chris.armstrong - Slashdot User

IT Worker's Revenge Lands Her In Jail 347

Posted by samzenpus on Friday December 10, 2010 @02:19PM from the bad-idea dept.

aesoteric writes "A 30-year-old IT worker at a Florida-based health centre was this week sentenced to 19 months in a US federal prison for hacking, and then locking, her former employer's IT systems. Four days after being fired from the Suncoast Community Health Centers' for insubordination, Patricia Marie Fowler exacter her revenge by hacking the centre's systems, deleting files, changing passwords, removing access to infrastructure systems, and tampering with pay and accrued leave rates of staff."

Comment Re:Game or not, web app security is web app securi (Score 1) 105

by chris.armstrong on Monday June 28, 2010 @02:57AM (#32713974) Attached to: Security For Open Source Web Projects?

If you decide to go the route and publish your code, you could at least make an effort to set up the infrastructure to handle bug reports and issue reports from those who discover vulnerabilities. As long as you are proactive in following up any reports, people filing security-related bug reports will feel that they are being listened to, and won't be discouraged from reporting again. Because you want to use a MIT licence, there are plenty of free open-source hosting solutions who will be happy to host your code, provide you with a source code management server and an issue tracker and mailing list.

The other commenters have also given good advice on securing your server and limiting any damage that might arise from an attack. I would only add that you might wish to get someone to perform a code review on vulnerable modules before you release it, in order to minimise making any exploitable bugs apparent.

Slashdot Top Deals