Security Basics mailing list archives
Re: Is Basecamp - risky?
From: Eric Marden <security () xentek net>
Date: Sat, 15 Sep 2007 12:44:38 -0400
> So the short answer is: Don't use Basecamp if you care about security.
But how many products, services, and just about everything on the internet can this be said about?
I have used Basecamp for over a year, and have had no negative side effects.
No attacks, No exploits, no data loss or leakage.David's answer may not have satisfied the hardcore security geek in Jax, but it goes along with their philosophy of development (look at the 37 signals site for their eBook on the subject). Which is not to say that their philosophy is inherently secure or insecure - but if the people you are giving access to are going to muck about and try to break it, then that's more of a social problem, than a technical one.
I for one found it to be a great tool, and highly recommend it. ActiveCollab is another one to keep your eye on.
-= Eric Marden =- http://www.linkedin.com/in/xentek On Sep 14, 2007, at 3:17 PM, fukami wrote:
On 14.09.2007, at 16:53, Jax Lion wrote:http://www.basecamphq.com/indexHas your company or client use this tool or similar? What are the risk of online collaboration tools? What were the steps taken to reduce therisk?My old company used Basecamp. It has still a lot of XSS problems. I told David Heinemeier Hansen who answered the following:You can insert HTML many places in Basecamp by design. That's because the system is not public and working under the assumption that you only give access to people you trust. Which is very different from, say, an online discussion forum where everyone has access (and where you do need to worry about XSS).-- David Heinemeier Hansson Team BasecampThat was more than a year ago. In between DanBUK and me had some fun with an automation POC of time management and I used a (non- public) Basecamp AIR app for demonstrating an account take-over.So the short answer is: Don't use Basecamp if you care about security. Take care, fukami
Current thread:
- Is Basecamp - risky? Jax Lion (Sep 14)
- Re: Is Basecamp - risky? fukami (Sep 14)
- Re: Is Basecamp - risky? Eric Marden (Sep 18)
- <Possible follow-ups>
- Re: Re: Is Basecamp - risky? anonymous (Sep 18)
- Re: Is Basecamp - risky? Jay (Sep 19)
- Re: Is Basecamp - risky? Jax Lion (Sep 19)
- Re: Is Basecamp - risky? krymson (Sep 19)
- Re: Is Basecamp - risky? fukami (Sep 14)