About Ben’s disclosure of the BBC’s weather feeds

Ben Metcalfe

I forgot I haven't publicly said anything about Ben Metcalfe highlighting the direct urls of the weather feeds. My take on the whole thing is simple – Security through obscurity.

A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them.

Security through or by obscurity, is generally a bad idea. By the BBC developer putting the urls inside a plain text javascript file, he or she was relying on Security through obscurity. Ben simply disclosed this information to the world. You could say well he should have let the BBC know, but like software vulnerabilities company's will sit on this information for years because its not important enough. Nope theres no douht in my mind that Ben did the right thing, and maybe taking down the blog post was a good idea for the BBC. We should be thankful and hell this might have spurred some movement on the backstage front? I do wonder if the javascript file in question still has the urls inside of it?

Comments [Comments]
Trackbacks [0]