3 Things Gawker Hack Taught Me On Security

When the dust will have settled and Gawker's Nick Denton will have healed the wounds inflicted upon him by underground group Gnosis, one might pick up 3 things to remember from the chaos left behind by the malingering hackers.

First is never, ever, provoke hackers, at any cost. Gawker did that openly with 4Chan and then with hackers and now Gnosis has not only published the database details of Gawker's sites but also set their sights on ripping Gawker to death.

Then, make sure that you are fully patched, all the time; Gawker used a little-known open source script called Minify that allowed its websites to load faster. The version of Minify that it used was three years old and contained one serious vulnerability that was disclosed back in August 2010.

Thirdly, open source is not the panacea, unlike what many claim. As mentioned above, Minify is open source and despite the fact that script was regularly updated and documented, Gawker's technology team, headed by its CTO, Thomas Plunkett, did not act on Minify's vulnerability promptly.

FYI, Gawker uses its own proprietary CMS (Content Management System), one that has replaced open source platform Movable Type. Other technology websites that have been hacked in the past year include like Techcrunch and Scobelizer as well.