Posted on 09/13/2006 7:33:46 PM PDT by NormsRevenge
SACRAMENTO
A Los Angeles talk radio station said it used the same procedure to access a private part of the governor's Web site that his Democratic rival's campaign used to embarrass him last week with a leaked recording.
"We've been hacking them for years, if this is hacking," Jason Nathanson, a former producer for the Jon Ziegler show on KFI 640-AM in Los Angeles, said on the show Tuesday night.
State Treasurer Phil Angelides' campaign manager acknowledged Tuesday that two staffers leaked a recording of the governor bantering in his office with his staff to the Los Angeles Times. The governor apologized for remarks he made about a Hispanic female legislator after the Times story appeared.
The governor's campaign has accused the Angelides campaign of unethical behavior for downloading the recording and leaking it to the Times, and the governor's office has referred the matter to the California Highway Patrol for investigation.
Angelides has yet to comment on the leak, which has put his campaign on the defensive. His campaign pointed out Tuesday's KFI program to The Associated Press.
Angelides' spokeswoman, Amanda Crumley, said the program supports the campaign's claim that Schwarzenegger's office itself is to blame for putting up private recordings on their own Web site.
"It further undermines their wild accusations in this whole matter," she said. "The Schwarzenegger campaign made an error, and now they're trying to cover that up."
Ziegler, a harsh conservative critic of the governor and also of Angelides, said he thought it was legitimate for his station to use the recordings because they were so readily available on the governor's public Web site.
"This was all extremely public," he said in an interview Wednesday with the AP. "We just happened to find it."
Ziegler said on the show that he used recordings made by the governor's office of interviews that other news organizations had done with Schwarzenegger and that were "not publicly disseminated."
Nathanson said he stumbled on the audio files while trying to find a link the governor's press office had sent him.
"I typed in a few numbers wrong and I got a whole list of all the governor's speeches, interviews, all the public things that he's been doing for years," Nathanson said on Tuesday's show. "And there's a whole directory that they had on their site, and it was public. It wasn't private. There was no password needed. There was nothing protected."
Nathanson said that when the Angelides campaign explained Tuesday how its staffers downloaded the leaked recording from the governor's Web site, he realized he had been doing the same thing.
"It's the same exact Web site that we used to use," he said, although he added that he never found a recording of a private conversation in the governor's office like the one the Angelides campaign leaked.
The governor's legal secretary, Andrea Hoch, said in a statement that the leaked file and others that were downloaded by the Angelides campaign were stored "in a password protected area" of the governor's computer network. However, the statement does not say a password was needed to access the files that Nathanson and the Angelides campaign found. She also does not refer to hacking.
The governor's spokesman, Adam Mendelsohn, maintains that anyone who strayed into the private area of the Web site should have received a pop-up warning saying it was restricted to authorized users.
"This is a private Web site that is not intended for public use," Mendelsohn said Wednesday. "Any attempts to manipulate the information to access private files is a violation of the security protocols."
But Ziegler said he never saw any pop-ups.
"There were no passwords; there were no scary warnings nothing remotely like that," he said in an interview.
Mendelsohn said he wasn't aware of the radio station making use of the private recordings.
Lee Tien, a senior staff attorney for the Electronic Frontier Foundation, said he did not think there were any cases yet to decide whether chopping off a Web address, as both the Angelides campaign and Nathanson did, is illegal.
But he said he doubted it would be because it is so commonly done.
"Basically, you're just messing with the URL that you're putting into your browser," he said. "It's hard to see how that could be unauthorized access."
In the words of the immortal Casey Stengel...can't anyone here play this game?
Uh-oh. Will the CHP investigate? Will their be criminal charges? Inquiring minds want to know!
Watch out, Ponch and John will be investigating why Arnold would leave such a stupid clip embedded on his website.
I think their investigation is already attempting to quietly disappear.
so they are playing with the urls to get to the information...
still doest mean it is for public dissemination
Exactly right. What the KFI and Angelides people are saying, effectively, is this: If I find your credit card in a public bathroom, it's okay if I use it to buy things.
"so they are playing with the urls to get to the information...
still doest mean it is for public dissemination
"
No. What it means is that whoever is in charge of that server is an idiot. Most savvy internet users know that they can truncate URL's to find stuff. I've done it hundreds of times. I rarely find anything not intended for public consumption, but sometimes things turn up.
It's very poor security practice to leave directory listing available to the casual browser, yet millions of web sites don't hide their directory indices.
Go to Google, then search for ["index of" parent] (leave off the brackets]. This will show you a list of millions of unprotected directory indices. By refining this search, you can narrow things down to just directories with jpeg files in them, or videos or just about anything else you care to find.
It's not hard to protect your site from this kind of nonsense, but it's often forgotten by web designers, particularly young, stupid web designers.
I won't tell you how to go any further with this technique, but I will say that there is much of interest on the student sites at most universities. These dumb-butt kids store all sorts of things on their "private" sites on the University servers.
People like political candidates should hire professional webmasters to create and manage their websites. Sadly, all to many use some college-age web geek to do it. Security goes out the window.
Being anti-Arnold is his schtick.
It gets very old.
No more calls, we have a winner.
Interesting analogy.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.