Cache On Delivery — Memcached Opens an Accidental Security Hole

jamie spotted this eye-opening presentation (here's a longer explanation) about how easy it is to access sensitive data on many sites using memcached, writing "If you already know what memcached is, skim to slide #17. The jaw-drop will happen around slide #33. Turns out many websites expose their totally-non-protected memcached interface to the Internet, including gowalla, bit.ly, and PBS."

Re:I fail to see why this is news

[grumbel]

The "blame the user" is pretty much standard under Unix/Linux, after all it makes you:

1) Feel clever
2) Stops you from thinking of how to improve the situation

Stuff like this happens simply because currently day computer systems are extremely crappy in communicating what they export to the world, thus it is very easy to overlook cases like this where an app exposes more then you intended.