Slashdot Mirror


Security Concerns Paramount After Early Reviews of Diaspora Code

Stoobalou writes with this excerpt from Thinq.co.uk: "Following the release of the source code for the Diaspora social networking platform, hackers and tinkerers the world over have been poring over the code in order to improve, enhance, and otherwise help the project in its attempt to unsettle Facebook. Sadly, the current opinion is that the code just isn't up to scratch. While the team clearly stated that 'we know there are security holes and bugs' in the code that was released, it's possible that they weren't aware of just how many show-stopping issues there are — issues which make it hard to recommend that you roll your own Diaspora server just yet."

2 of 206 comments (clear)

  1. But how does it compare with the alternatives? by Linux_ho · · Score: 3, Funny

    The release of pre-alpha source code for their Diaspora social Website was only a few hours old on Wednesday when hackers began identifying flaws they said could seriously compromise the security of those who used it. Among other things, the mistakes make it possible to hijack accounts, friend users without their permission, and delete their photos.

    "The bottom line is currently there is nothing that you cannot do to someone's Diaspora account, absolutely nothing," said Patrick McKenzie, owner of Bingo Card Creator, a software company in Ogaki, Japan.

    So in other words, yes, it's a little bit worse than Facebook at this point.

    --
    include $sig;
    1;
  2. Re:After how long? by Posting=!Working · · Score: 3, Funny

    Yeah, students with no real-world big project experience should all just get jobs with large companies and stop trying to be innovative until they've spent a few years updating comments and doing bugfixes in other people's code.

    After all, no one has ever gotten ahead in computers by jumping into a huge project they had no experience in while they were young. They need to wait until they're in their 40's so they have enough experience and then start a small project.

    Security problems in pre-Alpha code? The whole project is obviously a failure and should be abandoned. What idiots they are for trying!

    --
    This sentence no verb.