A Preview Of Things To Come?
Charles Johnson at LGF found a few security holes on my.barackobama.com. After posting several of the holes he found, Obama is now advertising for an information security expert.
Obama for America is looking for a network security expert who wants to play a key role in a historic political campaign and help elect Barack Obama as the next President of the United States.My question: shouldn't they have thought about this, I don't know, before they started launching websites?
In this role, you will be responsible for:
* Analyzing the network architecture for the My.BarackObama website
* Leading an overhaul of existing security systems and architecture, including policy, firewall, VPN, and networking equipment
* Developing a strategy for responding to hack attempts, DDoS attacks, and other potential threats
* Establishing and managing the security posture of the online campaign My.BarackObama
Information Technology is my field, specifically Information Security. There is absolutely no way I would have ever let their site go live the way it was. They have made some of the most amateurish, rookie mistakes you can make. Half of their directories were left wide open for the internet to browse. Who knows what else they've left. I would bet dollars to donuts that if you searched their servers you would find more than one piece of malware and probably a nice collection of pr0n that somebody has stashed there.
So, if Barack can't even plan enough to make sure he has adequate security for a simple campaign website, are you really ready to put him in charge of the free world? You think he'll plan a little more when negotiating with Achmanutjob than he has planned for protecting his donors from identity theft*?
Me, I'm not so sure.
*I'm not saying that anyone has lost their identity because of making donations on his site. However, if his campaign can't even secure a directory, what do you think the chances are that their SQL or MYSQL databases have adequate security? I'm guessing it's not much.