This morning, I received another unsolicited e-mail newsletter from the Ralph Reed for Lt. Governor campaign. So, I wrote a brief reply to info@ralphreed.com that included a link to the post on my web site where I chastized it for adding my e-mail address to the list without permission. A few hours later, I looked in my Statcounter and saw a hit from the mail.ralphreed.com domain. I clicked the link, and to my shock found that I had full access to the campaign’s e-mail (from the info@ralphreed.com address, anyway). I assume I was granted access because a non-expired session ID was in the URL, but that still is an unacceptably low level of security. Screen shots of messages I read while surfing through the Reed campaign e-mail are listed below, with the mailers’ personal information blurred out.
There was no vandalism on my part here. I simply clicked a link that showed up in my web site stats. They need to tighten up the security on that server. Gosh knows what would have happened if someone malicious had gotten on there and stolen people’s personal information, especially since the Reed campaign is just going around adding people’s names to their list without their permission.
Perhaps personal information has already been stolen by someone with malicious intent. It’s not like they’d report it, or even would have a way to know it was stolen, given the incompetence obviously involved if their mail servers are this insecure. I encourage you to send an e-mail to info@ralphreed.com as well as to all the bloggers and newspapers you know asking how this was allowed to happen.
Can someone who can’t even run an e-mail server preside over the state Senate?
WOW! that’s friggin’ awesome!
what else did you read? huh? huh? what else?
Amazing! C’mon, you didn’t find anything incriminating? You can tell us if you did!
When I first opened the page, there were about 650 messages on the server (most of them were automated “this e-mail address bounced” messages). But I saw my own reply to the mailing list message and at least six or eight others. There didn’t appear to be anything particularly juicy on there. Before the server kicked me off, someone had deleted all the messages but two and moved those two into a “Keep” folder. The important thing is all those people’s personal information was in the open, unprotected.
Wow…the incompetance of the elected body never fails to disappoint. Wouldn’t a simple firewall fix that? (I’m not a tech person)
*D*
I’d kill for that email list. I’ve got a function next week where Casey Cagle is speaking and it might be interesting to invite all the Reed supports.
By the way, did you get Newt’s email?
Diana, no, simply securing the web server would, though. Incompetence is right. Yeesh.