Quote:
|
Originally Posted by smudge
What I was saying is: the membership donations data was leaked because whoever did the campaign because whoever did the campaign site did it on a virtual host of the same box that did the membership system and they fucked up. The membership data was on another virtual host on that same box. Labour would have cared more about the security of their membership data they they did on security around a flash campaign site which does nothing but provide a bit of information. But the lack of time and money spent of the security of that campaign site made it the weakest link and point of entry for the others.
It was a bad management decision to not treat them as something that had to be kept separate in the first place. For both security and conflict of interest reasons, being that the labour site is supposed to be run by parliamentary services and other sites not.
|
As I said, if you run one box badly you'll prolly run two boxes badly. From my understanding of the fault it wouldn't have changed the outcome if they had two servers split in the way you're describing. It may have taken longer to uncover the problem, it may have even gone undetected for the life of the system, but there's no indication to me the problem wouldn't have existed based on what the root causes of the problem were.
Again, there's a hugely misguided assumption going on that because good designs have multiple servers that multiple servers is inherently good design. That's just not the case, not in isolation. There are a world of ways you can fuck up a design where number of servers just isn't going to change the outcome.
Many many people think they're secure because they've met some checklist or they've spent a lot of money on "security" (cf, Hell), or because they have never been compromised. It's very naive and the day someone takes an interest in your servers you will find out just how quickly you can find your pants around your ankles.
In this case, I doubt Labour made any significant design decisions about how this was hosted at all (and almost certainly not what the root cause was). They contracted a company to host things for them, and like a lot of non-technical customers expected said company would do a reasonable job.
(I'm ignoring the rest of the non-technical parts of this discussion because honestly it's a mudslinging match I don't think is useful. I suspect if Slater had gotten so much as a 1x1 transparent GIF out of a directory he shouldn't have known about it would have immediately blown up into X hacked Y blah blah blah.)