Kim Cameron has an amusing post on the aftermath of his blog being hacked and defaced over the weekend.
The reason for the hack: a security bug in WordPress. More proof of the problem posed by millions of apps out there on the internet with no update mechanism in place. Security fixes are made available, but not applied. WordPress has improved this somewhat by introducing an alert when you log-in to an out-of-date installation, but it needs to go further and provide something more automated. Personally I recommend the Subversion install, for those with command-line access; I used it for the 2.3.1 update and it worked well.
But I digress. The amusing part of Cameron’s post is his link to the comments on a news report describing the defacement. I believe in the value of comments, but some of the leading news sites are afflicted by knee-jerk commenters with time on their hands, who twist every post into another salvo in the OS wars. An news item about a Microsoft “security” expert being hacked seemed an ideal candidate (though I don’t believe identity is the same as security). “This is a shining example why you should host on Linux + Apache,” says one comment.
As Cameron observes, his site and blog is hosted by a third-party and runs on FreeBSD + Apache.
Conclusions? First, the thoughtless commenters on this kind of site are doing the community a disservice, by discouraging others with more interesting contributions.
Second, it shows what some have to put with just because of their association with a particular company.
Third, keep your WordPress patched.