Security and blogging.

This would normally be one for Steve, but he's got a few days away...

 Kim Cameron's blog got hacked; normally I'd just say "Blog hacked: Film at Eleven". Except Kim is a big noise in the Microsoft security world. ZDNet broke the story,  and the comments to it show Anti Microsoft folks out there laughing themselves silly. It's not such a silly assumption that the blog is on Microsoft Technology and this is a result of security hole in that Microsoft Technology. But it's wrong. as Kim points out the blog "is run by commercial hosters (TextDrive) using Unix BSD, MySQL, PHP and WordPress - all OSS products. There is no Microsoft software involved at the server end - just open source. " (IE7 Pro let me check that from the status bar - calling up this page at Netcraft). Ha ha ha. It's a security hole in a competing technology.... Actually even that's wrong. It was a vulnerability in the application (wordpress) , now fixed. Application vulnerabilities happen; I don't think wordpress is any more or any less prone to them than anything else.

But what's this ? A Microsoft person who keeps a blog on a FreeBSD system. Don't we all swear never to use open source, before we even get the implants ? As Cameron says "I like WordPress, even if it has had some security problems, and I don’t want to give it up". It astonishes people that Microsofties are free to use something they like. That's what customers do, a lot of the time that's why they choose Microsoft, but not always: that's why we have sites like port 25

And metaphorical tip of the hat to Kim; that post handles some pretty troll-like comments about the breach in a very deft way.