This post is sure to ruffle some feathers…
Because I’ve been in the “not putting up with any BS” mood all weekend, I present to you some critiques of things you commonly see online:
As more information came in about the blogger hack, it is amazing how many people who immediately kicked in with their own “expert” opinions about what happened were so absolutely wrong. First it was “the blogger programming is obviously insecure”, then it was, “well that’s what they get for using IIS and SQL Server”, when in fact the hack was through an unpatched server running Red Hat Linux. Yes, it appears that even Linux has to be patched to remain secure, imagine that.
The second thing that seemed to be popular was “well I use Movable Type, so I don’t have to worry about security problems like this.”, no not really. If you’re running MT on a Red Hat server, you still have to have the same vulnerability patched, since it was a server vulnerability, not a blogging software vulnerability. Secondly, take a look at Phil’s post about spammers using a script to comment to every one of your MT posts. Sounds like an issue to me, although it obviously isn’t limited to MT.
My point is not to trash MT and Red Hat, but it is to point out to those of you who have an “expert” opinion about every security hole out there, that security is a problem for every OS, every software package, and every PC on the internet, not just the one’s you happen to not like. Those are both examples of fine software, but software that still requires you to pay attention to security issues! I am so tired of hearing from supposed experts that because of the software they use, they don’t have to worry about security holes. Anyone who would say such a thing is obviously not an expert, and it’s an opinion you should pay absolutely no heed to at all! Blogger got hacked because they missed a security issue and failed to patch one of their servers. They messed up and got caught, just like hundreds of other websites have. If you think it’s so easy and that you would never get caught like that, maybe you should open up your own hosting company and prove it instead of bitching from the sidelines.
We don’t host websites at my job, but there have certainly been issues that I missed, or made the wrong call on. It happens. You fix it, admit you screwed up and move on with your life.
Follow these topics: Uncategorized
