Posted on 09/12/2006 5:15:39 PM PDT by ARealMothersSonForever
ROFL! We've gone from criminal hacking to "snooping." Manipulation? Like manually changing a URL, perhaps? I wonder what the penalty is for "snooping" and manipulation is. You can bet that every campaign snoops every inch of their opponents website. If you don't want something accessed, don't put it on the internet!
What does that mean?
Does it mean using a userid/pass not issued to that IP.
Does it mean using the backspace key in the address bar to reach the parent folder?
Does it mean using a VMware server to lift out the whole virtual folder that contained the private audio files?
Few know but that's the point.
When the parties are known, vague language is usually employed to prevent embarrassment.
Tell you what. Go to ANY .gov, .mil, .edu, or .org website and launch a customized metacrawler on every accessable port. Please let us all know how it works out for you.
http://searchsqlserver.techtarget.com/tip/1,289483,sid87_gci1187282,00.html
These tools are ONLY legal on servers that you own or have administrative right to.
It usually means a Meta-exploit:
http://searchsqlserver.techtarget.com/tip/1,289483,sid87_gci1159718_tax301336,00.html?adg=301324&bucket=ETA
"I did not know that we were compromising the security" is not a valid excuse. Either the State of California hires dolts for network security, or someone actively compromised security. That simple.
That's my guess. They said they downloaded hours of audio.
Not an unreasonable point but the server was private. Not withstanding ownership, campaign speak is treated quite differently than common communication.
As was just pointed out, if you want to enforce privacy, don't put the data on a campaign file server and certainly don't allow access to that server from a WAN or even from the campaign's LAN.
If those transcripts had been printed they would have been in a locked cabinet, inside the office of a trusted staffer. Instead they were located on a utility machine, simultaneously serving the needs of the campaign's LAN and a public WAN.
(snip)
http://www.camajorityreport.com/?p=760
As previously reported by CMR, the information was obtained on Governor Schwarzenegger’s public website. While the Governor’s page no longer allows this, users could previously search a backend directory listing that showed every file on the public server, even files not linked to the main page. The tape could have been obtained in this way, and it required neither access to "a password protected area" nor an "illegal hack."
You got a link? < :-}0
The implication of government infrastructure and multiple layers of security, both electronic and physical, obviously isn't the case.
1 ) A public figure has stepped forward and admitted the transfer and divulged the path to that file to investigators.
2) The file was apparently accessed through a non government, campaign URL, via a public WAN.
Go here
Access the "MEDIA CENTER" menu. Top right.
Access "Audio" from the drop down. Third down.
In your browser's address bar, backspace to "apps" and press enter.
The server now returns: This Virtual Directory does not allow contents to be listed.
Want to bet it didn't before the logs were reviewed.
According to this article, this was not simply a file that was available but you needed to know the URL, this was supposed to have been a password-protected file.
That's much more serious.
Turns out that you are absolutely correct. Just when conservatives try to come out and say that the GOP is not the party of S T U P I D, somebody comes along and displays this kind of ineptitude. Not calling Schwarzenegger a conservative, mind you.
Who said it was a password protected file?
Here's a guess: The file wasn't protected but the path to it from the campaign's new LAN through the LAN's O/S (probably MS) was.
An office manger wouldn't know the difference. All she knew is that from her MS workstation, a password was required to access the file stored in the new, hybrid network. She probably couldn't name the parent folder or explain the role of virtualization in network administration.
That's too detailed for me to follow and certainly for the general public.
Certainly I know that if you can guess the URL, you can see anything. Just on a political level, it seems that the Dems had to do a lot of work to get to this file -- password or not. That smells of desperation and dirtytricksism.
Even if it were password-protected, I doubt a real prosecution would be valuable for anyone.
I doubt if they used or needed any sort of password - My guess would be that they noticed the files available on the website were numbered, for example 1.wav 2.wav 3.wav etc.
When some worker noticed that 457.wav 458.wav and 460.wav were available, but 459.wav was NOT, they simply put in that address and the file popped up.
Stupid webmaster putting files on the web server that should not be there...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.