Did You Hear The One About The Hacker Who Stole The Open Source Code?

It may sound like a joke, but someone stole the WordPress code

Sounds like a dumb (take your pick - blonde, nationality, etc.) joke. The hacker who breaks in to steal the source code to an open source project. Pretty stupid you would think, huh? Reminds me of my honeymoon, I was ocean kayaking off the beach in Hawaii. I fell out of the boat and was floundering around on some sharp coral and stuff. I yelled to the lifeguard for help and he yelled back, STAND UP! Yeah, I was in 3 or 4 feet of water only. But truth is stranger than fiction. It seems someone broke into the Automattic (the people who make WordPress) servers and potentially stole the source code to WordPress.

If you see any IRC chats or anything about someone trying to sell the source code to WordPress, maybe you should report it to the authorities. Geez, all they had to do was ask for it or just download it from the website. But all kidding aside, according to the blog post from Automattic's co-founder Matt Mullenweg, they don't know exactly what was stolen in the break in on the server. In addition to the WordPress code there was some "sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited."  All in all it doesn't sound like anything to sensitive was taken.

Mullenweg's post then goes on to give some good general tips on security.  Actually one should take heed. There has been a rash of breakins lately especially of security vendors websites. If it can happen to them, it can happen to anyone. Even if you don't consider your own information that valuable to an outsider, it would appear that some will break in just because they can. They may not realize there is nothing valuable there until after they break in.

Also kudo's to Automattic and Mullenweg for disclosing and coming clean quickly. The whole issue of corporate disclosure over hacking incidents has recently come under scrutiny.  Just this week Barracuda Networks, a security vendor suffered a hacking incident. Soon after reports of the incident surfaced, the CMO of Barracuda posted a blog post explaining what happened. Their PR and marketing folks were all over Twitter about it as well.  However, Barracuda did not post anything on their regular website about the incident. This evidently didn't sit well with my fellow Network World blogger Jon Oltsik. He felt they should have had notice and apology on their main web page. 

I disagreed with Jon and commented as such. Also I wrote a full response about people in glass houses throwing stones on my own ashimmy, after all these years blog. Actually I think Barracuda's response was far superior than some other companies who have recently been hacked.  EMC's RSA division recently was hacked and required customers to sign an NDA before they would give details of what was hacked and other information.

So if you do get hacked and it can happen to anyone, how you respond and how you communicate is sometimes more important that what was taken. Especially if it was open source code they stole.

• Security
• Alan Shimel
• automattic
• hacking
• Matt Mullenweg
• open source
• WordPress