HackedLefty

What happened when anonymouslefty.blogspot.com and boltwatch.blogspot.com were stolen by a hacker UPDATE 30 DECEMBER 2006 - BLOGS NOW RESTORED!

Friday, December 29, 2006

Password Security - Blogspot has none

Go into any competently run password protected computer service and enter a wrong password three or so times. What does the service do? It locks you out for an hour or so and sends you an email letting you know that someone has tried unsuccessfully to log into your account a few times. This (a) slows hackers down and (b) gives you warning that you're being attacked.

What does Blogspot do? Try it. Nothing.

So, I have a very simple theory on how I was hacked: someone ran a brute force password hacking tool through some kind of web script on my login until eventually it hit on the right one.

Which means it could happen to ANYONE using blogspot, no matter how strong their password. It's just a matter of time and will. If you keep quiet and don't piss off any psychos, you're probably okay. If you do... well. We've seen what happens.

I know BlogSpot is a free service. But this fundamental hole makes it effectively unusable. How can anyone spend time creating, developing, working on a blog if they know that at any time it could be hacked by some antisocial reject with a password cracking program and deleted? Offering a service for free doesn't absolve you of responsibility for running it properly.

(And to those unsympathetic spirits who keep blaming me for the whole thing, on the bases of "your password must not have been strong enough", "you're a whiner/apologist for Islamofascists/dickhead and therefore deserve it", or thinks this is some kind of brilliant publicity stunt (yes, see how my technorati rating has grown since losing AL) - I still hope it doesn't happen to you. But it would be ironic if it did.)

PS Five days and counting. Still no response from Blogspot.