Skip to main content

3 Things Gawker Hack Taught Me On Security

When the dust will have settled and Gawker's Nick Denton will have healed the wounds inflicted upon him by underground group Gnosis, one might pick up 3 things to remember from the chaos left behind by the malingering hackers.

First is never, ever, provoke hackers, at any cost. Gawker did that openly with 4Chan and then with hackers and now Gnosis has not only published the database details of Gawker's sites but also set their sights on ripping Gawker to death.

Then, make sure that you are fully patched, all the time; Gawker used a little-known open source script called Minify that allowed its websites to load faster. The version of Minify that it used was three years old and contained one serious vulnerability that was disclosed back in August 2010.

Thirdly, open source is not the panacea, unlike what many claim. As mentioned above, Minify is open source and despite the fact that script was regularly updated and documented, Gawker's technology team, headed by its CTO, Thomas Plunkett, did not act on Minify's vulnerability promptly.

FYI, Gawker uses its own proprietary CMS (Content Management System), one that has replaced open source platform Movable Type. Other technology websites that have been hacked in the past year include like Techcrunch and Scobelizer as well.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.