E-Mail Security Flap in Nevada Governor's Office

This is classic... according to Declan McCullagh of the Politech mailing list & CNET News, someone in the Nevada governor's office I'll only assume accidentally posted the password to the official Governor's email list and Outlook account password on the gubernatorial web site via a MS Word document that instructed aides on how to send out weekly email updates.

The current Governor, Jim Gibbons, a Republican, must not have much in terms of tech-savvy staff since (this is my favorite part) the password on the account was 'kennyc', the name of the former Republican governor, Kenny C. Guinn. (Note: the old password was weak, let alone the fact that it's how old?)

The full story details the instructional document and a few additional related facts. As Declan notes, it's possible that there's a firewall or some sort of security above and beyond the password "protection" in their system, so had someone attempted to use that password from the outside to hack in, it may not have worked... we can only assume they've changed it by now having heard about this post. Still, this is one of the most embarrassing political computer security stories I've ever heard.

...
Originally posted at sairy.com, the personal blog of FutureCampaigns founder, Sarah Granger.

Angelides Site Gone - Error Messages Look Fishy

Hmm. Goto angelides.com. See what you find.

As I type this, it's not there. (Although it may be back up again by the time most people read this post.) Went bye-bye at least 2 hours ago when I checked it last.

Three reasons it could go poof:
1) They ran out of money and the ISP pulled the plug (doubtful)
2) They got hacked (possible)
3) The site crashed because of more traffic than expected (most likely)

What's really strange is that the page gives an error with a misspelling, so it's an error that was individually crafted for use on the site, not a generic server error. It says: "Sorry, the requested page was not found. Please try again. Original URI: /" It's not written like a typical error message and they misspelled URL. I don't get it.

I'm not an expert in web programming, but I have to say it looks like from the HTML that this page was deliberately put there and I have to say based on that, I'm leaning toward thinking it was hacked (DOS - Denial Of Service - attack). It just doesn't feel to me like an authentic error page unless someone in the campaign mocked it up on a different machine when the site crashed as a temporary measure.

A few months back, the same thing happened to Lieberman's site and I didn't witness it, but I know he threatened legal action thinking it was a hacker although I assumed at the time it was more likely the server couldn't handle the load. (I also didn't see the site during the outage). In this case, I'm not so sure.

...
Originally posted at sairy.com, the personal blog of FutureCampaigns founder, Sarah Granger.

Errors Reported in E-Voting Machines Across the Country

It's started. The reports are coming in - errors in many kinds of electronic voting machines around the country are occurring and they're major. VotersUnite.org has a great Election Problem Log page where they report any problem noted in the media.

Florida, Kentucky, Ohio, Texas, California, Indiana, Kansas, New Mexico, South Carolina, Tennessee, Colorado, Illinois, Pennsylvania, Arkansas, Washington, Michigan, Maryland, Virginia and Nevada have all reported errors so far.

Do what you can - request a paper ballot.

And check out HBO's documentary, "Hacking Democracy" airing Tuesday.

...
Originally posted at sairy.com, the personal blog of FutureCampaigns founder, Sarah Granger.