« Home | Double Standard Anyone? » | Marching Toward Socialism » | Must Read Site » | Is The Truth Relative? » | Sixty Four Years Later » | Rich People Are Smarter » | Unfortunately, They Are Serious About This » | Pop Quiz Time » | Eats, Shoots And Leaves » | I'm An Actress.. I'm Very Important.. You Should... » 

Wednesday, June 11 

A Preview Of Things To Come?

Barack Obama, the messiah and hope for the future, is apparently not capable of thinking things through ahead of time.

Charles Johnson at LGF found a few security holes on my.barackobama.com. After posting several of the holes he found, Obama is now advertising for an information security expert.
Obama for America is looking for a network security expert who wants to play a key role in a historic political campaign and help elect Barack Obama as the next President of the United States.
In this role, you will be responsible for:

* Analyzing the network architecture for the My.BarackObama website
* Leading an overhaul of existing security systems and architecture, including policy, firewall, VPN, and networking equipment
* Developing a strategy for responding to hack attempts, DDoS attacks, and other potential threats
* Establishing and managing the security posture of the online campaign My.BarackObama
My question: shouldn't they have thought about this, I don't know, before they started launching websites?

Information Technology is my field, specifically Information Security. There is absolutely no way I would have ever let their site go live the way it was. They have made some of the most amateurish, rookie mistakes you can make. Half of their directories were left wide open for the internet to browse. Who knows what else they've left. I would bet dollars to donuts that if you searched their servers you would find more than one piece of malware and probably a nice collection of pr0n that somebody has stashed there.

So, if Barack can't even plan enough to make sure he has adequate security for a simple campaign website, are you really ready to put him in charge of the free world? You think he'll plan a little more when negotiating with Achmanutjob than he has planned for protecting his donors from identity theft*?

Me, I'm not so sure.

*I'm not saying that anyone has lost their identity because of making donations on his site. However, if his campaign can't even secure a directory, what do you think the chances are that their SQL or MYSQL databases have adequate security? I'm guessing it's not much.

Labels: , , ,

My question is: Did Charles Johnson break any anti=hacking laws by trespassing through the website's security?

Which is actually a valid question. Depends on the extent of his exploring. The only thing I saw that he published was that they had several directories that weren't protected, which anyone could stumble upon and doesn't break any laws, as long as you don't use that information to then further attempt to compromise the server. It also seems that he's done them a little bit of a favor, as they have at least plugged all the holes that he pointed out to them.

Post a Comment
Copyright (c) 2007, Frankly Speaking.