> What about opening the code to peer review and possibly handing it off to someone > else with more time to devote to it?
About a month ago, I did review every file in the MAWS and miniMAWS code. While there were a few minor issues that I mentioned to CBW, I didn't see any security vulnerabilities that could have been used to compromise the site in the way that it was. I have a good guess on how the attack took place (which is unrelated to the MAWS/miniMAWS code), but I can't know for sure without seeing the web server logs, which were never provided to CBW as far as I know.
|