Feeds

back to article US Dems fill inboxes with 419 scams

Scammers pumping out emails that try to trick recipients into parting with large sums of cash are getting a helping hand from the Democratic National Committee. According to a researcher with anti-spam company Cloudmark, 419 fraudsters have been relaying a "significant" amount of messages through the democrats.org domain name. …

COMMENTS

This topic is closed for new posts.
Paris Hilton

How can anyone be so stupid?

Oh wait, it's an American site.

Paris, even she wouldn't be so stupid, thus proving that blond bimbo's are smarter than your average politico.

0
0
Grenade

Go Figure...

The Dems have been held to such a low level of accountability for so long it was bound to happen. "Hand grenade" because everything blows up sooner or later. Besides, as an EVIL corporation, its your ISP's fault for not working harder to protect you from these things.

0
0
FAIL

Politicians with intelligence?

What do you expect? Politicians don't have any brains, and political parties don't have any thoughts.

0
0
Dead Vulture

Just to be pinickity

I don't often comment, however this article got to me. Was it the subject matter? Was it the journalist's understanding that no email should ever be sent through another email system, even if a CAPTCHA (that is completely breakable) is used without some form of safeguard? No, it was neither of these things, it was the blatant attack on PHP that I found offensive.

How did the journalist come to the conclusion that the form in question causing the problem was PHP and this required talking about? Was it an assumption because much of the site was written in PHP? Would the article have struggled to hit the wordcount if it wasn't PHP?

From my cursory glance at the website this seems to be a badly put together front end* where every link that points to a definite PHP element refers to it with the extension .php. As the form doesn't reference a script with this attribute then we can't assume that the script in question is PHP, it may have been something the site designer inherited in a different language, does this make it excusable? No.

If the site designer chose to add this 'feature' to the site then please with all journalistic endeavour illustrate this as the issue, don't blame the language that the developer used for this site embellishment as the issue.

There is the possibility that the form used on the website is referencing something in the backend written in C, Perl or even ASP, no matter how unlikely, and ultimately that the fault lies not with the programming language but with the BAD THOUGHT PROCESS BEHIND THE FORM. No matter what language, or the addition of a CAPTCHA , are going to stop miscreants from misusing such a system, to think so is naïve! Quite frankly, this sort of form is a bad idea, it should not be allowed on a public site.

To compound my point, HTML is inherently accessible, most user-agents can understand the DTD and alongside the educated use of elements and attributes that the W3C and WCAG have created guidelines for, that they should be almost automatic for most developers. In the case of this site, the accessibility levels fail quite dramatically, yet you wouldn't catch me writing an article saying that a site, written in HTML has caused a failure in accessibility, no its a problem with the developer writing the site NOT the choice of language.

I'm definitely not excusing the lacklustre creation of the website, the skipping of basic security methodology and especially not the front end coding which is, quite frankly, dreadful, however I do take offence when a journalist takes a thinly veiled swipe at a programming/scripting language because someone has done something stupid, just to fuel their own personal dislike or to start a flame war.

* If any website should comply with accessibility guidelines (and that's all of them by the way) it is that of a major government party and it should never, never use table for layout purposes, let alone not associate labels with form controls. There is also the issue of the page not working correctly with JavaScript disabled, an advertisement for unobtrusive JavaScript if there ever has been one, I could go on...

0
0
Linux

At least Spammers know how to spell a name!

Got to love how spammers are able to spell Somalian name!

U in English normally essential after a q. It was added to the name of Nunavut’s capital, changing it from Iqaluit to Iqualuit, in a press release by Prime Minister’s staff.

As any Canadian would know by now that name of Nunavut’s capital, Iqaluit, means many fish in Inuktitut. However, when that extra u is tacked on after the q, the meaning suddenly changes to “people with unwiped bums,”. Just google "unwiped" in the news section!

I suggest that Canadian politicians hire these spammers, and so they wouldn’t have worry about offending our northern brothers, and with a single stroke they can solve the world leading spam crisis.

0
0
FAIL

Not surprising

For what it's worth, my observation of my friends and acquaintances[*] leads me to believe that Democrats don't put much emphasis on either security or preventing crime in general, nor on punishing criminals afterwards (the modern American "catch-and-release" revolving-door judicial system). One could speculate for years on exactly why that's the case, but I won't do that here :)

I read something the other day (can't remember where it was), where some British person had got the two main American political parties mixed up - he said:

"Tell me again, which party is the evil one, and which party is the stupid one?"

That seems to sum it up pretty good ;)

(For those who don't know, it's the Republicans that are evil ;) and the Democrats that are stupid ;) )

All of 'em can be extremely annoying and hard to reason with, at times.

* The aforementioned friends and acquaintances consist of a fairly even mix of Democrats, Republicans, Libertarians, Independents, etc.

0
0
FAIL

@G_mannings

Yeah, its PHP and the folders are browsable too.

hang on, I may have to buy some stilts your damn horse is so high, I dont think you can here me,

Shave your beard, step away from the kool-aid, mamas basement is not the only home you'll ever have

0
0
Bronze badge

I'm from the government and I'm here to help you

A typical response. Maybe they should have written a law forbidding it, and then not enforce it at all. That is the typical way it is done.

0
0
Unhappy

Wow, this brought 'em out...

...we've got the anti-American zealots, the language zealots, the anti-government zealots, and the anti-democrat zealots. Any chance we can get a mac vs. pc angle on this, and make it a full set?

0
0
Silver badge
Grenade

Don't believe it

Not many could be fooled by these scams. There aren't perhaps but 4 people, rational ones anyway, who would actually open any message from or routed through the domain of any political party. If I could be on a "do not call" list that included political parties, I'd do it in a heartbeat. Come election season, the political pushers become bigger pests than cockroaches in Miami, pity you can't treat them the same way.

The only appropriate icon for the two party political cartel. "O Lord, bless this thy hand grenade, that with it thou mayst blow thine enemies to tiny bits, in thy mercy."

0
0
FAIL

The php page is doing it's job

Collecting email addresses with which to market the Dem's political agenda. The 419ers are simply saving the Dem's from having to buy email lists.

0
0
Pint

@g_mannings

I was rather impressed with this post. I must admit that I thought the article was about bad design, not a criticism of PHP but clearly given the length of g's post I must have been wrong.

Can we have a bucket of water icon to douse the flames? The only alternative seems to be a waste of good beer.

0
0

@g_mannings

Sent myself a quick test mail from the page in question. From the headers:

Received: from web1.dnc.org (web1.dnc.org [192.168.10.71]) by mailservices.democrats.org (Postfix) with ESMTP id 6EAB912E47B for <me>; Mon, 31 Aug 2009 11:17:11 -0400 (EDT)

Received: by web1.dnc.org (Postfix, from userid 30) id 4F7C1482BD; Mon, 31 Aug

2009 11:17:11 -0400 (EDT)

Received: from phpmailer ([192.168.10.24]) by www.democrats.org with HTTP

(PHPMailer); Mon, 31 Aug 2009 11:17:11 -0400

Sorry, but it does indeed look like the venerable and frewuently-exploited PHPMailer is at work here. I know that the exploitable nature of the page itself isn't helping, but few (if any) security problems have been improved by the addition of PHP.

0
0
Grenade

Glad to know...

that the Republican and Democrat network admins are both equally incompetent. Says a lot about the state of politics over here. Fighting Bush fires and Obamarama since 1984.

0
0
Silver badge

Their response?

They've added a CAPTCHA displaying a true ignorance of the problem at hand, FFS

0
0
This topic is closed for new posts.