informed about rapidly-changing trends in programming and development and still have a life. The same people often wonder how people I have an answer for almost every question (simpleā€”I just Google it).

Midwestern Mac HQ - The Workstation

So, what computers, peripherals, and software do I use to manage all the websites I create, fix all your Macs, edit photos, and design graphics? I think this is an important question to answer, for two reasons: 1) You can see what I use, and see that I don't take any project lightly; and 2) You can hopefully learn something from my setup that can increase your own productivity!

My Workstation

(Click on the image above for a larger version, complete with detailed notes). You can see two basic themes from a general overview of the picture: First, there is a major lack of space at my workstation. Second, the space I do have is optimized to its fullest potential.