Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking the Governator

Posted by ryuzaki0 on from the call-that-a-hack? dept.

mytrip writes, "The Democratic rival to California Gov. Arnold Schwarzenegger acknowledged that his aides were responsible for obtaining a controversial audio file, in which the Governator was heard disparaging members of other races, in a move that has led to allegations of Web site hacking. A source close to Angelides told CNET News.com that it was possible to 'chop' off the Web links and visit the higher-level 'http://speeches.gov.ca.gov/dir/' directory, which had the controversial audio recording publicly viewable. No password was needed, the source said." And jchernia notes, "As an aside, the California Highway Patrol is running the investigation — maybe the Internet is a truck after all."

8 of 382 comments (clear)

  1. If that's hacking by Anonymous Coward · · Score: 5, Funny

    then my grandma is a copyright violator. Oh, wait ...

  2. Wow, they must be really good... by Anonymous Coward · · Score: 5, Funny

    Chopping off URLs.... oh my, these h4x0rz are scary as shit! Hide your megabytes, kids!

  3. Not "Hacking" by MarkusQ · · Score: 5, Insightful

    I'm sorry, this is not "Hacking," it's the way the web works. They sent the web server a URL, requesting a document, and the web server gave it to them. They didn't do anything nefarious, underhanded, or tricky. The didn't claim to be anybody they weren't, there was no phishing or pretexting or anything like that involved.

    Imagine they had called the governor's office and said "Hi, got anything incriminating about the guv on file?" and when told "Sure, would you like a copy?" they said "Yes please!" What would people think then? It's the same darned situation here.

    --MarkusQ

    1. Re:Not "Hacking" by MarkusQ · · Score: 5, Insightful
      I'm sorry, this is not "Hacking," it's the way the web works. They sent the web server a URL, requesting a document, and the web server gave it to them. They didn't do anything nefarious, underhanded, or tricky. The didn't claim to be anybody they weren't, there was no phishing or pretexting or anything like that involved.
      I don't know how you can be so supportive of this activity as it's a dangerous and unclear line to take. Exactly what separates this from an SQL injection attack or spoofing a session ID within a URL? Afterall, you're just sending the webserver a URL/packets, how it responds is their problem, right? I don't think so. It's not like they were just choosing URLs at random. Even if the accused did the most basic form of this attack (i.e. server directory listings), they were still intentionally using URLs designed to trick the server into giving them access to material they knew they weren't authorized to access.

      The difference, as I stated, is that they were using the system the way it was designed to work. The whole reason browsers have address bars is so that you can type in URLs. The reason web servers respond with a list of the files in a directory is so that users can type in a partial URL and get a comprehensible list of alternatives to choose from.

      Spoofing, SQL injection, etc. involve using things in ways that they were never intended to be used, breaking them in order to get access to something that the system was designed to prevent access to. It is the exact opposite of what happened here.

      And as for your final point, how are they supposed to know that they aren't supposed to have access to something, when it is made available to them using the basic public interface as it was designed to be used, and none of the dozen or so ways to prevent them from gaining access were used? That seems to me to be a much more dangerous precedent, since you could retroactively criminalize almost any use of a web site by saying "Well, you should have known that you weren't supposed to look at that page!" and suddenly you've made somebody into a cyberterrorist by fiat.

      --MarkusQ

  4. CHP by matt2413 · · Score: 5, Informative

    The CHP merged with the California State Police in 1995. They are the law enforcement authority on CA state property.

    http://www.chp.ca.gov/html/history.html

    --
    Matt
  5. Ok but pretending all races are the same is stupid by Sycraft-fu · · Score: 5, Insightful

    Seriously, if not being racist means pretending like there are no racial division, then everyone is a racist and you make the term meaningless. Clearly different races are different physically, if nothing else. That's why the whole concept exists in the first place. If we all looked the same, there'd be no concept of race like there is today.

    Well, something else we know is that humans like to use generalities. We like to generalize traits, trends, whatever. Helps us deal with understanding overall patterns in data. Thus it should be no surprise that traits get generalized to races. Happens to other things too, you can see all the traits that get generalized to geeks (like not having girlfriends) here on Slashdot.

    So if you are going to get all bent every time someone makes a race related observation, ask yourself why. Is it because you think they are a bad person, with a malfunctioning brain? Or maybe is it because you yourself find that you generalize based on things like race, but don't want to admit or verbalize it?

    Look the answer to racial division in this country isn't to hide it, to try and pretend like we are all the same and make it taboo to talk about. The answer is to talk about it, to laugh about it, and to understand and accept it. We are all different, physically, mentally, socially, etc. We need to celebrate our differences and understand that they aren't a reason to hate. Trying to hide away from them and make them taboo won't do any good.

  6. Re:gross generalizations by crashcodesdotcom · · Score: 5, Insightful

    Generalizations or stereo-types exist for a reason. If I look at an electric range and one of the burners is red, I am going to try to avoid touching it. It is possible however that the burners are simply painted or dyed red and not currently dangerous. Now when I get closer to the range and I'm able to tell no heat is being emmitted and it's not really glowing, I probably wont be as cautious. Generalizations and stereo-types are useful in filling in some gaps of unknown information until better data is availabe; but ultimately should be treated as unreliable. People shouldn't take serious action just based on a stereo-type. Forget offensive. That's just dumb.

    Taking offense at someone voicing or defining their own stereo-type. Bah! Sounds kinda silly to me. How bout I get really pissed the next time someone offers me sunblock? "OMG, they assume because I have white skin that I'm prone to sunburns! How dare them!" Hehe, yeah that would be pretty silly.

    So, I think I get what your saying about history of abuse and all; but it's the abusers that should be punished not the concept of stereo-types.

    My two cents.

  7. The Governor's sharing audio files? by Panaqqa · · Score: 5, Funny

    Shouldn't the RIAA be suing over this?