Spammers Use Holes In Democrats.org Security

Attila Dimedici writes "According to Cloudmark, 419 spammers are using the democrats.org website to relay email and bypass spam filters. 'The abuse, which dates back at least to the beginning of this month, helps evade filters that internet service providers employ to block the messages. ... The messages were sent courtesy of this page, which allows anyone with an internet connection to send emails. The PHP script employs no CAPTCHA or other measure to help ensure there is a real human being behind each email that gets funneled through the service. The service allows messages to be sent to 10 addresses at a time and even provides a way for people to import contacts they have stored in their address book.'"

Not really a hole, more like open barn door

[HangingChad]

That wasn't so much a security hole as just bad programming. The equivalent of not merely leaving the barn door open, but designing the barn with no doors. Who thought that was a good plan? None of the developers spoke up and said, "Hey, this is a really bad idea!"

And, last I checked, the page was still up.

So...

Spammers are making liberal use of a democrat website?

Geniuses...

These are the same geniuses who want to be able to take down the internet when problems arise. They can't even manage themselves but want to control everything else. Go figure...

I warned them in 2006.

[Spazmania]

None of the developers spoke up and said, "Hey, this is a really bad idea!"

In point of fact, I spoke up. Loudly. And eventually resigned when the problems were not adequately addressed.

In August 2006 I wrote a white paper detailing the issues, including the "mail your friends" code that the invite URL falls under:

http://bill.herrin.us/composer.html

In fairness, the director of technology at the time no longer works for the DNC. The current guy inherited the problem.