Password Security - Blogspot has none
Go into any competently run password protected computer service and enter a wrong password three or so times. What does the service do? It locks you out for an hour or so and sends you an email letting you know that someone has tried unsuccessfully to log into your account a few times. This (a) slows hackers down and (b) gives you warning that you're being attacked.
What does Blogspot do? Try it. Nothing.
So, I have a very simple theory on how I was hacked: someone ran a brute force password hacking tool through some kind of web script on my login until eventually it hit on the right one.
Which means it could happen to ANYONE using blogspot, no matter how strong their password. It's just a matter of time and will. If you keep quiet and don't piss off any psychos, you're probably okay. If you do... well. We've seen what happens.
I know BlogSpot is a free service. But this fundamental hole makes it effectively unusable. How can anyone spend time creating, developing, working on a blog if they know that at any time it could be hacked by some antisocial reject with a password cracking program and deleted? Offering a service for free doesn't absolve you of responsibility for running it properly.
(And to those unsympathetic spirits who keep blaming me for the whole thing, on the bases of "your password must not have been strong enough", "you're a whiner/apologist for Islamofascists/dickhead and therefore deserve it", or thinks this is some kind of brilliant publicity stunt (yes, see how my technorati rating has grown since losing AL) - I still hope it doesn't happen to you. But it would be ironic if it did.)
PS Five days and counting. Still no response from Blogspot.
What does Blogspot do? Try it. Nothing.
So, I have a very simple theory on how I was hacked: someone ran a brute force password hacking tool through some kind of web script on my login until eventually it hit on the right one.
Which means it could happen to ANYONE using blogspot, no matter how strong their password. It's just a matter of time and will. If you keep quiet and don't piss off any psychos, you're probably okay. If you do... well. We've seen what happens.
I know BlogSpot is a free service. But this fundamental hole makes it effectively unusable. How can anyone spend time creating, developing, working on a blog if they know that at any time it could be hacked by some antisocial reject with a password cracking program and deleted? Offering a service for free doesn't absolve you of responsibility for running it properly.
(And to those unsympathetic spirits who keep blaming me for the whole thing, on the bases of "your password must not have been strong enough", "you're a whiner/apologist for Islamofascists/dickhead and therefore deserve it", or thinks this is some kind of brilliant publicity stunt (yes, see how my technorati rating has grown since losing AL) - I still hope it doesn't happen to you. But it would be ironic if it did.)
PS Five days and counting. Still no response from Blogspot.
posted by Jeremy @ 7:54 AM
|
<< Home