Security News > 2010 > December > Gawker tech boss admits site security was crap
http://www.theregister.co.uk/2010/12/18/gawker_hack_aftermath/ By Dan Goodin in San Francisco The Register 18th December 2010 Gawker Media plans to overhaul its web infrastructure and require employees to use two-factor authentication when accessing sensitive documents stored online, following an embarrassing attack that completely rooted the publisher's servers. The publisher of Gawker, Gizmodo, and seven other popular websites also plans to, gasp, mandate the use of secure sockets layer encryption for all users with Gawker Media accounts on Google Apps, according to a memo written by Gawker tech boss Tom Plunkett and published Friday by The Next Web. The company-wide message conceded a point first made by the perpetrators of the hack: That Gawker Media's security was utter crap. âIt is clear that the Gawker tech team did not adequately secure our platform from an attack of this nature,â Plunkett wrote. âWe were also not prepared to respond when it was necessary.â Indeed, security researchers who examined the web platform's source code were amazed as just how poorly the site was put together. [...]
News URL
http://www.theregister.co.uk/2010/12/18/gawker_hack_aftermath/