[Evangelism] Hack Plone! Win a Mac!
matth at netsight.co.uk
Thu Nov 26 15:51:54 UTC 2009
On 26 Nov 2009, at 15:09, Norman Fournier wrote:
> Worst case scenario. What if we are wrong?
> Some smart punk hacks the plone and posts the hack or hints
> somewhere. How many Macs can we afford to give away? How long can we
> afford to pay lawyers to fight spurious claims in court?
> A risk analysis should be air-tight before any contest is
> publicized. Even the smallest give-aways are fraught with legal
> complications which is why contest legal copy takes so much space on
> an entry form.
> For me, I am not liking this idea at all. I think there may be more
> positive ways for plone to get this message across without exposing
> the software to a million punk hackers with a goad like both Screw
> Plone and Win a Mac at the same time!
You also might have difficulty getting the site hosted somewhere. If
you can't get to Plone you then try the OS. If you cant get the OS you
try the network... etc. For instance, probably the easiest way to get
in there would be to do something like a password reset request and
try and intercept the email, so you might then find an attack against
an email server somewhere else as a result. Quite risky.
Hrmm... I wonder what Amazon would say about it? Wonder if you could
host it on EC2? You could easily setup a FreeBSD server with Plone
running on it. Lock everything else down (ssh via keys only etc). I
guess you could privately invite Plone core developers to take a pop
at it first, they are likely to know any 'weak' spots if any in Plone
Matt Hamilton matth at netsight.co.uk
Netsight Internet Solutions, Ltd. Understand. Develop. Deliver
http://www.netsight.co.uk +44 (0)117 9090901
Web Design | Zope/Plone Development & Consulting | Co-location | Hosting
More information about the Evangelism