spread the dot jenett.radio.randomizer - click to visit a random Radio weblog - for information, contact randomizer@coolstop.com

Security

 Friday, October 25, 2002

Centralized Compromise

Blogger was hacked today. Blogger functions by storing data and templates in a central location, with editing facilities. When you publish, it then merges the two and transfers the files to a specified destination, which may be an FTP site at your ISP. The problem is that it stores your username and password so you don't have to enter it every time you publish.

This is a problem because Blogger stores these usernames and passwords for lots of people. A compromise of the Blogger service compromises those passwords, and thus those accounts. If those are shell accounts, and some undoubtedly are, those hosts can be compromised. If those hosts are compromised, the other accounts on those hosts are compromised. You see the problem?

2:29:27 PM # Google It!
categories: Security