A while ago I released an article explaining the key differences between hosting ones own blog and using a developer hosted blog like Blogger.

I stumbled across an old news post on Gaurdian around a year old this month where Google’s blog was hacked. Google said:

“A bug in Blogger enabled an unauthorized user to make a fake post on the Google Blog claiming that we have discontinued our AdWords click-to-call test…”

A more recent vulnerability or weakness in Blogger allowed hundreds of Blogger accounts to be compromised with a worm that was secretly embedded into user web pages.

With developer-hosted blogs like Blogger you just never know what to expect because you really have no control. Yes, a vulnerability can be found in user-hosted blog software like WordPress or Drupal, but defense in depth techniques like BlogSecurity’s recent article by Daniel on Mod_Security and WordPress can sometimes give us a fighting chance.