hackable

One very good reason why I used to use my own blog was that I could be fairly confident in the security of my code.  I wrote it, and I knew that I had to keep the code as safe as possible from the obvious known hacks.  It also afforded me a chance to learn a bit more about how sites are hacked and what you can do to prevent it.  So it came as a surprise to me today to learn that there was a patch released yesterday to plug a very basic vulnerability in BlogEngine.Net.  I guess we can't all be perfect.  In fairness to the guys, the patch was released the day after it was reported, but its still worrying.

I guess I have to let go of my innate distrust of other people's software and trust that they know what they're doing.  Its either that or I have to start getting serious about looking at the source code I put on my server right from the start. The problem with that is that there is actually quite a lot of code to look at, and the codebase is getting bigger.  I've been looking at the new releases as they come out, and playing with them on my dev server.  However, I have been waiting for a major update before upgrading the code on my live server.  I guess this counted as that!  Anyway, passwords are now changed everywhere... just in case ;-)  Back to our regular scheduled program.