Diaspora? mal analysiert

Kommentieren Sep 24 2010


Patrick von kalzumeus.com hat sich mal die pre-alpha von Diaspora? hinsichtlich Sicherheit angeschaut.

Es kam leider nichts erfreuliches dabei raus.
Nun hat man ja das Argument, dass es ja eine pre-alpha ist. Aber bei der Sicherheit einer Anwendung darf man nicht von hinten anfangen. Nein, man muss von ANFANG AN an die Sicherheit denken. Ansonsten wird das nichts.

Security Lessons Learned From The Diaspora Launch

Last week, Diaspora?—?the OSS privacy-respecting social network?—?released a “pre-alpha developer preview” of their source code. I took a look out it, mostly out of curiosity, and was struck by numerous severe security errors. I then spent the next day digging through their code locally and trying to get in touch with the team to address them, privately. In the course of this, I mentioned obliquely that the errors existed on Hacker News, and subsequently was interviewed by The Register and got quoted in a couple of hundred places.

via: neoterisch.de