Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Spamalot' Subscribers to Get Spam ... a Lot

Posted by timothy on from the don't-make-such-a-fuss-I'll-take-yours-I-love-it dept.

CrazyWingman writes "It looks like the list of e-mail addresses subscribed to the lists for the Broadway show 'Spamalot' has been nabbed by spammers. The New York Times is reporting that the list was posted on a page that could be found by looking at the source of other Spamalot webpages. All I have to say is that I hope the creators of the Spamalot website have been sacked."

8 of 123 comments (clear)

  1. Not a professional job... by Saeed+al-Sahaf · · Score: 4, Insightful
    From the story:

    Both montypythonsspamalot.com, where 19,000 people had signed up for a newsletter, and movinoutonbroadway.com, where 14,000 had, were built by Mark Stevenson, a designer in Croton-on-Hudson, N.Y.

    Mr. Stevenson said he had hired a programmer, whom he would not identify, to add the list sign-up function to the sites. He said that the amount of resources put into security on the sites had seemed adequate, but "in retrospect, this was not enough, and we need to do more."

    Why would they use some obviously "home grown" half assed mailing list code when there are perfictly good and fairly sold apps out there like Mailman or EZmlm? Sounds like the "designer" hired some friend, prob. som kid who just learned about web scripting...

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
    1. Re:Not a professional job... by chromaphobic · · Score: 2, Insightful

      Calling him a web designer is a stretch. From looking through the other sites he did, they're all filled with shitty Dreamweaver and ImageReady code.

  2. Re:"To be spammed..." by Guido+von+Guido · · Score: 3, Insightful

    The article doesn't say whether or not anyone grabbed the actual mailing list. This is something they could presumably check by looking through the web logs. If the addresses were harvested by somebody's spam bot, I would assume they were added to the spammer's address database. I'm not sure it would have been obvious to anyone that they had been spammed because they had subscribed to the Spamalot mailing list. Anyway, my general assumption is that all spammers out there already have my email address. With effective spam filtering, it's only a minor nuisance.

  3. Developers to be blamed? by jamienk · · Score: 3, Insightful

    From my experience, though, often a web developer's clients push towards unsecure functionality because of cost/time considerations. I've been hired to add functionality to sites' existing shopping carts, for example, and when I've found and reported massive holes (a list of customers, orders, credit cards all accessable from a web page, for one), I've been met with heavy skepicism about the need to fix these holes now.

    "How would anyone find that page?"

    "Maybe we'll get to that once we add the international shipping feature."

    etc. It gets tiring. After a while, you feel unappreciated. I'm not saying that something like this happened here, but at this point, I don't know that it DIDN'T happen...

    My 2 cent American.

    1. Re:Developers to be blamed? by jamienk · · Score: 2, Insightful

      I often find myself just doing what the client wants if they insist. Sometimes it's harder to pull out of a project than to just try to mitigate the damage.

  4. Re:That programmer... by CableModemSniper · · Score: 2, Insightful

    Are you saying 'ni' to that programmer? What sad times these must be indeed where passing knaves can say 'ni' to programmers.

    --
    Why not fork?
  5. I think I found the page that caused the issues by neckdeepinspecialsau · · Score: 2, Insightful
    This looks like it spits out a search at the bottom of the thank you page.

    http://www.montypythonsspamalot.com/cgi-bin/spamal ot.cgi?email=

    This html is full of artifacts. I would be surprised if they actually hired a web developer and didn't just screw up and use some free script they didn't fully understand.

  6. Re:[examples] to be blamed? by jamienk · · Score: 2, Insightful

    You point to stuff. Your client sees that you might be right. (At this point, several exchanges over a few days or weeks.) They disappear for a while, to discus with their boss. They come back to you, reassuringly telling you that they don't think it's a problem. You object. They act annoyed. The entire project was supposed to be 1 days work for $300... You see what I mean?