You may have noticed, over the past few days, some unusual tweets and blog posts from SE Laser.
It took a couple days to locate the compromise. We want to share it with you so you might avoid the same troubles. The hacker entered via the post-by-email feature on our blog here at selaser.blogspot.com. This feature allows users to blog by simply sending an email to a secret email address. When the email is received by Blogger, it is posted according to the settings previously selected by the user.
There is no password required when posting by this method. That's why the email address is secret. The address itself is the password for that feature. In our case, the address was easy to guess. We've disabled the feature on our blog for now. The strange messages are blocked.
We recommend to our fellow bloggers to be aware of this feature on Blogger and set the secret email to something more secure.
No comments:
Post a Comment