[Evangelism] Hack Plone! Win a Mac!

Matt Hamilton matth at netsight.co.uk
Thu Nov 26 15:51:54 UTC 2009


On 26 Nov 2009, at 15:09, Norman Fournier wrote:

> Hello,
>
> Worst case scenario. What if we are wrong?
>
> Some smart punk hacks the plone and posts the hack or hints  
> somewhere. How many Macs can we afford to give away? How long can we  
> afford to pay lawyers to fight spurious claims in court?
>
> A risk analysis should be air-tight before any contest is  
> publicized. Even the smallest give-aways are fraught with legal  
> complications which is why contest legal copy takes so much space on  
> an entry form.
>
> For me, I am not liking this idea at all. I think there may be more  
> positive ways for plone to get this message across without exposing  
> the software to a million punk hackers with a goad like both Screw  
> Plone and Win a Mac at the same time!

You also might have difficulty getting the site hosted somewhere. If  
you can't get to Plone you then try the OS. If you cant get the OS you  
try the network... etc. For instance, probably the easiest way to get  
in there would be to do something like a password reset request and  
try and intercept the email, so you might then find an attack against  
an email server somewhere else as a result. Quite risky.

Hrmm... I wonder what Amazon would say about it? Wonder if you could  
host it on EC2? You could easily setup a FreeBSD server with Plone  
running on it. Lock everything else down (ssh via keys only etc). I  
guess you could privately invite Plone core developers to take a pop  
at it first, they are likely to know any 'weak' spots if any in Plone  
itself.

-Matt

-- 
Matt Hamilton                                       matth at netsight.co.uk
Netsight Internet Solutions, Ltd.           Understand. Develop. Deliver
http://www.netsight.co.uk                             +44 (0)117 9090901
Web Design | Zope/Plone Development & Consulting | Co-location | Hosting





More information about the Evangelism mailing list