Posted on behalf of STC President Hillary Hart
On Tuesday, 29 March 2011, when STC posted a message about “unauthorized intruders” on the website, STC staff did not know exactly how the development site had been compromised. We have since learned that the unauthorized access was made possible temporarily by a redirect from a 404 page. However, upon redirect, the URL clearly indicated that this was a staging site. Anyone familiar with website development knows that accidental access to a staging area should be reported immediately.
Two people have taken credit for the incident. They first detailed in their Twitter streams and later on their blogs that they noticed “staging” in the URL and were aware that they were in an area of the site where they shouldn’t be. One of the two also broadcast the URL to his Twitter followers.
This incident resulted in additional work for our development team, who had to move the test site (because the URL had been tweeted), clean up the profiles, and then repeat the test that was underway. This extra work is costing hours of additional staff time.
Imagine a similar incident happening in your organization—two customers getting in to a development site and messing around—What would your company do? How would they address this situation? Our primary concern was to address the problem.
The web team at STC quickly fixed the 404-page redirect. They are also continuing to work hard to get the MySTC Network scrubbed, tested, and up and running for our membership.
The STC staff and Board are all focused on delivering the best possible product for our members. Our communications about progress have not been as frequent as we would have liked, but we are committed to providing more regular updates going forward. I can’t tell you how much I look forward to writing again soon to announce the launch of MySTC!
Until then …