So, is blogging software insecure? How can this be? I am not sure about specific blogging solutions, but I do know from my sources that most Unix systems that are compromised these days are invaded through weaknesses in PHP and Web software. There is no excuse for this in my mind: We ought to be able to engineer robust solutions, perhaps requiring some limitations on capabilities.
So I need a blog, because good service requires RSS feeds. I could go to someplace like blogspot and leave it to others, but I want to understand the issues, and see if a strong solution can work with my strong Web browsing solution.
And it does, if I don't allow comments and other user-created stuff.
"Working securely" means that it meets a set of threats I have worried about for 20 years: invasion over the network from afar. I can (and have) made a list of the threats that I worry about. The assurance level I require is higher than most people. Am I just overly frightened, or eager not to have to clean up the mess?
I think there is a need for super-secure services of all sorts, if they can be managed. And we aren't doing very well right now, except perhaps in the financial and commercial online access area. I discussed "super-secure" blogging with other security friends at Usenix Security last weekend, the likes of Steve Bellovin, Matt Blaze, and Ed Felton. We all care about super-secure services, and each tends to build our own. Most solutions were similar to mine.
As a writer, you probably need a user comment area, so the solution you use is going to be more dangerous. But you would probably just have the IT department fix the problem, and move on if you got defaced.
I want a strong level of security confidence, born of simplicity, easy auditablity, and layers to protect my services, so I can think about other things.
One example: There was an openssl security hole revealed about five years ago. Though the hole would allow someone to spoof my Web server, it was jailed, and the server was safe. I assume that the software I use is insecure. Everyone should be engineering solutions that make this assumption.
Browsers and mail readers are unlikely to ever be secure: They require too much functionality. We propeller-heads have to engineer containers to make these safe to use.
So, the fruits of this labor are two: one, a working blog, and two, a set of notes suitable to instruct the curious on how to replicate the arrangement.
Spoken like a true propeller-head.
By the way, the bloom appears to be off Cheswick's iPhone infatuation, witness this "My iPhone Sucks" rant of his posted yesterday with his new super-secure blogging set-up. "Little did I know that an update was a few hours away," he tells me this morning. "I haven't played with it enough to see if they fixed it."