Blogger Hacked
October 25, 2002 10:57 AM Subscribe
Blogger Hacked A slashdot reader reported (on slashdot) that "Blogger has been severely hacked into, with users' passwords and e-mail addresses being replaced with 'hacx0redbyme' or 'hax0redbyme.' " Perhaps the most amusing comment in the ensuing discussion says "I'm glad I don't use a blog... I wouldn't want some l337 hax0r coming in and reading everything about my personal life!" But levity aside, is there some serious implication that a widely used web service is hacked? Is Pyra safe to use?
One other thing... it's really interesting that almost every time blogs are discussed on slashdot, there's a large variety of comments about the merits of blogs in general, and they're usually pretty negative. One from this discussion was "Hacking a blog is like littering in a dump." I'm not sure what to make of this... it's clear that many blogs suck, but then again, lots of indie music sucks too, in much the same way, and most slash discussions venerate it. And it's clear there are some fantastic weblogs out there. What do you make of it?
posted by namespan at 11:08 AM on October 25, 2002
posted by namespan at 11:08 AM on October 25, 2002
friggin hackers.
not only are people waiting for me to tell them what i thought about survivor last night, but i had such a good Friday Five for everyone! :(
posted by tsarfan at 11:08 AM on October 25, 2002
not only are people waiting for me to tell them what i thought about survivor last night, but i had such a good Friday Five for everyone! :(
posted by tsarfan at 11:08 AM on October 25, 2002
I haven't been going to /. as much, simply because all of the links of interest to me wind up here or on BoingBoing...or MacSlash.....and if it's blog related Blogroots.
posted by mkelley at 11:12 AM on October 25, 2002
posted by mkelley at 11:12 AM on October 25, 2002
It's a good thing Metafilter can't be hacx0redbyme. It's reassuring to know that hacx0redbymehowie has a lot more on the hacx0redbyme than those hacx0redbyme at pyra. Keep up the good hacx0redbyme!
posted by soyjoy at 11:13 AM on October 25, 2002
posted by soyjoy at 11:13 AM on October 25, 2002
There are obvious variations in the quality of blogs, as there is in everything else. These guys are rabid because they are into something besides blogs. It's why people who drive Fords hate Chevys, PC users hate Mac users, et cetera: it's not enough to not use something and leave it alone, you have to attack the other tribe.
posted by Hildago at 11:16 AM on October 25, 2002
posted by Hildago at 11:16 AM on October 25, 2002
Metatalk thread from last years christmas hack. IIRC, this hack is getting much more attention from outside the realm of Blogger.com users than the previous one.
That can have two reasons: first, it was the holidays, and people had more important stuff to worry about in "real life", and second, Blogger now has paid users, and got lots of attention throughout 2002.
posted by falameufilho at 11:19 AM on October 25, 2002
That can have two reasons: first, it was the holidays, and people had more important stuff to worry about in "real life", and second, Blogger now has paid users, and got lots of attention throughout 2002.
posted by falameufilho at 11:19 AM on October 25, 2002
Excuse my ignorance, but what exactly is a "blog"? I hear the word used a lot.
posted by Postroad at 11:40 AM on October 25, 2002
posted by Postroad at 11:40 AM on October 25, 2002
If your server runs Microsoft-IIS/5.0 on Windows 2000, expect major security issues.
posted by The Jesse Helms at 11:42 AM on October 25, 2002
posted by The Jesse Helms at 11:42 AM on October 25, 2002
Best comment from Slashdot... scumdamn says "Blogs are what seperates us from the animals!" and gowen responds:
"Thats true. You never see dogs boring each other witless with the irrelevant minutiae of their lives. Mind you, dog's can lick actually their own genitals, which is pretty much what blogging is a substitute for..."
posted by AaRdVarK at 11:49 AM on October 25, 2002
"Thats true. You never see dogs boring each other witless with the irrelevant minutiae of their lives. Mind you, dog's can lick actually their own genitals, which is pretty much what blogging is a substitute for..."
posted by AaRdVarK at 11:49 AM on October 25, 2002
bondcliff, I had that error. I created a new template, and everything's fine now. Not an ideal situation, but at least you can get up and running again.
posted by chill at 11:51 AM on October 25, 2002
posted by chill at 11:51 AM on October 25, 2002
...and we are reading all about it. Is it true that all publicity is good publicity? Nah, I didn't think so.
posted by barkingmoose at 11:56 AM on October 25, 2002
posted by barkingmoose at 11:56 AM on October 25, 2002
"Mind you, dog's can lick actually their own genitals"
...nah too easy.
oh what the hell. If I could do that I wouldn't be blogging :)
posted by mkelley at 11:56 AM on October 25, 2002
...nah too easy.
oh what the hell. If I could do that I wouldn't be blogging :)
posted by mkelley at 11:56 AM on October 25, 2002
...and we are back up.
Cool. Did they find my archives?
posted by yhbc at 11:59 AM on October 25, 2002
Cool. Did they find my archives?
posted by yhbc at 11:59 AM on October 25, 2002
not only am i a paid blogger user, but i plan on being one when my subscription comes up. this "hack" doesn't frighten me at all seeing as how i change my ftp password once a month, limit the ip addresses that my systems trusts to connect to my server and have the shell on the ftp account set to /bin/false. now i just have to reset my password a couple days early.
sure i could run movable type, slash, pmachine or whatever else one would run when having their own server but i'll admit that i'm horribly lazy and don't have the time to deal with running server side software. blogger offers accountability and saves me a lot of time and effort when it comes to upgrades. although their service isn't the most reliable at times, the unreliability often works to my advantage. no, i'm not kidding. often one spews mental diarrhea when they can post on something that's pissing them off. something so trivial that it'd be better kept inside.
either way, i'm still holding out for that "new version" that everyone at pyra is buckling down to get out. hopefully it'll be unix based and a bit tighter on security.
[btw: has anyone noticed that blogger is back up quicker this time around? no doubt it's from having more than just ev on a dial-up from bfe, but it's still not as bad.]
posted by boogah at 12:05 PM on October 25, 2002
sure i could run movable type, slash, pmachine or whatever else one would run when having their own server but i'll admit that i'm horribly lazy and don't have the time to deal with running server side software. blogger offers accountability and saves me a lot of time and effort when it comes to upgrades. although their service isn't the most reliable at times, the unreliability often works to my advantage. no, i'm not kidding. often one spews mental diarrhea when they can post on something that's pissing them off. something so trivial that it'd be better kept inside.
either way, i'm still holding out for that "new version" that everyone at pyra is buckling down to get out. hopefully it'll be unix based and a bit tighter on security.
[btw: has anyone noticed that blogger is back up quicker this time around? no doubt it's from having more than just ev on a dial-up from bfe, but it's still not as bad.]
posted by boogah at 12:05 PM on October 25, 2002
There are even disparaging comments made about blogging on MeFi. As if posting on MeFi were any less of a waste of time ...
posted by dhartung at 12:46 PM on October 25, 2002
posted by dhartung at 12:46 PM on October 25, 2002
Boogah: You aren't lazy! Changing your password once a month, limiting IP's to trusted servers, and and killing the FTP shell sounds like pretty good maintenance if you ask me.
When I used Blogger in the past, I had a dummy account for it to log in as, but when i started seeing a bunch of wu-ftpd exploits I decided it was just too much of a risk. I think if you're going to hand your password out to anyone you need to acknowledge the risk that goes with it.
posted by perplexed at 12:52 PM on October 25, 2002
When I used Blogger in the past, I had a dummy account for it to log in as, but when i started seeing a bunch of wu-ftpd exploits I decided it was just too much of a risk. I think if you're going to hand your password out to anyone you need to acknowledge the risk that goes with it.
posted by perplexed at 12:52 PM on October 25, 2002
perplexed: i absolutley loathe wu - which is why i run proftp. and thanks for saying i'm not lazy...
posted by boogah at 1:35 PM on October 25, 2002
posted by boogah at 1:35 PM on October 25, 2002
sure i could run movable type, slash, pmachine or whatever else one would run when having their own server but i'll admit that i'm horribly lazy and don't have the time to deal with running server side software. blogger offers accountability and saves me a lot of time and effort when it comes to upgrades. although their service isn't the most reliable at times, the unreliability often works to my advantage. no, i'm not kidding. often one spews mental diarrhea when they can post on something that's pissing them off. something so trivial that it'd be better kept inside.
Sounds like a commercial. You should demand money =)
posted by justgary at 1:51 PM on October 25, 2002
Sounds like a commercial. You should demand money =)
posted by justgary at 1:51 PM on October 25, 2002
perhaps i should demand money, but i just love blogger that much. i suffer from big ol' stupid ammounts of brand loyalty.
the ammusing thing is, as much as i flog blogger we're going to be implementing movable type at the isp i work at for our "slash tilde" cusomers. upon my recomendation.
oh, and i'm a paid livejournal user too.
and i have an open weblog [influenced by metafilter, sitting in practical decay] that runs it's own backend software - which will one day hopefully be open sourced when the developer feels safe about unleashing it on the general public. so i've used other weblogging tools, but i still like blogger. maybe i should do a "switch" commercial...
posted by boogah at 2:58 PM on October 25, 2002
the ammusing thing is, as much as i flog blogger we're going to be implementing movable type at the isp i work at for our "slash tilde" cusomers. upon my recomendation.
oh, and i'm a paid livejournal user too.
and i have an open weblog [influenced by metafilter, sitting in practical decay] that runs it's own backend software - which will one day hopefully be open sourced when the developer feels safe about unleashing it on the general public. so i've used other weblogging tools, but i still like blogger. maybe i should do a "switch" commercial...
posted by boogah at 2:58 PM on October 25, 2002
I don't know. I go out to work and then the theatre and all this happens. Don't things move fast there days?
posted by feelinglistless at 4:03 PM on October 25, 2002
posted by feelinglistless at 4:03 PM on October 25, 2002
It's a good thing Metafilter can't be hacx0redbyme. It's reassuring to know that hacx0redbymehowie has a lot more on the hacx0redbyme than those hacx0redbyme at pyra. Keep up the good hacx0redbyme!
"hacx0redbyme" is the new "smurf".
On another note, I'm surprised to find that in 2002 so many people are still using ftp. How quaint. :-)
posted by rusty at 8:54 PM on October 25, 2002
"hacx0redbyme" is the new "smurf".
On another note, I'm surprised to find that in 2002 so many people are still using ftp. How quaint. :-)
posted by rusty at 8:54 PM on October 25, 2002
rusty: What do you use? scp? rsync? sftp? I've played with rsync and like it, but it's definitely not as straightforward as ftp.... when I don't want to think about the behavior of my client, I use ftp...
posted by namespan at 7:52 PM on October 26, 2002
posted by namespan at 7:52 PM on October 26, 2002
namespan: I like scp, personally. Ftp is fine and all, if you don't need any security. But to see people worried that the security of their ftp account may have been compromised... I just find it amusing. :-)
On preview, for anyone who doesn't know what the hell I'm talking about: FTP sends your password in clear text over the network. Unless you have full control of both ends of the transmission and every node in between (like you're FTPing a file between your desktop and your laptop over a firewalled home network) you must assume your FTP password is already public knowlege. If you've stored it on a server you don't own (like say the Blogger server) you may be doubly or triply certain it's public knowlege.
There are various tunneling tricks you can do with ssh to make ftp actually secure, but it's a pain in the ass, especially when there's scp already available. Plus scp runs through the standard sshd, elminating any need to run another exploitable daemon like an ftpd. FTP was obselete three years ago. Move on. :-)
posted by rusty at 3:06 PM on October 27, 2002
On preview, for anyone who doesn't know what the hell I'm talking about: FTP sends your password in clear text over the network. Unless you have full control of both ends of the transmission and every node in between (like you're FTPing a file between your desktop and your laptop over a firewalled home network) you must assume your FTP password is already public knowlege. If you've stored it on a server you don't own (like say the Blogger server) you may be doubly or triply certain it's public knowlege.
There are various tunneling tricks you can do with ssh to make ftp actually secure, but it's a pain in the ass, especially when there's scp already available. Plus scp runs through the standard sshd, elminating any need to run another exploitable daemon like an ftpd. FTP was obselete three years ago. Move on. :-)
posted by rusty at 3:06 PM on October 27, 2002
« Older Sen. Wellstone's campaign plane crashes in... | Barbers getting snippy with Jesse Newer »
This thread has been archived and is closed to new comments
posted by bondcliff at 10:59 AM on October 25, 2002