Lieberman and spam, 2006

Spamvertized

Thursday, August 10. 2006

Lieberman and spam, 2006

Not quite the same thing as the 2004 incident; in fact, this is only tangentially related to the true purpose of the site, but it involves both spam and politics, so I'll post on it.
First, read this article on TPM Muckracker; for the record, I find Hubbell's explanations to be reasonably believeable. In otherwords, on the surface, Lieberman's site went down because in a remarkable coincidence, spammers found a vulnerability and overloaded it on the eve of the election.
So what was really going on? Well, the technical basis for this is that when you code up a web form, it is absolutely crucial that you validate the input that the users type into the fields. Entering well crafted, hostile data into a form is a standard trick of spammers and crackers; it's also how SQL injection attacks are done, for example. If you have, say, a web form that turns around and sends an email, an attacker could in theory jam an entire email header into the "your email address" box on the form and coerce the server's mail subsystem into doing something other than what it should. Is this common? It sure is, spammers try it all the time. Does it work? Whenever a naive developer deploys a vulnerable web form, sure, it can work. The spammer needs to show some restraint; as with any parasite, if the host is killed, the infestation is not really a success.
So then, in this scenario, a spammer found a vulnerable form on the Lieberman 2006 web site, and started injecting spam. They did not show restraint, and overwhelmed the system. It'd take an inept spammer (but then, there are plenty of those, too.)
But there is an alternative explanation which is also consistent with these facts. Someone looking to take Lieberman's site down who found the botched form might have put on a spammer disguise and launched a well timed attack.
Which do I think is true? I honestly don't have a clue; I don't have nearly enough information on what happened. I'll be looking forward to hearing more about this.
Posted by Richard Welty in General at 09:35 | Comments (0) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
 

Got spam?

If it's political spam, send the complete message (including all headers) to Richard Welty along with an explanation of any relevant circumstances.

Calendar

Back May '13
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Quicksearch

Archives

May 2013
April 2013
March 2013
Recent...
Older...

Categories

Resources


Error on line 135 of /web2/spamvertized/bundled-libs/Onyx/RSS.php: The specified file could not be opened. (#404)

Blogroll


Error on line 135 of /web2/spamvertized/bundled-libs/Onyx/RSS.php: The specified file could not be opened. (#404)

Syndicate This Blog

Creative Commons

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

Powered by

Serendipity PHP Weblog

Top Referrers

spamvertized.org (2139)
www.google.com (229)
www.southfloridacondos.org (184)
casinoguideblog.com (158)
google.com (124)
aimtrust.com (88)
www.florida-condos.org (86)
allbestcasino.com (78)
redhatcasino.com (71)
www.yourstarz.com (47)

Blog Administration

Open login screen