Tags
JISHOU, HUNAN — Present and former IT guys like me are probably thanking the Gods of Silicon that it wasn’t one of us who got caught with our pants down at Gawker.com. Outsiders have been roaming around inside Gawker Media’s computer systems for the past month, downloading all kinds of stuff that supposed to be top secret.
Users’ passwords are just a start. Gawker’s computer systems have been laid out like a murder victim on an autopsy table: access to their databases, FTP access to other computer systems, the entire source code of their website, a custom-designed content management system (CMS). It’s all out there in Internet-land now.
Daniel Kennedy, who writes for Forbes.com, has a complete post-mortem of the victim. There’s a lot of lessons contained in it.
Why did it happen? It seems Gawker’s officers made light of the hacking/cracking skills of coders who spend time at 4chan and similar coder hangouts. As the recent Wikileaks reprisal attacks on Amazon, Visa, Mastercard, PayPal and other big names have shown, no system is invulnerable. Calling these kind of experts “script kiddies,” as Gawker’s leaders did, is sure to piss some of them off.
How did it happen? Details are still missing, but it seems the tech guys at Gawker were running the shop a little too casually, and the powers-that-be were a little too over-confident about the impregnability of their systems. Despite early warning signs, they carried on as if nothing serious had happened. Some users’ passwords got revealed? No big deal, said one Gawker boss. It’s just the “peasants.” (See image below.)
It was like going full steam ahead in icy waters, confident in your ship’s “un-sinkability.” We all know how that exercise in navigation turned out.
Unlike the HMS Titanic, however, Gawker is still online, sailing the Internet seas. But its staff has a ton of work to do now, to make sure the ship can still stay afloat. I’m just glad I’m not in their shoes right now.
Janice H Quinn said:
Whoops!?!
Sam Gauss said:
Lol. Richard L can clean out his desk now.
Brent Doctor said:
I'd be interested to know what you think of Anonymous, Mr. Wheaton?
Angela Katz said:
I love reading your posts, John. Keep it up. Very entertaining.
Mary Ellen Curtin said:
Thanks for the link, John — I hadn't realized the hack included the entire source code. Wow.I am keeping a bookmark to that article, to use as ammo for clients who insist on using dictionary words as passwords.
John Wheaton said:
According to the BBC, the most common passwords from the Gawker dump were 123456, password, 12345678, lifehack, qwerty, 123abc, and 111111. Lame.
John Wheaton said:
Brent — I have mixed feelings about anonymous. I've managed websites and systems, so hackers are frankly a pain in the ass. These guys are mostly being vindictive, but Gawker media was being plain lazy. Their security was lax. Sooner or later someone would take them down. Anonymous probably did them a favor.
David Hochman said:
Good riddance to Gawker Media's reputation. They run the most vile sites among the top-visited places. There is no vulgarity they will not stoop to. To me, the snarky, gossipy orientation of Gawker and its PG-rated colleagues in the Gawker Media stable are more offensive by far than their R-rated sites and even than frank pornography. We should never forgive Gawker Media for having unleashed Wonkette on us (they eventually sold it), run in its early days by the truly disgusting Ana Marie Cox.
Kirk Petersen said:
David, I enjoyed Wonkette while Ana Marie Cox was writing it. How is she disgusting? Vulgar, I'll give you.
David Hochman said:
I don't know what to say, Kirk. She just was. I grant that vulgarity does not always equal disgusting, but in this case it seemed so in spades.