• April 15

Posting Exploits

TechCrunch made a post today (that they got from Hacker News) about a exploit in Tumblr that would allow you to access the administration area of the site simply by logging in and adding /admin/ to the url. You could add posts, change peoples emails and reset their password; easily a few bad people could do a lot of damage and apparently some were affected. While this is a stupid programming mistake by Tumblr their should be quite a bit of security on the administration panels, I want to talk about what TechCrunch did.

They posted it without notifing Tumblr and waiting the hour for them to fix it or deny access to the /admin/ url. I believe in publishing when a company makes a mistake of this magnitude to show people why they should be concerned with security, and showing the specifics so people can learn from this. Publishing this information before a fix is made or before a fix is out (withing a resonable time frame) is crazy.

Just think about if this was your startup and TechCrunch blogged about your startups exploit, it could screw over a lot of your users.




Comments

  1. Abityses October 29th

    Comment Arrow

    Maybe, but i’m sceptic. Your voice is pretty, but the competition is quite hards as i see.

    cheers,
    ______________
    Abityses
    Buy soma in Ireland
    http://forums.acdjapan.com/index.php?showuser=3657


  2. LoorgoBew December 18th

    Comment Arrow

    Hi.
    My computer worked slowly, too much mistakes and buggs. Help me, please to fix buggs on my computer.
    I used Windows7.
    Thx,
    LoorgoBew


  3. fubgifica January 8th

    Comment Arrow

    Hi My Name is Candis

    If you are in town on business or you live here I am always looking for fun guys to hang out with and maybe a little more, xoxo Candis

    http://www.cashuniversity.com/f_pics/16690.jpg


Add Yours

  • Author Avatar

    YOU


Comment Arrow



About Author

Simon Koldyk

A web entrepreneur and blogger living in sunny (eh?) Vancouver, Canada.