So I surf on over to The UpTake this afternoon to see if the winter storm we got last night will make it hard for Franken’s witnesses to make it to the courtroom today — the Franken team won’t rest now until tomorrow because of the danged storm — and this greets me at the front page:
The short story: The Coleman campaign claimed about six weeks ago that his website was allegedly crashed by thousands of people looking to see if their absentee ballots were on Norm’s list of rejected absentee ballots. Local blogger MNPublius showed evidence indicating that Norm’s people may have ‘crashed’ their own site by hiding it for a period of time so they could blame the disappearance on being overwhelmed by visitors. IT security consultant Adria Richards decided to investigate the situation — and found a security nightmare:
I had to see what all the fuss was about. Was there really an attempt to bring down the website due to political unrest with these ballots in my state? Were the allegations of a poorly coded website true?
What I got instead was a plain text listing of directories…
The Database of Norm Coleman
That’s right: She stumbled upon Norm Coleman’s donor database. Complete with credit-card information, home addresses, and phone numbers.
Even worse: Ms. Richards found that she could freely access a page that allowed for the creation of database administrators.
Now, this was back in late January. She made this public in late January. The Minnesota Independent wrote this up in late January. She warned the Coleman people to fix their flippin’ website and secure it in late January.
They didn’t fix their flippin’ website, and now they’re blaming ‘hackers’ and telling their donors to cancel their credit cards because the donor information they failed to secure, even after being warned over a month ago to do so, is now being posted at Wikileaks. (In case you’re wondering, the Donatelli Group, which does the websites for several dozen Republican candidates — as well as Joe Lieberman — and has ties to the Swift Boat movement, was in charge of keeping track of the Coleman donations according to The UpTake’s Noah Kunin on the liveblog this afternoon.)
[UPDATE : Norm could be in serious legal hot water over this. Neglecting to fix a known vulnerability on a site charged with securing credit-card data is a big, big no-no.]