A flaw in Internet security has been discovered which, apparently, affects most web hosts. For a complete rundown on the issue see this post from The Moderate Voice.
I can’t say I’m surprised. A couple of weeks ago I informed my new web host that I suspected a mass security breach that might affect all of the sites they hosted. I won’t go into how I knew.
I think the strategy being used by many hosts and many sites, just silently fixing the problem, is a poor one. Indeed, I suspect that it might expose them to increased liability. My understanding is that in the United States conspiracy does not require that all of the participants perform overt criminal acts or even know each others’ identities. Exposing your customers to possible attack by not revealing the potential risks would seem to fit the bill.
While I understand web hosts’ desire to avoid revealing any problems that have occurred, I think it’s a poor strategy.
