back to article TechCrunch defaced by self-professed 'white hat' hackers

Startup tech news blogger TechCrunch appears to have suffered a security breach by online graffiti vandals. The site, which at the time of writing blogs about Google, AOL and various startups nobody's ever heard of before or since, appears to have had one of its bloggers' login credentials compromised. You got pwned Devin …

  1. NotBob

    New ad?

    We'll hack you for free or, for a grand, we'll warn you in advance and might just send an email instead of changing the home page.

  2. Aodhhan

    Oh c'mon

    If you host anything on WordPress you have to be willing to have your site hacked. I've said it before, WordPress is a training site for web service hacking.

    If you're going to use it, only use WordPress for information... and then monitor it closely in case someone does gain access. Don't use any of the plugins, or anything which holds or allows access to backend components. In fact, if you're going to use it... don't put it on your network; instead, use a web hosting site.

    Oracle database, Flash, Java, WordPress... four things you should keep on top of if you have any cybersecurity responsibilities.

    Lift your nose in the air and turn away from vendor which doesn't provide web services using HTML5.

    1. Trevor_Pott Gold badge

      Re: Oh c'mon

      Not entirely sure you know what you're talking about.

      It's reasonably easy to secure Wordpress from any but the best of the best. You can hide the administration URL either through obfuscation or by ensuring it only responds if you are SSHed/VPNed in. You can enable 2 factor authentication. You can put rate limiting and auto-banning on.

      Wordpress is also fairly easily configured to auto-update.

      In short: while there are risks with Wordpress, just as with any software, it has come a long way and is absolutely ready to be used professionally. Assuming you have the foggiest clue in hell what you're doing and take the time to secure it.

      Of course, your custom-coded website that isn't regularly reviewed and is full of at least as many bugs per line as Wordpress will totally be safe and secure, while remaining as functional over time and with a TCO that is even remotely close. Sure is.

      Now excuse me while I dig out my fuzzer...

  3. eriksolo

    "White Hat" huh?

    They are hosted in Romania but they use the word "Staffs" instead of "staff" for their services.

    I thought the definition of "White Hat" was not breaking into anything you do not have permission to break in to, to me this would be "Grey Hat".

    A Black Hat will put a pile of dog poo on your welcome mat.

    A white hat will clean the dog poo on your welcome mat and provide you with steps to poo proof your entry way.

    A Grey Hat will ring your door, and when you answer they will grab the poo and throw it inside while saying "Look what you almost stepped in!"

  4. Kanhef

    Probably not even hacked

    The 'we never change our passwords' bit suggests that they found his login information in a data dump from a years-old breach and decided to see if it still worked.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon