Insecurity by design

So, Microsoft has been hacked again, and a portion of its web site has been defaced. On the one hand, I have to comment that any such hacking is obviously illegal and wrong; but on the other, that the hacking "crown of crowns" - the ultimate "totem hack" - has been performed. Very many hackers do what they do primarily for peer respect. In this sense, web-site defacement has much in common with the gangs of youths who find ingenious ways to get into railway sidings or to train carriages to "decorate" them with their slogans. For those who regularly travel into King's Cross, the individual who daubed most of the graffiti in the final tunnel did so by making a long and difficult chimney descent. The ingenuity and skill - even the artistry - demonstrated by this graffitist can be admired, even while deploring the vandalism implicit in his actions.

This admiration, however, does not extend to hackers who deface web pages. No real skill is required to run any one of the thousands of hacking scripts available over the internet; and no real skill is actually required to carry out the SQL-injection trick that was responsible for the Microsoft defacement.

Read Full Story