My clients demand that our systems be "totally secure". If something even hints of going wrong, I often get very angry and condescending phone calls. I try to tell people that computers and the Internet are in their infancy. There are many ways to compromise a computer system and the day that there is not is the day innovation stops.
So we have to assume a certain amount of risk tolerance when we venture forth into the world of net based business.
This week, even vaunted Google was hacked. The post was actually quite brilliant and has made its point.
What was also interesting is that we in the net community quickly picked up on and started blogging about the post, even though many expressed confusion about the poor grammar and misspellings. So we started discussing information from a trusted source, even though we felt something was fishy.
Now, imagine if that hacker was a little smarter. What if that hacker popped into a long blog post and removed a key zero in a figure or removed the word "Not" from a key sentence. It may take days to figure out the error - by which time massive damage could be done.
This hacker had a key message to deliver and went for that. But his message was deliberate and obvious. It was easy to spot and remove.
What happens when it's not so apparent? This stuff is neonatal. We feel secure, but are we vigilant?
Technorati Tags: google, hacking, security, click-to-call
powered by performancing firefox
The hint in the comments log from Techcrunch that I forwarded to my blog was that this was an exploit of a hole in the Metaweblog API and RSS, not solely something in Google. I haven't yet been able to confirm that
allegation, but expect that this is just a single high profile instance of what might be more broad probing of Web 2.0 APIs often cobbled together with an eye to quick implementation and short shrift to security.
Posted by: Ed Vielmetti | 09 October 2006 at 13:42
I have the same fear. As APIs allow the introduction of information from secondary or tertiary sources, the opportunities for mal-includes are plentiful.
Posted by: Jim Benson | 09 October 2006 at 16:00