Blogger Hacked

WCityMike writes "Blogger has been severely hacked into, with users' passwords and e-mail addresses being replaced with 'hacx0redbyme' or 'hax0redbyme.' Apparently, attempts to change your password or other information do not succeed due to a major database problem. Blogger currently has no official news: its main page simply apologizes for being down for repairs and its status blog has no information, probably suffering from the same accessing problem as other blogs. In the meantime, discussion, information, and advice is appearing on the weblogs of Anil Dash and Tom Coates, as well as this QuickTopic thread. Glad I use another journaling service." We usually try to avoid "Site X Hacked!" stories, but since this affects so many people - and, heh-heh, they don't have anywhere else to talk about it - here you go.

The problem with overhyped blogs...

[Dark+Lord+Seth]

... is not the creator of those blogs who use everything from 500kb animated gifs to multiple embedded flash files to gain attention, no, it's those sad people who clique together and generally agree on everything that the creator writes. Basically, most blogs are from women of all ages and most fans are 14 year pubescent teenagers hoping to read something sexually orientated. Unfortunatly, it almost never goes past this:

I saw this and that movie and OMG is so r0x0r3d! All my friend on IRC agreed with me, except this Seth person who was being a dickhead again. Oh and my cat threw up sulphuric acid when at my mother's place, ruining the 3000 dollar persian carpet. Sorry moms, pops... Luv ya all, your favourite grrl!

Something like that, only true blogwhores type allot more and generally convey even less interesting facts... Ah well, at least I'm not wasting my time on stupid overhyped blogs. As for that someone who cracked the Blogger DB; Do something more useful next time your g/f breaks up with you, getting back at her by ruining her blog isn't the brightest thing around.

d00d st0p c0mp1aining ab0ut bl0gs!!!11`

[Dachannien]

The only thing that makes posting to slashdot any different than writing in a weblog is that weblog entries are longer and have a lower density of profanity. They both are used to shore up the insecurities of imperfect people by giving them somewhere to make themselves feel important.

So before you rip on blogs anymore, just remember that ur teh sux0r t00 n00b!!!!!111``` hahahaha

Ah crap...

[hax0redbyme]

Dammit, I've been hacked HERE, too. Shows you the danger of using the same password everywhere...

Re:Missing option:

[silicon_synapse]

I always read at 0 or -1 simply because of the collective stupidity of moderators. Perfectly good posts get modded down way too often.

Get Rid of Michael

[wdr1]

and, heh-heh, they don't have anywhere else to talk about it

Taking glee in another site being hacked is pretty f'ing low.

-Bill

On what do you base this assertion?

[burgburgburg]

You voice the opinion that this is an application-level hack, not related to the fact that blogger runs on IIS/5.0 and Windows 2000. You then proceed to place blame on the heads of application programmers, and draw Apache, PERL and PHP into your frame of reference, asserting them all vulnerable to "this sort of" attack.

What foundation do you have for making these assertions and casting these aspersions? I've yet to see any indication one way or another that forensic analysis has been done on this attack. And considering the extremely well-documented security flaws of both IIS and Windows 2000, and the extreme ease that individuals have had in "owning" such boxes, I'd like to know why you automagically start pointing the finger elsewhere. Because, let's face it: even if it was an application error, Windows/IIS more than likely facilitated the attack and the bloody aftermath.

Are applications and Apache/PERL/PHP vulnerable? Yes. As consistently the source of major security failures? No. Definitely not.