Categories
Random

On the insecurity of Blogger…

First things first – here’s a quick (rough) timeline of what happened from my perspective:

  • 3.30pm Phil Gyford notices that something has gone wrong with the listing of plasticbag.org posts on Haddock blogs. My assumption? Something has gone wrong with haddock blogs…
  • 3.40pm A quick glance at my RSS feed revealed that each and every link attribute on my RSS feed now read as ‘hacx0red’. My assumption? Someone has hacked into my server…
  • 3.45pm In still logged into my Blogger account so I go and check the settings. There’s something very wrong going on – my password, my e-mail address and the URL for my site have been replaced with the word ‘hacx0red’. My assumption? Someone has hacked into my Blogger account…
    Screenshot One
    Screenshot Two
    Screenshot Three

  • 3.50pm Beacuse I’m nervous about logging out, I try logging in with a different user name in a different browser. This does not work. My assumption? The world’s gone freakin’ craaaazy
  • 3.53pm I start telling people that I think Blogger’s been hacked. People freak out.
  • 4.00pm The UK’s weblogger mailing list becomes full of nervous people, and the information starts going out. Various people try to work out how to get in contact with Ev. We finally manage to get the word to Anil Dash who sends the word on further…
  • 4.10pm Danny O’Brien and Phil Gyford are getting the word out to Scripting.com.

So where does this leave us? It leaves us nervous, I think. It leaves us with less faith than before that it’s safe to leave the collective writings of years in the hands of a centralised service like Blogger. What would be lost if 700,000 people lost days, weeks, months or years of writing at the same time? Significantly I think if there was an import / export facility to Blogger that would allow people to keep their own back-ups, then this would be less of an issue. In the meantime, I’m afraid I have to confess that while I’m very impressed by the speed of Blogger’s reaction, I’m not overly impressed by the stuff that they’ve written about the experience. I think it’s important that someone explains to us why we should not be worried by this hack on an archive of content that – after all – was created and belongs to each of us…

Further reading: Slashdot.org, Anil Dash, Quicktopic thread, Blogger Status.