Sla.ckers.org Slashdotted
Well, it was about that time - everything seemed pretty stable, so it was perfect timing to be surprised to log onto the sla.ckers.org web application security forums this morning and find that we’ve been slashdotted! Here’s the link to the article.
There were some interesting comments (or not informed as the case may be). Here’s one that was pointed out to me by one of our biggest fans:
Aren’t there any laws against these attacks? (Score:1) by r_bertram42 (976855) on Monday September 25, @12:27PM (#16186703) (http://www.777.com/) Where is the law in these cases? I’m sure there are ways to know who the hacker is, so why don’t they use the information to catch the criminals and put them on trial?
I don’t think understand (actually I know they don’t) that these aren’t vulnerabilities that anyone has actually exploited. Far from it. What people are demonstrating is the ability for someone who IS bad to perform malicious acts. I know it seems like semantics, but one is performing destructive acts (which I don’t condone) and the other is simply showing the issue is there and raising awareness.
Anyway, if you see problems on ha.ckers.org or sla.ckers.org today, that’s what’s going on.
September 25th, 2006 at 10:10 am
That’s a big issue right there. Some believe we should not teach/talk/comment about vulnerabilities in fear of writing attack-guidelines for malicious users. Others (I included) believe talking about this stuff is really exposing the risk and therefore leading in better software and security policies.
September 25th, 2006 at 1:57 pm
Gratz on getting slashdotted!
September 25th, 2006 at 2:28 pm
Thanks, Legionnaire - I agree and I have one concrete example of why this sort of disclosure is important from a research perspective. I’ll probably publish it tonight or tomorrow.
Thanks Quadszilla… it was as a surprise. Thankfully we recovered quickly and only suffered a few minutes of intermittant downtime.