h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

First of all a big pat on the back to the Techies who worked frantically to get the servers back on-line Sunday, Monday and into Tuesday.

The concern I have is, in light of the regularity of server issues on the BBC sites just how secure is any personal data kept by the BBC on the same server systems?

If the servers are prone to crash with all manner of error messages due to an increase in 'traffic' does'nt this highlight a weakness in the system likely to leave it vunlerable to hackers and suchlike?

Traveller in Time nodding
"Confirmed."

"If the servers are prone to crash with all manner of error messages due to an increase in 'traffic' does'nt this highlight a weakness in the system likely to leave it vunlerable to hackers and suchlike?"

The issues we've seen aren't of the kind which can be exploited. This weekend's problem was pretty unusual, and even that gave no scope for exploitation. If the administrators of a system can't even get connections because the database is locked up, hackers are even less likely to be able to. Even if the database were accessible outside the BBC's private network, which it isn't. The usual weaknesses that hackers exploit are things like unchecked buffers and SQL injection. If these existed, they would be there regardless of how much traffic the servers are getting. DNA has had a third party security firm perform a penetration test on it, and they found no vulnerabilities. This doesn't mean new ones won't appear - existing holes do get found, but they are also regularly patched.

But no, it doesn't follow that suffering a server crash makes your system more vulnerable. And there's no indication that this crash was caused by an increase in traffic either.

Traveller in Time again confirming
"I have ever seen data I did not request for. During server hickups, some years ago, sometimes the TEXTAREA for writing your contribution did contain data from other users.

And the golden rule on the internet: do not trust anything or anybody. So do not send your creditcard number or other 'real' vulnerable information. "

Thanks for the reply Jim. I raised the issue after a failed attempt to hack my system recently and have since installed additional security measures as a result. I appreciate that ANY system is suspect to the determined hacker regardless of security by the same token any system with a potential weakness would become more vulnerable to attack.
I was citing traffic increase as an example rather than the cause on this occassion.