[LINK] The Ethics (!) of Dodgy Web Designers

Ivan Trundle ivan at itrundle.com
Wed Apr 18 08:26:14 AEST 2007 

On 18/04/2007, at 7:44 AM, Rick Welykochy wrote:

> Craig Sanders wrote:
>
>> books, art, billboards, etc dont have the security issues that web  
>> sites
>> do. they're simple objects. web sites, even basic ones, are complex.
>
> It is so easy to accidentally leave your script-kiddy coded PHP  
> website
> open to spammers and worse that it ain't funny. Anyone know how simple
> it is to relay spam through an email-enabled PHP website? It  
> happens all
> the time. If you don't know what I am talking about you SHOULD NOT be
> coding websites.
>
> It is so easy to market and sell a crap operating system that we
> now have 100's of MILLIONS of zombie Windows boxes on the Internet
> that are responsible for an estimated 80% of the SPAM we receive.
> Compromised armies of Windows hellholes are now a commodity worth
> big bucks in criminal circles.

This is the far bigger problem: there are more Windows boxes than  
security-lax web servers in the world, and the complacency of people  
who use internet-connected desktop systems is staggering.

It also confounds me that well-educated friends of mine persist in  
using such machines, and a common refrain is that 'I used Nortons  
until it expired, but now my machine is messed up'. And when I  
suggest that they could improve the situation by either having better  
security, or to consider buying a better OS in future, they roll  
their eyes and make claims such as 'all machines have security  
problems...' etc.

If people bought houses without proper security, and discovered that  
their possessions were systematically removed or destroyed every few  
weeks (or had people camping in their lounge room), they would have a  
better grip on security, and would consider buying better locks.

In the web world, it amazes me that people simply accept that their  
desktop machine might be sluggish because it has been 'zombified', or  
that the data might have been copied to other locations without their  
knowledge.

I suspect that the same applies for web server operators: I don't  
think that they see security as an issue because they don't believe  
that they have anything worth stealing (often true), but fail to  
consider that others might use their site for nefarious purposes. In  
time, people will learn.

iT

More information about the Link mailing list