- Is Microsoft preparing us to move beyond Vista?
- Why Google wanted to lose wireless spectrum auction
- iPhone shortage fuels rumors of imminent 3G phone
- XP for cheap PCs: a second crack in the wall
- Darts into data: Leveraging random action to competitive advantage
- Most iPhone buyers are existing Apple customers
- AT&T's so-called open network principles
- Mono dev tool offered
- ActiveState upgrades IDE
- Serena plans SaaS products
September 12, 2006 | Comments: (0)
Update: Dems snagged Guv's tape
The campaign of Phil Angiledes, the Democrat taking on California Governor Arnold Schwarzenegger, has taken responsibility for passing an embarrassing audio recording of the governor to The Los Angeles Times, according to reports.
Cathy Calfo, Angiledes' campaign manager, is asserting that the campaign did nothing illegal in its actions, claiming that the audio file was freely available on Schwarzenneger's Web site; no hacking was required.
She also insists that the Democratic nominee was unaware that members of his campaign had swiped and shared the files until after the deed was done.
Schwarzenegger's campaign, however, said Tuesday that the sound files were stored "in a password-protected area of the governor's office network computer system."
However, CNet reported that the files were not password protected at all. From the CNet article:
The controversy may center on the design of the Web server called speeches.gov.ca.gov. The California government used it to post MP3 files of Schwarzenegger's speeches in a directory structure that looked like "http://speeches.gov.ca.gov/dir/06-21.htm.htm". (That Web page is now offline, but saved in Google's cache.)A source close to Angelides told CNET News.com on Tuesday that it was possible to "chop" off the Web links and visit the higher-level "http://speeches.gov.ca.gov/dir/" directory, which had the controversial audio recording publicly viewable. No password was needed, the source said.
The California Highway Patrol is continuing to investigate how the files got leaked.
In the recording, Schwarzenegger is heard speaking about the ethnic background of state Assemblywoman Bonnie Garcia. Commenting on whether she is Cuban or Puerto Rican, Schwarzenegger says: "They are all very hot. They have the, you know, part of the black blood in them and part of the Latino blood in them that together makes it."
The governor has since apologized for his comments.
Sure, there's some gossipy intrigue to all this, but the incident raises some interesting questions, both ethical and technological.
On the ethical front: Is it OK to snag and distribute information from a competitor if said information is clearly intended to be locked away? Is that part of the spirit of capitalism and the free market: exploiting your opponents' weaknesses for competitive advantage?
And technologically speaking, it might give some organizations cause to look at some of the technologies that evaluate just how well-protected your public-facing Web applications are. Are you, in fact, leaving the door wide open for a burglar to stroll in, pick up some data valuables, and stroll out undetected?
But the biggest question of all is: Why hasn't the media yet coined a pithy name for this little episode with the suffix gate?
Thoughts?
Posted by Ted Samson on September 12, 2006 03:05 PM
RATE THIS ARTICLE:
-
- COMMENTS
If Arnold had hacked Phil, it would be Terminatorgate already. If Phil's people hacked Arnold, it's will be just a mistake, because Arnold is a Republican (sorta) and they are evil(kinda) and anything you do to them is ok (mostly), or so it appears from much of what I read and hear in the media.
Posted by: Rand Rueter at September 13, 2006 07:24 AMWell let's see. Even though you state they were intended to be locked away, Other news sources have now stated the files were in PUBLIC FOLDERS. Trying to claim it was hacking or somehow burglary is a desperate claim. Let's face it. Schwarzenegger was just TOO STUPID to place the file in a Secure Private location. An now we will have to listen to the WHINEY crackpot Conservatives try to blame thier stupidity on hacking. Looks to me like the Governor has no clothes.
Posted by: PJ at September 13, 2006 08:49 AMI think one needs to consider what locked away means. The files do not seem to have been publically posted. Some had to alter a URL to get to them. They were not intentionally visible on the internet.
If someone sticks a camera under your window blinds and takes pictures, would you say that was publicly excessible cause your window as open, allowing someone to stick a camera under your window blinds??
The intent was that the files were not public and someone needed to take steps beyond just looking at an open folder to get them.
That striked me as criminal. And as one other has said, if Arnold did it to a democrat, all hell would be breaking loose!
Posted by: Scott DeAngelis at September 13, 2006 01:40 PMThe site does use an apache webserver. If a normal user uploads file they have to put them in a public_html directory by default. That pretty must says HTML files put in this directory are public. Furthermore, files have to world-readable to be served up.
If a directory other than public_html is used (for example something off htdocs/) the people running the site should be knowing what they are doing.
The directory index behavior controls what someone can see when they take the filename out of a URL. Shame on the admins for not controlling this.
I tend to lean conservative on many political issues and consider the governor's remarks embarassing and of poor judgement. I wouldn't fault anyone but his computer people for letting that data out.
Posted by: Jason Philbrook at September 14, 2006 09:43 AMTOP STORIES
ADDITIONAL RESOURCES
- Remote Access: Maintain Security and Decrease the Burden on IT
- Beyond AntiVirus: Symantec Endpoint Protection
- What Every Enterprise Needs to Know About VDI
- Disaster Recovery in Minutes
- Protecting Microsoft(R) Applications
- Reduce Recovery Times and Tape Costs
