[ISN] Gawker tech boss admits site security was crap

From: InfoSec News <alerts_at_private>
Date: Tue, 21 Dec 2010 00:14:30 -0600 (CST)
http://www.theregister.co.uk/2010/12/18/gawker_hack_aftermath/

By Dan Goodin in San Francisco 
The Register
18th December 2010

Gawker Media plans to overhaul its web infrastructure and require 
employees to use two-factor authentication when accessing sensitive 
documents stored online, following an embarrassing attack that 
completely rooted the publisher's servers.

The publisher of Gawker, Gizmodo, and seven other popular websites also 
plans to, gasp, mandate the use of secure sockets layer encryption for 
all users with Gawker Media accounts on Google Apps, according to a memo 
written by Gawker tech boss Tom Plunkett and published Friday by The 
Next Web. The company-wide message conceded a point first made by the 
perpetrators of the hack: That Gawker Media's security was utter crap.

“It is clear that the Gawker tech team did not adequately secure our 
platform from an attack of this nature,” Plunkett wrote. “We were also 
not prepared to respond when it was necessary.”

Indeed, security researchers who examined the web platform's source code 
were amazed as just how poorly the site was put together.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Dec 20 2010 - 22:14:30 PST

This archive was generated by hypermail 2.2.0 : Mon Dec 20 2010 - 22:19:45 PST