Wednesday, July 12, 2006

Stolen Computers #2

Dirty Butter of Blog Village left a comment on my previous article Stolen Computers
Our Blogger blogs are hosted on our own domain. Are we at just as much risk as those blogs hosted on blogspot?


My immediate answer was "Somewhat". Then I realised that's pretty useless. A useful answer needs qualitative analysis.

Then I asked myself how relevant each of these issues are, anyway? So I rewrote the issues, and described them as threats. Some threats you can avoid, others you can't.

Threats that you may be able to avoid.
  1. Blogger accounts attacked by password guessing.
  2. Blogger blogs hijacked when deleted by the owner, and when deleted by a Blogger anti-splog bot.
  3. Blogger accounts attacked by identity theft.
    1. General unsafe use of personal computer.
    2. Unsafe use of personal computer in a public place.
    3. Unsafe use of any public computer.


Here you are vulnerable to an attack thru your Blogger account, which controls the Blogger database containing your blog, before publishing. You are not vulnerable to an attack against your blog, directly. The address of your blog (its URL) is not in the Blogspot domain. No botnets targeting Blogger will find your website, so you are safe there. Nor will any Blogger anti-splog bots scan your website.

Once attacked thru your Blogger account, you are only temporarily inconvenienced. You (not Blogger) control your external domain. You (not Blogger) can immediately, upon discovery of an attack, delete the splog content. Then you can restore your external website from backup (you are backing up regularly, right?).

My suspicion is that sploggers won't even bother to hijack an externally published blog, based simply upon the above. So in conclusion, you are probably safe.

Threats that you probably cannot avoid:
  1. Predictable online presence.
  2. Blog owners lack of technical experience.
  3. Blog readers lack of technical experience.
  4. Blogger blogs attractiveness to search engines.
  5. Homogenous nature of Blogger / Blogspot structure.


Here, I would suspect that your readers would be attractive targets, and your blogs attractiveness to search engines still makes it a juicy attraction to sploggers. But based upon the scenario above, I don't see them exploiting either of those factors.

In conclusion, for at least these threats, as analysed, I see the blogs published locally on Blogspot as being the only possible targets. Externally published blogs are not at risk.

(Edit 10/26): Today, I must revise the above assessment. Now, we see actual detection of a serious hijack of an externally published blog.

>> Top

1 comment:

Dirty Butter said...

This is good news to hear! I think I need to be more diligent in the strength of the password I use on Blogger, though. I have never considered that to be a place where I needed one of my "high powered" passwords, if you know what I mean. Now, I know better.

Thank you for taking the time to analyze my question. Your answer makes sense to me.

Oh, and I do back up each of our blogs fairly regularly. I download the whole blog via my FTP client to my hard drive, and I keep an up to date copy of the template in Notepad.

BV