There’s been some posts lately on so called “ethical” hacker sites about a potential security issue with sNews. The exploit that has been posted claims it can change the site backend settings. This would be a real threat for sNews users—if it was true. It’s not. To change backend settings you need admin priviliges or access to the database, neither of which is available to the public side of an sNews site (for obvious reasons). In other words, to maliciously wreck an sNews house you first need to break into it. Once you’ve broken in then obviously there’s not much we can do to stop you from making a mess, tearing down bookshelves and paintings, or helping yourself to what’s in the fridge. But that goes for any backend system, doesn’t matter what it’s called.

I’m sure I don’t have to remind anyone that breaking & entering is a felony, punishable by law, regardless of intentions.

Real hackers, who actually are really smart people, would know this from the start. Real hackers wouldn’t post exploits that so obviously are wrong and non-doable (that’s probably not a word but anyway). For one thing it would ruin their reputation in the hacker community. To me (who is not a hacker, cracker or spammer) this recent exploit posting seems more like a desperate attempt to point a dirty finger at a system; to shout out an accusation and hope that the general audience doesn’t bother to look at the validity of the claim but instead just hear that it’s an accusation. If accused must be guilty, right? No smoke without a fire. Right? No– sometimes there’s just smoke. And sometimes the smoke is nothing but a misdirection.

I would actually say that the so-called hackers that have posted these speculative exploits are on the same, low, low level as comment spammers. They have nothing better to do so they seek out a system to target and set out to do damage. No purpose, just wreck something. It’s fun, right? Wrecking things is easy, and you never suffer the effects of the wrecking, you don’t have to clean up the mess afterwards. Building things isn’t so easy, it takes time and effort, and while building something you’re always vulnerable to those that want to wreck things, those that like hacking ’n spamming stuff.

In conclusion: the recent exploit posts regarding a vulnerability in sNews where the backend can have its settings altered are ignorant at best. Posts in forums and such about this exploit should be considered nothing more than spam. I’m not saying that sNews is a perfect system or that it can’t be improved in different areas. But this is not the way of going about it. This is just stupid.