Yesterday, I blogged about one security expert Winn Schwartau’s blog being compromised. Today, he responds:
Laugh, cry…whatever. Welcome to the Internet.
When I heard about this a few days ago I sort of ignored it because I have been using the InfowarCon blog instead and thought we had closed this one down.
Alas, we didn’t for either technical or social reasons. Whatever.
A bit of research shows that these attacks were openly reported in March of this year and it seems folks are getting blasted everywhere.
2 Points. Maybe more.
1. Blogger is an SaaS, a web application. If any of the bloggers get nailed, it’s because (a) the servers and or its code got nailed or (b) the software allows the publishing /installation and perhaps operation of active code.
Either way, an SaaS should provide adequate protection against such obvious types of attacks. Perhaps there is a rooting going on? I don’t know and don’t have the time/inclination to figger it out. That’s there job.
2. Anyone, anywhere, anytime can get hosed. Even we ‘security experts’ screw up. Yup. It’s true. We are human. Should I have noticed earlier? Perhaps, but it wasn’t on my radar screen. Should I freak out? Nope. Not a damn thing I can do about it but bitch, and it seems that blogger is now appropriately blocking it for the good of the preservation of the species.
3. It’s going to happen again. Applications and operating environments need to have security built in from the very beginning, not as a multi-billion dollard post O/S afterthought from poor initial design and specifications.
SaaS, as we move more apps to the Net are going to get hosed, as seems to be happening with the social networking sites of infinite flavor.
Rant almost over…
Thanks for the notice and update. I don’t really mind being a victim here… it teaches me something, keeps us experts humble (I hope) and provides a very clear lesson for non-technical users.
Thanks
Winn
Winn, we all understand and thanks for the clarification.
Alex Eckelberry