Oooooooops!
Guess which little local newspaper is creating a New York politics blog?
Now guess who got into their blog last night, just as easy as signing in through their WordPress login page?
And guess who is now an approved writer of said blog?
This is an excerpt of the message I left the development team at said "still-in-development" blog :
Hi guys, Liza Sabater here
No, I did not hack into the site. You’ve just got a major security hole.
I am the publisher of The Daily Gotham [www.dailygotham.com] and culturekitchen [www.culturekitchen.com].
I have come straight from a referrer link that appeared on TDG’s stats page. The referrer linked to your registration page. Curious to see what was behind the log-in page, I submitted my name and email for approval :
Username : liza
Email : nyc.blogdiva@gmail.com
Incredulous as to being able to get in here, I pushed the send button anyway. Seconds later, voila! I got a password and now I am in here.
Again this is not hacking. You’ve overlooked what I would consider a huge detail in blog development : You never, ever leave the login permissions open while mired in testing and development.
I honestly cannot believe they just left the door open like that. I mean, I'd never ever develop a site for a client on their actual url. And if I really had to, then all access would be restricted --and I mean, A L L of it.
If you have not got a clue as to which tiny, little newspaper made this blauxg pas, then take a clue from the Rathergators ---it's all in da fonts.
Heh.
Related Entries :
[via Exclusive Blind Item : The blauxg pas edition | The Daily Gotham]
[via Blauxg Pas Redux | The Daily Gotham]
[via Is this the official list of metropundits? | The Daily Gotham]
[via It was fun while it lasted | The Daily Gotham]
[via What should The New York Times do now ? Use this "instalaunch" and build some community now | The Daily Gotham]
[via UPDATE on NYT's Blauxg Pas : The disruptive media edition | The Daily Gotham]
