.comment-link {margin-left:.6em;}

Thursday, September 21, 2006

A more pathetic day I have never seen...

Today has to be one of the most pathetic days I have ever seen in Minnesota Politics. This "security breach OMG liberal blogger did something illegal OH NOES!" nonsense gives anybody with any knowledge at all a huge, gigantic, monstrous headache. The fact that Mark Kennedy and his Republican underlings have no problem lying to exploit this non-issue is, quite honestly, disgusting.

First, the "hacking" of Scott Howell's website by Noah Kunin. Simply put, you can't hack security that doesn't exist. The allegation is that Noah went to http://www.scott-howell.com/netview.html and then "hacked" where it says "enter a password." Now, to somebody who is ignorant about the web, that may look huge and foreboding. But how can it be security when you are just asked for a password, not a username? Without both, there is no way to authenticate the user, even if you do make the "password" box have little stars in it. And where's the Secure Sockets Layer (SSL) that secure websites are supposed to have? Do you see an "https://" in front of that address? I don't.

Becuase it's not a password, and the site is not password-protected by any means. Enter some random gibberish in that box to see what I mean. Say you enter "bob" in the box. You simply get forwarded to http://www.scott-howell.com/cybersession/bob.html. If you enter "mde", you will be forwarded to http://www.scott-howell.com/cybersession/mde.html (of course, neither of these websites really exists). If you simply typed in the URL directly into your web browser, you would get to the same place without a fake "password" prompt. There is no security there.

Now, I'm not saying that what the Klobuchar campaign did was wrong, or that Noah Kunin did the right thing when he discovered that Scott Howell's website was coded by an idiot (and I hope that Mr. Howell has fired whoever is in charge of his web security, because that kind of mistake should not be made by somebody who has even a rudimentary knowledge of the web). I fail to see how Kunin did anything truly illegal; he just figured out that Scott Howell's web minions coded some shortcut, called it a "password", and hoped that nobody would figure out that all of their web pages are public. Putting a sign on a door saying "This door is locked" doesn't make it locked; putting up a webpage asking for a "password" does not mean you are securing your site.

Then we get to Mark Kennedy's "securing" of his website because Scott Howell's was "hacked." Forget for the moment that Howell's website was not hacked. Forget that it is completely absurd for one person to "lockdown" their site because another site, somewhere else on the interwebs, was insecure. The most pathetic, and most disingenuous thing is that Mark Kennedy has done nothing to secure his website. Not a single damn thing, except to put up some WATB page that all of his other pages redirect to instantly.

But are his old pages gone? Are they secured? Are they now invisible to the world? Of course not. Just go to a page like http://www.markkennedy06.com/Action/Register.htm and hit Escape when it starts loading. If you are quick enough, you will keep it from automatically forwarding to the WATB page, and you can clearly see that the contents are still there, still open, still available to the public. Like I posted elsewhere, Mark Kennedy has done with his website the equivalent of throwing a sheet over a couch and saying "Look! The couch is gone!" Pretty impressive and secure...against infants.

But Republicans are still going to act all high and mighty and lie knowing full well the truth, hoping that the public will be ignorant enough about HTML and META REFRESH tags and the like to buy it hook, line, and sinker. The Klobuchar campaign, in my opinion, handled this case in a way far and above how they had to. Kennedy, meanwhile, is going to try to milk this non-scandal for all the slime he can.

There are times when principled Republicans are right about certain issues. And there are times like these when Republicans will do anything, up to and including blatant lying, to get their way. Sadly, the latter happens much more frequently now than the former.

0 Comments:

Post a Comment

<< Home