Slashdot Mirror
Blogger Hacked
WCityMike writes "Blogger has been severely hacked into, with users' passwords and e-mail addresses being replaced with 'hacx0redbyme' or 'hax0redbyme.' Apparently, attempts to change your password or other information do not succeed due to a major database problem. Blogger currently has no official news: its main page simply apologizes for being down for repairs and its status blog has no information, probably suffering from the same accessing problem as other blogs. In the meantime, discussion, information, and advice is appearing on the weblogs of Anil Dash and Tom Coates, as well as this QuickTopic thread. Glad I use another journaling service." We usually try to avoid "Site X Hacked!" stories, but since this affects so many people - and, heh-heh, they don't have anywhere else to talk about it - here you go.
How could he say "heh-heh"? Blogging is a required service of the internet now! Without Blogs, what are we? Blogs are what seperates us from the animals! (well, that and product placement)
Authorities were puzzled by the seemingly strange rash of "FIRST HACK!!!" posts on slashdot.org that arose shortly thereafter.
I wouldn't want some l337 hax0r coming in and reading everything about my personal life...
Oh wait, everyone can do that.
Doh!
Yeah "they don't have anywhere else to talk about it" is definitely a good reason. BTW, my mom doesn't have anywhere else to talk about her recipes.
Blogger has been having a lot of troubles lately, if you can find your own web hosting, you may want to consider using the very easy to set-up movable type.
yes i run a goth/punk/emo porn site.
I signed up for a blog once, to see what all the fuss was about. I ended up scrapping it and going back to doing page entries manually. It ended up being MUCH less hassle than having to use someone else's software, and then having to go back and re-tweak things with it. Editing HTML from the command line in a shell is much more time-efficient, IMHO.
Come to the University of Mars! Classes starting soon!
Well, since the home page just says the site is down, I'll have to ask here. wtf is blogger?
I hate the word blog and all its derivatives, they deserve it for promoting this pop-culter-esque net phenomenon. Either you run a news site, a discussion site, a community, a personal journal or something along those lines. Blog is a stupid term someone made up to sound cool.
11*43+456^2
.... the 12 people who actually care about blogs at all are furious that their lives just got a little more pitiful.
Good thing I chose hax0redbyme as my original password. Ahh, the 1337 L1phs7y13.
Disable or reset the password of the account used to FTP your blog to your web server ASAP.
Left shift 1 for e-mail...
Thank god my favorite blog wasn't hacked.
Slashdot is jumping the shark. I'm just driving the boat.
Slashdot, for example, is a lot more of a news and current events site than it is Taco's personal weblog. k5 is more about essays and news. Occasionally, however, I'll stumble across a blog while looking for something else. If I don't know what it is at first, I tend to read it for a few seconds before going back.
LiveJournal blogs are the worst, IMHO. People go on and on about events and parties with people that 99.99999% of their readers have never met. Once I realize I've stumbled across something like that, I leave it as soon as I can.
Is it exhbitionism/vouyerism? If I read stories about a person's private life, I'd much rather they beging with a line like, "Dear Penthouse, I've always read the letters in your magazine but never thought that something like that could happen to me..."
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
I really didn't cheat on my math test like I said in my blogger!!! Somebody hacked it... yeah... that's it...
Luckily, I was worred when I first setup my blogger account, so i switch to a mysql database on my own webserver instead. Eventually, I ended up using movable type to manage my weblog. If you have access to a mysql database on your webserver, I would really recommend doing this.
Blogs are the next coming of geocities. They clutter the internet with useless information.
I have a blog, but I only use it to say things like, "Fdisk overflowed when I tried to format my hard drive. Now it is negative 15 Gigs!"
So yeah, I need to be shot.
Slashdotter are stupid and biased.
I have never used one, or intend to. For some unknown reason, it bacame popular to just ramble out your thoughts into an online journal. Whatever. I don't see why this made the news though...
My beliefs do not require that you agree with them.
Now how will we know when she's done her nails or he's bought a new stereo?!
is looking for alternatives. b2 is a really good and powerful altewrnative. PHP, MySQl, and all the goodies.
(+1 Funny) only if I laugh out loud.
Ok, maybe I'm wrong, but moderating the parent as Flamebait is just dumb. He's asking a question, and even though he swore he's not baiting anybody!
People, don't negativly moderate! Nobody really reads at 0 anyway. I mean, if a guy posts at 3 by default and it's a baaaaad post, then maybe, but not an AC! If you moderate good posts up rather than bad posts down, all the people reading at 3 or more will be better off, and I don't think many read at less than that (unless they're moderating).
For a second I thought I was looking at /. story generator. It's really been a while to see Something Hacked posts here. Blogger being hacked means loss of productivity, and the weblogs has become metaweblogs.
Blogger has suffered a security intrusion by a "haX0r." We have all the data that was changed backed up within a couple hours of the attack, so we can have things pretty much back to normal soon. Of course, we're assessing the situation as thoroughly as possible to make sure it doesn't happen again. Also, if you store your FTP login information in Blogger, it wouldn't hurt to change that on your server--though it is unlikely that information was accessed. Sorry for the inconvenience.
or does anyone else think it's a bit much for some of these bloggers to be comparing the hack to 9/11?
I have to wonder what kind of life someone must lead when an attack on their favorite website is as traumatic as the events of that day.
*shameless plug*
There are a LOT of diary/journal/blog services on the web. My personal favorite: Digital Expressions. Not a lot of customization and such, and it has a smaller userbase and a very strong sense of community.
How many of us really didn't know what a blog was? I know I didn't.
So, basically, an online journal site was hacked. Not sure this is big news, or news that mattered. But it does qualify as news for nerds.
Thanks, taco
They stuck me in an institution, said it was the only solution, to...protect me from the enemy, myself
Hacking a blogging site is like littering in a dump.
Best Windows Freeware
They should be treated just like as if they burned down a building, but no, the law doesn't understand.
They should be treated as if they burned down a building with cute little kitties living inside of it! Because, inside of every blogger there's a cute little kitty, just waiting for you to discover it.
What these hackers have done is atrocious. It's far, far worse than petty graffiti or vandalism. They have trampled the hearts and emotions of sensitive bloggers everywhere. And for that, there can be no justice -- only bitter revenge.
Slashdot is jumping the shark. I'm just driving the boat.
The site blogger.com is running Microsoft-IIS/5.0 on Windows 2000.
From the QuickTopic thread:
"This is like September the 11th all over again."
Does that mean the attack on the WTC was a noble cause, causing many to rejoice, point, laugh, and snicker? For humanity's sake, I hope this was the thickest sarcasm ever to form.
Worst post ever
I hope they did backups.
And I hope they patch the hole before restoring from the backups.
More likely they'll dot-bomb.
Do you know who has your passwords?
I'm out of my mind right now, but feel free to leave a message.....
MS in blog parody takedownl
http://www.theregister.co.uk/content/28/27774.htm
By Andrew Orlowski in San Francisco
It's a pity that Microsoft's Beth Goza, who we teased here last week, has taken down her weblog. Far from wanting to see it disappear, it ought be preserved in a time capsule.
But not only has Beth's blog gone underground - so has the parody which inspired our story. It's disappeared from no less than five mirror sites.
Even more extraordinary, a witch-hunt is on to find the perpetrator. One member of the PocketPC community says legal action is being threatened against the author, whose identity remains a mystery.
"The phrase 'it will soon be out of our hands' was used by one figure close to Beth," we're told.
It would be remarkable if Microsoft's expensive legal and public relations machinery were deployed in what is essentially a private matter.
And highly unlikely, too, as parodies are protected under the First Amendment.
Microsoft's approach to the press is singularly enlightened, when compared to say an Apple. The company takes barbs in good grace, and doesn't deploy feudal divide and rule tactics. It's never, to our knowledge, sued a journalist. Of course it has its favorite hacks, but in general the philosophy is - they're always going to be mean to us, they'll always be around: meanwhile, we have a message to convey, and stuff to sell.
Evil and elitist?
So were we being evil and elitist, as some of you suggested?
As I replied to Jonathan at StretchingThoughts.com, it's onlyelitist if you think that blogs are folks' only form of expression.
The king of webloggers Jorn Borger - he was the first to use the term and it's still the best - used to use a quote by Tolstoy in his Usenet sig:- "In human stupidity, when it is not malicious, there is something very touching, even beautiful... There always is." And there is something bewitching about Beth's ruminations such as " just for the record i like it when my foods touch" a line worth of Ralph Wiggum.
No, what's strange is when an attack on one blogger is perceived as an attack on blogging in general. That implies that there can't possibly be a quality threshold in blogdom, and confirms John Dvorak's worst fearsabout groupthink. This is an unnecessarily defensive reaction and quite wrong. If blogs are writing, there's good and bad writing.
Of course, John was being satirical, and he wasn't decrying blogdom: only the mentality that blogging is in of itself revolutionary and no criticism can be voiced, and no quality threshold can be drawn; that we must not differentiate between good and bad, because it's all somehow equally valid.
The parody itself was pretty mean and spiteful. But it's a parody. We hope that groupthink doesn't extinguish parodies, as they help us see that the Emperor has no clothes.
Please let us know if you've been contacted in relation to this investigation. And in the meantime, enjoy some other fine online journals by Microsoft staff:- which might be low on cheap laughs, but high on content:- min jeschwad, Inkblog, and more highlighted in this Kuro5hin thread.®
You say things that offend me and I can deal with it. Can you?
Movable Type is indeed excellent weblogging donationware. The folks at Movable Type are great at providing requested features and documenting their software. Installation takes (and I mean this) fewer than 15 minutes, set-up maybe 1/2 hour for even the most non-technical of users.
I would rather run the latest release of Slash and went so far as to even check out chromatic's Running Weblogs with Slash (NB: /.'ers, /. is a weblog) after reading this recent /. story about "Building Online Communities."
My problem though is that Slashcode requires a dedicated server--or one on which you have root acces--to install. I'm sure this gives Slash many advantages, but those of us who can't afford dedicated server solutions can't make use of those advantages. My web host doesn't even allow shell access.
Movable Type (and a few other brands of weblog software) offers people with cheap web-hosting solutions to successfully install high-quality, customizable, open-source weblog software. The couple who run Movable Type produce a quality product. Check them out if you want to run weblog software but don't have a lot of money.
I wonder if the /. crew couldn't be persuaded to come up with a version of Slash that doesn't require a dedicated server . . .
blog
the diary-x.com link prevented a slashdot-ing with some very simple code. A simple way of preventing your server from crying uncle.
I have often thought of writing a little code that blocks refering domains if they refer too many in a set period of time.
Glad I use another journaling service.
I like it - that site wont be slashdotted!
Blogs have achieved one of the most fantastic of things ever on the internet. They killed the personal web site! Anyone been asked to visit anyones "personal web page" recently? I think not!
;-).
Personal web pages were 50 times worse than any blog. It's evolution--not revolution
Anyway... My friend has a blog. It's is like the BBS I ran when I was 14. Some friends log in. We talk about intersting things (or not) publicly. Eventually when I did things right, a few extra people came along and we had some good conversations.
So close and yet so far from the world's perfect ID number
Never trusted it. Give us the username and password of your FTP/Web account? Give me a break. So basically this guy hacked a single database and now could potentially have the login information for THOUSANDS of sites out there. Blogger can keep its service. If I want a Blog, I'll code it myself.
"I'm a leaf on the wind. Watch how I soar."
-Hoban Washburn
... is not the creator of those blogs who use everything from 500kb animated gifs to multiple embedded flash files to gain attention, no, it's those sad people who clique together and generally agree on everything that the creator writes. Basically, most blogs are from women of all ages and most fans are 14 year pubescent teenagers hoping to read something sexually orientated. Unfortunatly, it almost never goes past this:
Something like that, only true blogwhores type allot more and generally convey even less interesting facts... Ah well, at least I'm not wasting my time on stupid overhyped blogs. As for that someone who cracked the Blogger DB; Do something more useful next time your g/f breaks up with you, getting back at her by ruining her blog isn't the brightest thing around.
Hate me!
But there is more to it than that. Everyone wants to spout off sometimes. If you have an easy forum for writing stuff down, eventually you'll rant about something. And doing so helps you "save state". You can go back a year later and see where you were mentally. And as you said, it helps people who are at a distance figure out what you've been up to. Having it web-accessible means you can write from anywhere.
There's nothing wrong with keeping a web journal.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
If you try to access the alternate site mentionned in the message (diary-x.com), you will get the following: "Go Away I suggest outside, you look like you could use some sun.". You can access the "normal" website by copy-pasting the address (www.diary-x.com) in your browser instead of using the link (assuming your current page is NOT the slashdot mainpage).
What I did today: Well my 'blog website is down today. I dunno why. Golly. Luckily enough I found another website (as you can see) where I could babble on and on about absolutely nothing. Felix, (my roommate's cat) is doing just fine, thank you for asking. Did you see the X-Files re-run last week? Oh dear, look at the time. Maybe the normal blog website is back up. *hope*hope*
-Rob
WebMaster:
BinFeeds
XXX Thumbnailed Image Newsgroups but
Well, gee, considering the average level of post here, I'm guessing (JUST a guess you understand) that Schadenfreude is about the only way some of these people can inflate thier tiny, shrivelled-up egos.
Any question of why people think geeks are losers can be answered for the most part by a quick scan of the postings in this story.
/*
I'm waiting for the day I can host my own web again. Why should anyone have to go any further than their own 486 to put up a website? The quality of free software available and ease of set up is astounding. There are a dozen or so web servers in Debian, and many fine automation programs for putting content onto those sites. It's as easy as:
/apache
1. type deselect
2. press spacebar
3. type
4. press +
5. repeat steps 3 and 4 for igal and other programs you want.
6. press enter a few times.
7. pull up a browser, a command line and an editor and enjoy building your site.
I'm not sure why everyone interested has not done this. OK, ipchains takes a little more work, but it can be done in a few days with knowlegable help, so you can look at the rest of the web with the rest of your computers. The problem has something to do with the last mile, greedy and stupid publishers and fools that listen to them.
My cable company has made all but ftp impossible and ftp is painful to most of the people I'd like to reach. Outbound port 80, and 25 are blocked. Most cable companies don't block port 21 because that would kill AOL's instant messenger. Still, the upload rate is crimped worse and worse, and html files don't work well over the system. The overall performance is poor, but I'd rather send my mom there to look at baby pictures than send her to some advert filled crap I don't have any control over now or ever. Eventually they will block port 21.
It's stupid. My cable company could make more charging $20 a month to three people than $45 to one. I'd recomend people move to cable if cable were really worth anything to me, but it isn't so I don't.
blogging services are nice, but only needed because the net is not free.
Friends don't help friends install M$ junk.
...or the Osbournes, or Anna Nicole Smith's show, or...
You're just sitting around watching (reading about) someone else living his* life. Perhaps the Sims is a little better, as you can direct the action.
Wouldn't it be great to have a life so good that you didn't have time to read about someone else's, or better yet, publish the details of yours (and your thoughts)?
Well, it is.
And no, I'm not being lifeless by writing this because I have to be at my computer now; I'm at work This also means I'm getting paid to write this, so double bonus for me.
* his is used instead of the incorrect "their" or the annoying "his/her". The author recognizes that women have blogs but has chosen to standardize on "his"
My money is that these guys got in with an application-level hack, not an OS/server hack. The biggest fault of applications, especially web applications, is a failure by the programmer to do input validation.
Apache, perl, and php are vulnerable to the same type of hacks, it's not just Microsoft.
MySQL is really overkill for your work. My changelog uses a Perl script which parses my entries into XHTML. It even nicely preserves my double-spaced end-of-sentences (I really crave that whitespace...). I'm starting to see some slugishness from ext3 because I'm over 1,000 entries now, but I'm planning on hashing my entries into a subdir for the year. That'll limit it to 365 entries per directory (give or take a leap year :)), allowing ext3 to serve my needs for years to come.
A good flat file system lets you reuse the VFS of Linux for smarter caching, and it's easy to NFS or SMB mount it via any machine on my private network. This also means that for someone to compromise my setup and mess with my changelog, they'd also have unrestricted access (pretty much) to my local network, meaning I'd have a whole lot more to worry about than losing my journal entries.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Basically, blogs are just online diaries where people sprout off their random synapse charges... so why not just create it in html and upload it to a server.... I'm confused.
-- 7 string electric violin + live loop samplers
This certainly just pisses ME off.
(Why? See below.)
I've been seriously considering a move to other ways to publish, with Moveable Type and Radio UserLand looking quite nice for support of images and the like (things I can't do from the free Blogger subscription). Now, it looks that I have a much bigger reason.
Vos teneo officium eram periculosus ut vos recipero is.
Mark me as troll if you want. I don't give a shit.
90% of the posts in this thread are all "Holier Than Thou"-type Slashdot posts from fellow geeks that obviously feel some sort of insecurity about their own lives and are thus insulting those that use weblogs.
I don't use a weblog to achieve an inflated sense of importance or to boost my ego. I use it to keep track of what my friends and I are doing. A year from now, we'll have all graduated college, and it's nice to be able to keep tabs on everyone's day-to-day events...and to continue to do so even when we've gone our separate ways.
Just because you *think* the Internet is full of 12-year-old girlie bloggers discussing the drab details of their lives doesn't mean it's the truth. And even if it was, who appointed you "critic of all those lowly masses"? Get a life of your own, man...
"Mod, mod, mod...and another troll bites the dust."
I'm the admin of diary-x. A few months ago, when I was setting up the server into its current configuration, I thought "I should have a mod_rewrite rule that redirects traffic from slashdot away, so that the hordes won't crush my poor server if I should ever get linked."
:)
I'm glad the rule actually works, I never had a chance to test it out
I should change the message though, the "you look like you could use some sun" comment is probably a bit harsh.
this is a sig.
I'm almost appaled at the fact that there is an article about weblogging (ugh, that's like Kroger and their 'krogering'. I dislike that word) without a mention of Slashcode? Of course slashcode has more features and is trickier to use than most people who use blogger probably want to deal with. It's also more geared towards news and discussion sites of course, but I have noticed several /.-ers (CmdrTaco especially) in the past reccomend it whenever they mention weblogging
[Something witty and intelligent should have appeared here.]
{Traicovn}
C'mon, even JWZ has a LiveJournal...
I'm seeing a lot of negative comments on weblogs out there, and (even though this is slashdot) I'm somewhat confused by them.
/.'s favorites) developers for example have weblogs, and if you don't have time to read bonsai, these weblogs are often an easy but effective way to stay up to date on development. And it's more than just software. The weblogs from people in the various W3C working groups, the weblogs from the figureheads in various movements and organizations... All of them can provide fascinating insights into a world you'd otherwise never see anythign from but the end-result.
... I don't know... of something big. Somethign big like 'the internet', but more efficient. The information is presented in a more coherent fashion. If you've read one weblog, you can easily grasp the way any other weblog works, and for the average person out there, a weblog is a way more efficient way to communicate than the personal homepage as it existed 5 years ago.
Just because you personally don't find the content of the average weblog interesting, should this really mean weblogs don't have a reason for existing?
Personally, I'm extremely grateful for weblogs, as they allow a lot more people to communicate, and for me to discover that communication, then would happen before.
* I read the weblogs of my favorite authors, knowing as one of the first people in the world when they finish the next chapter, decide on a title of the book, but far mroe important, getting all sorts of interesting insights into the creation of the book, into the links to real world events and the reasons for why certain things are what they are - this heightens my appreciation of said books.
* I read the weblogs of the key people working on developing the next version of my favorite software. A lot of Mozilla (to name one of
* I read the weblogs of various friends and acquaintances I have scattered all over the world. Weblogs are to email what usenet is to mailinglists. Pull, rather than push. I get the information when I want it, adn it still allows me to keep in touch with people I'd otherwise not have time for. Sure, the stories about their cats and dogs are completely irrelevant to 99.999% of the people out there; why would this not be perfectly okay? It matters to them and to the people who matter to them. Nobody's forcing you to read these weblogs... And every now and then one of these people will have something very profound to say, or will have dug up a really interesting piece of information, or came up with a really good joke... And then other people link to that, often in other weblogs, and the information propagates. And that's good too.
No matter how all of us might feel superior to the average 'blogger', no matter how all of us can whip up a solution that's both more convenient and technologically superior to this "Blogger" in a matter of hours... these are things that don't matter. It's the sharing of ideas, the communication, the links and bonds... that's what matters. Most of it is static, most of it will never be read by anyone. But all of these people maintaining weblogs are part of
After previewing I pulled almost all links from this comment - if you're really interested in the weblogs of the people I mentioned here, go and search for them...
Yeah, never...
The answer to your question is LiveJournal. I'd say about 90% of the userbase consists of 19 year old Ani Difranco/Tori Amos trendy bisexual drama queens trashing their ex-boyfriends and looking for sympathy. :)
Yeah, but judging by most posts here, the typical Slashdotter's cognitive abilities stagnated at about the same time that their social skills stopped developing, i.e., about age thirteen. If software doesn't let them play a game or turn their computer into the equivalent of a $75 boom box,they can't see the point. They wouldn't even know how to find, much less deal with, intelligent writing.
-- Slashdot: When Public Access TV Says "No"
But not many.
HTML is all I use. I've never thought it was that difficult; what's difficult about writing a little HTML and using FTP? (Of course, I started because I had a school webpage and didn't know how to fill it; a year later someone told me that was a blog). I have a PHP script for comments; though no permalinks or automatic archival or other nice features that don't matter that much to me. I do it this way because I'm a control freak, and I hate having to depend on other people for my blogging.
But most people whose blogs I read don't go through all this trouble. Is it because they're not technically savvy? Some yes, but some of them run their own servers. These types are usually running MoveableType or B2, though, which run off one's own server/webhost, which gives you a large amount of control over what you do.
So, I am as confused as you. Basically, I think it's just laziness--it's easier to have everything set up for you (or set it up first, if you're tech savvy and a bit of a control freak) and just type a little and push a button, then to type the HTML and upload the page every time.
Of course, I've been writing HTML, and by hand, for so long now that I find it difficult to *not* type angle brackets, and have been known to put <p> tags by accident when typing papers or using a BBS, so maybe it's just me.
If you have your own hosting, and PHP/MySQL then I would suggest using Pmachine. Sets up in 10 minutes and easy as pie to use.
I would love to see things from your point of view. But I can't seem to get my head that far up my ass
I'm in the process of setting up a political blog on SubIntSoc.net that uses b2. It's open source and totally customizable. The Cafelog forums contains scripts for dozens of cool hacks created by users.
Ultimately, "blogging" software is usable for all sorts of purposes. Heck, people use Slashcode for blogging. A "blog" is just a threaded, sequenced posting and/or discussion program. Not all are about people's belly button lint, or whatever.
I'm looking at using a weblog for process documentation purposes, and have looked at the usual suspects: Movable Type, Grey Matter, etc.
But the one that really stands out so far as a great mix of power, simplicity, and a wonderfully non-intrusive license is Bloxsom. If you're looking for blog software, check it out.
It's straight Perl (very small, simple, and streamlined) but offers the most important power features of the others.
Even better, it fully leverages the underlying power of your OS, web server, or environment/tools - use and leverage whatever editors and text processing tools you like. All in all, a simple, powerful, and elegant solution in a world of bloated, complex, and overengineered alternatives.
"The future's good and the present is nothing to sneeze at." - Roblimo's last
I think its news because of the way blogger.com works (it works pretty stupid IMHO). blogger.com is a centralized approach, you give it an FTP account and password to your web folder on your machine and it generates the HTML for you.
This has the obvious advantage that simple web space will do for your, you don't need PHP MySQL, etc., all the code runs at blogger.com, it generates your (static) pages at its servers.
The downside is that you have to give them an account and password which makes them very attractive to crackers (I'm surprised it took so long). That's why I would never use blogger. And that's why it's news I guess.
Idempotent operation: Like MS software, wether you run it once or often, that doesn't make it any better.