stwschool
July 7th, 2009, 03:13 PM
Just a little something to chew over..
Lets say you're a horrible evil hacker type. You know that your boss is running Opera Unite and you don't like him for whatever reason. Let's say that Opera Unite has a security problem, and being a naughty hacker you put something on his web server for all to see. We have a problem right?
Thing is that this thing has a similar status to facebook or myspace or whatever, as a place to put your personal stuff on the net and let your mates see it. So imagine their confusion when they see the goatse man.
Now at least on facebook or myspace, the servers are (we hope) maintained by trained professionals, but this is maintained by an average user. The problem here is that your average computer user isn't that bright. Should we really be encouraging them to run a server, much less one with public visibility?
Taking it a little further, lets say I'm really nefarious.. normally if I set up a phishing scam I've got to get some webspace, and find a way of doing it without leaving a trace of a transaction (which means probably taking a compromised web server, probably maintained by a professional, a reasonably tricky task). However, now I've got access to a huge resource, a vast number of idiots running webservers. So.. that's gonna end well isn't it.
The problem here is that it's just too ill-conceived for words. Seriously, WHAT were they thinking of?
Lets say you're a horrible evil hacker type. You know that your boss is running Opera Unite and you don't like him for whatever reason. Let's say that Opera Unite has a security problem, and being a naughty hacker you put something on his web server for all to see. We have a problem right?
Thing is that this thing has a similar status to facebook or myspace or whatever, as a place to put your personal stuff on the net and let your mates see it. So imagine their confusion when they see the goatse man.
Now at least on facebook or myspace, the servers are (we hope) maintained by trained professionals, but this is maintained by an average user. The problem here is that your average computer user isn't that bright. Should we really be encouraging them to run a server, much less one with public visibility?
Taking it a little further, lets say I'm really nefarious.. normally if I set up a phishing scam I've got to get some webspace, and find a way of doing it without leaving a trace of a transaction (which means probably taking a compromised web server, probably maintained by a professional, a reasonably tricky task). However, now I've got access to a huge resource, a vast number of idiots running webservers. So.. that's gonna end well isn't it.
The problem here is that it's just too ill-conceived for words. Seriously, WHAT were they thinking of?