Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking the Governator

Posted by ryuzaki0 on from the call-that-a-hack? dept.

mytrip writes, "The Democratic rival to California Gov. Arnold Schwarzenegger acknowledged that his aides were responsible for obtaining a controversial audio file, in which the Governator was heard disparaging members of other races, in a move that has led to allegations of Web site hacking. A source close to Angelides told CNET News.com that it was possible to 'chop' off the Web links and visit the higher-level 'http://speeches.gov.ca.gov/dir/' directory, which had the controversial audio recording publicly viewable. No password was needed, the source said." And jchernia notes, "As an aside, the California Highway Patrol is running the investigation — maybe the Internet is a truck after all."

10 of 382 comments (clear)

  1. Deep linking, move alone by kherr · · Score: 4, Insightful

    Gee, content freely accessible via URLs on the WWW? What a novel concept.

    This is simply a matter of deep linking. Just because there's no page with a link to a URL doesn't magically make the accessible URL off-limits. Security through obscurity isn't. If the governator didn't want people to get it they shouldn't have posted it on their web site. Or at least put some form of authentication on it.

    1. Re:Deep linking, move alone by TWX · · Score: 4, Insightful

      I'd counter with the RFC for HTTP. The protocol is designed to provide content located in a designated directory structure on the file system. Anything located in that file structure that isn't specifically covered with a password is supposed to be available to any browser. And as for someone saying that it wasn't provided in an index or referrer page, I'd compare it to large college textbooks or anthologies that don't have every single entry itemized in a table of contents or index, and how published content (which I believe the Web has been acknowledged as) would compare.

      Fact of the matter is that this audio clip was put in a place that was easily found and was obviously placed there intentionally. If it wasn't there intentionally, the webmaster is responsible through negligence, not the opponent's campaign.

      Oh, there's also the little matter of it being posted on the government's web site, which is supposed to belong to every resident of California...

      --
      Do not look into laser with remaining eye.
    2. Re:Deep linking, move alone by cpuffer_hammer · · Score: 4, Insightful

      I would say that the individual sent a request for a copy of the recoding to the governors office. The office was foolish and send a copy of the speech to the requestor. Sounds to my like a staff training problem. Staff member will have to go for reeducation, and be reprogrammed.

  2. Not "Hacking" by MarkusQ · · Score: 5, Insightful

    I'm sorry, this is not "Hacking," it's the way the web works. They sent the web server a URL, requesting a document, and the web server gave it to them. They didn't do anything nefarious, underhanded, or tricky. The didn't claim to be anybody they weren't, there was no phishing or pretexting or anything like that involved.

    Imagine they had called the governor's office and said "Hi, got anything incriminating about the guv on file?" and when told "Sure, would you like a copy?" they said "Yes please!" What would people think then? It's the same darned situation here.

    --MarkusQ

    1. Re:Not "Hacking" by MarkusQ · · Score: 5, Insightful
      I'm sorry, this is not "Hacking," it's the way the web works. They sent the web server a URL, requesting a document, and the web server gave it to them. They didn't do anything nefarious, underhanded, or tricky. The didn't claim to be anybody they weren't, there was no phishing or pretexting or anything like that involved.
      I don't know how you can be so supportive of this activity as it's a dangerous and unclear line to take. Exactly what separates this from an SQL injection attack or spoofing a session ID within a URL? Afterall, you're just sending the webserver a URL/packets, how it responds is their problem, right? I don't think so. It's not like they were just choosing URLs at random. Even if the accused did the most basic form of this attack (i.e. server directory listings), they were still intentionally using URLs designed to trick the server into giving them access to material they knew they weren't authorized to access.

      The difference, as I stated, is that they were using the system the way it was designed to work. The whole reason browsers have address bars is so that you can type in URLs. The reason web servers respond with a list of the files in a directory is so that users can type in a partial URL and get a comprehensible list of alternatives to choose from.

      Spoofing, SQL injection, etc. involve using things in ways that they were never intended to be used, breaking them in order to get access to something that the system was designed to prevent access to. It is the exact opposite of what happened here.

      And as for your final point, how are they supposed to know that they aren't supposed to have access to something, when it is made available to them using the basic public interface as it was designed to be used, and none of the dozen or so ways to prevent them from gaining access were used? That seems to me to be a much more dangerous precedent, since you could retroactively criminalize almost any use of a web site by saying "Well, you should have known that you weren't supposed to look at that page!" and suddenly you've made somebody into a cyberterrorist by fiat.

      --MarkusQ

  3. Re:Disparaging members of other races? Hardly by groman · · Score: 4, Insightful

    Disparaging or not, and Arnold may or may not be racist, it still attributes personality traits based on racial ethnicity. That's racism by definition. It doesn't matter whether or not said traits are good or bad - its still racism.


    Umm, no it's not, at least about as much as targetting Cosmo towards women is sexism. Racism requires either preferential treatment, prejudice or implicit or explicit claim of superiority. Simply attributing a neutral personality trait to a broad ethnic or cultural group and using historical ethnic or cultural heritage as supporting evidence is NOT racist. It's a broad generalization, maybe, but it implies no claim to superiority nor attempt to disparage.

  4. Re:gross generalizations by Grym · · Score: 4, Insightful

    That said, it's not a question of whether the adjectives used are 'complimentary' or not, but rather the generalization across an entire race that offends (some) people. They feel that racial generalizations (aka stereotypes) are unhelpful and inaccurate, and have a major history of abuse.

    So what? This was an off-hand remark made in private. Have we come to the point where every word one says must be parsed and examined for any trace of anything that might offend the most hypersensative among us lest he or she be branded a racist?

    -Grym

  5. Ok but pretending all races are the same is stupid by Sycraft-fu · · Score: 5, Insightful

    Seriously, if not being racist means pretending like there are no racial division, then everyone is a racist and you make the term meaningless. Clearly different races are different physically, if nothing else. That's why the whole concept exists in the first place. If we all looked the same, there'd be no concept of race like there is today.

    Well, something else we know is that humans like to use generalities. We like to generalize traits, trends, whatever. Helps us deal with understanding overall patterns in data. Thus it should be no surprise that traits get generalized to races. Happens to other things too, you can see all the traits that get generalized to geeks (like not having girlfriends) here on Slashdot.

    So if you are going to get all bent every time someone makes a race related observation, ask yourself why. Is it because you think they are a bad person, with a malfunctioning brain? Or maybe is it because you yourself find that you generalize based on things like race, but don't want to admit or verbalize it?

    Look the answer to racial division in this country isn't to hide it, to try and pretend like we are all the same and make it taboo to talk about. The answer is to talk about it, to laugh about it, and to understand and accept it. We are all different, physically, mentally, socially, etc. We need to celebrate our differences and understand that they aren't a reason to hate. Trying to hide away from them and make them taboo won't do any good.

  6. Re:gross generalizations by crashcodesdotcom · · Score: 5, Insightful

    Generalizations or stereo-types exist for a reason. If I look at an electric range and one of the burners is red, I am going to try to avoid touching it. It is possible however that the burners are simply painted or dyed red and not currently dangerous. Now when I get closer to the range and I'm able to tell no heat is being emmitted and it's not really glowing, I probably wont be as cautious. Generalizations and stereo-types are useful in filling in some gaps of unknown information until better data is availabe; but ultimately should be treated as unreliable. People shouldn't take serious action just based on a stereo-type. Forget offensive. That's just dumb.

    Taking offense at someone voicing or defining their own stereo-type. Bah! Sounds kinda silly to me. How bout I get really pissed the next time someone offers me sunblock? "OMG, they assume because I have white skin that I'm prone to sunburns! How dare them!" Hehe, yeah that would be pretty silly.

    So, I think I get what your saying about history of abuse and all; but it's the abusers that should be punished not the concept of stereo-types.

    My two cents.

  7. Try the real version by Quiet_Desperation · · Score: 4, Insightful

    1. Republican (barely) makes SLIGHTLY off color remark that bothers no one, especially the woman the remark was about, who thought it was funny.

    2. L. A. Times prints the story from an "anonymous" source without bothering to do any verification.

    3. Despite no one with a functioning brain thinking the comment was anything to even care about, extensive media coverage is given to the blubbering hand wringing and panty soiling histrionics of various key Democrats, including Arnold's opponent, who act as if he was caught eating babies on video.

    4. It is revealed that the file was taken from a computer by members of the Phil Angelides staff, possibly illegally, and that the L. A. Times probably knew more about the source than they originally let on, suggesting political dirty tricks collusion.

    5. Not one mainstream reporter asks the Phil Angelides campaign what happpened to their pledge of "sticking to the issues".

    The leftists on Slashdot and elsewhere torture logic to the point that the UN considers issuing a stern finger wagging.