undefined | Better HN

0 pointsaaron69513y ago0 comments

No they are not bugs, in any way, shape or form. I think you are missing the technology and ethos of website design here.

Web scanners do massive offensive attacks. They basically DOS attack your site in many ways, trying millions of attack vectors.

Mitigating against vandalism is very hard. It hurts users the more you do. Generally you leave it as open as possible and it is ok, since it's not a security issue per se and most sites can live their lives never having been attacked this way.

There's no money in vandalism and unless you piss off skilled or determined people it won't be abused.

Someone could write a script to cause thousands of $ damage to wikipedia without much trouble. But wiki chose's to leave itself open and take the risk. They don't have a bug. They are trying to do the right thing by users.

0 comments

aquadrop13y ago

> No they are not bugs, in any way, shape or form. Maybe not all, but some of them are.

I think you mentioned different issue here, puerto called unauthorized check 'unethical' and you talk about performance. If Mr. Al-Khabaz used some noninvasive scanner, which didn't bring any serious technical overhead, is it ok by you?

> Someone could write a script to cause thousands of $ damage to wikipedia without much trouble. But wiki chose's to leave itself open and take the risk. They don't have a bug. I don't really understand what do you mean when you say 'open', open to what? But I think wiki has some protection mechanisms, because at their scale if someone could easily bring them down, someone would.

aaron695OP13y ago

As per my link to a direct article by the makers of the scanner he used, it is invasive. What more do you want?

Yes, passive scanning is fine with me, it's probably legal in most countries, but this is not certain (See Google and wifi). But I don't see the relevance to the conversation.

Passive automated scanning is fairly useless so it's not really used.

Fact is he broke the law at a criminal level and caused damage, if you can't see this, you really have no idea of the reality of the technology he was using.

But what should happen to him for it is a discussion for a different thread.

j / k navigate · click thread line to collapse