yur site is hacked
-
http://newscoop-demo.sourcefabric.org/ your demo site has been hacked, strange whata security
-
4 Comments sorted by
-
Vote Up0Vote Down
Andrey Podshivalov
March 2011
Posts: 1,526Member, Administrator, Sourcefabric Team
you should understand that demo allows you full administrative rights. It allows to try template in live mode. May be we should restrict template write access? Then you can not play with newscoop template language. Well, if some dummy will try again I think we'll decline a write access. -
Thanks for letting us know akhter. As Andrey says, we want to allow
people to test full functionality, and the only way to do this is with
an open account and password...
This of course isn't a Newscoop security issue per se, but rather a good
reminder to employ good password policy on your own site with strong
passwords that are changed often. From our point of view, we're
favouring openness and trust for now on the demo, but we'll keep this
under constant review.
-
got it sir thanks a lot
-
i can't resist to add to this thread as well.
firstly, thanks akhter for catching this and posting it here. on our servers there is a regular schedule (i think one hour? possibly we might shorten this?) by which our demo sites are being reinstalled automatically. andrey is very good at planning and implementing such strategies. we have this set-up, because we expect vandalism on the demo site. what else would you expect when you leave your car alone with open doors in a busy street at night?
also - my personal opinion - hackers have often helped to improve newscoop or airtime. we frequently get security alerts and we get them by amateur or professional hackers and security experts who find vulnerabilities. this is not only the case for our products, this is the case for all software development. especially open source developments benefit from these inputs. closed and commercial projects usually find it more difficult to admit that they benefit from it. if you go through the backlog of our newsletters you will find a series of security warnings and fixes we implemented. this is the daily bread of software development like ours.
hacking is a creative job. being a hacker requires skill, talent, training, instinct and creative thinking. you need to "find a way or make one" (to quote our own slogan from last years sourcecamp). when you get people to put their skill to challenge your product, you can only benefit. and we have.
vandalism ... not so helpful. MYk logged into our demo site and changed the templates to put up his or her MYk-picture, well, this is why we have a demo site: test our stuff. i feel like replying: "thanks for trying our software. if you want to stay informed, please subscribe to our newsletter".
to cut a long story short: we get security alerts and react to them like any professional in the business. and this makes our software better. this is a fundamental paradigm of open source development which is called linus' law : "given enough eyeballs, all bugs are shallow".
thanks for listening, back to business. all the best,
micz
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- All Discussions8,397
- Sourcefabric
- ↳ Announcements25
- Newscoop
- ↳ Newscoop Support2,189
- ↳ Newscoop Development722
- ↳ Newscoop Security13
- ↳ Newscoop Documentation17
- ↳ Newscoop Themes69
- Airtime
- ↳ Airtime Support3,139
- ↳ Airtime Development1,286
- ↳ Airtime Français146
- ↳ Airtime Documentation14
- ↳ Airtime Hacks102
- ↳ Promote your station!37
- ↳ Airtime Security11
- Booktype
- ↳ Booktype Support277
- ↳ Booktype Development55
- ↳ Booktype Documentation7
- Superdesk
- ↳ Superdesk Development264
- ↳ Web Publisher21
Poll
No poll attached to this discussion.Top Posters
-
Albert FR
1978
-
Martin Konecny
1860
-
Andrey Podshivalov
1526
-
Voisses Tech
1423
-
John Chewter
899
-
Daniel James
844
-
Roger Wilco
784
-
hoerich
627
-
Paul Baranowski
389
-
Cliff Wang
339