Quote:
Originally posted by volante
If someone breaks into your house and paints your living room bright green while you're out, do you say to yourself "Shit! It's all my fault 'cos my security system wasn't good enough"?
|
If he only paints and does not break things, I would not only say "my security system is a crap and needs to be upgraded" but I also would thank him for showing me that my security system is crap. Also I have seen no one fuckin house security system that lets everyone to enter without even need of a key or special tool.
If your site can be defaced only by using a browser (lots of bugs do not need tools to be exploited), then it's the same as leting your house doors and windows open while you go out, and if your site has visitors, then in comparison a tourist touring service also passes through the street near your house all the time (20k site... 20k tourists passing on the sreet around your house).
Also, I think admins must administrate the servers they are suposed to administrate, and not go out.
How would you feel if you knew that your bank computer systems are vulnerable to security bugs reported 6 months ago but their admins do not give a fuck and don't patch them, so anyone could access to your bank account and transfer a random amount of $$$ to his own account?
If you have a server that hosts you, it's not very different, after all that server makes the money (or helps to make it) you get in your bank account.