Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spammers Use Holes In Democrats.org Security

Soulskill posted about 5 years ago | from the hello-sir-madam dept.

United States 129

Attila Dimedici writes "According to Cloudmark, 419 spammers are using the democrats.org website to relay email and bypass spam filters. 'The abuse, which dates back at least to the beginning of this month, helps evade filters that internet service providers employ to block the messages. ... The messages were sent courtesy of this page, which allows anyone with an internet connection to send emails. The PHP script employs no CAPTCHA or other measure to help ensure there is a real human being behind each email that gets funneled through the service. The service allows messages to be sent to 10 addresses at a time and even provides a way for people to import contacts they have stored in their address book.'"

cancel ×

129 comments

Sorry! There are no comments related to the filter you selected.

What's New? (-1, Troll)

Anonymous Coward | about 5 years ago | (#29251005)

Not surprising as the democrats feel there is no need for any sort of security at all.

Re:What's New? (-1, Flamebait)

Runaway1956 (1322357) | about 5 years ago | (#29251571)

http://www.democrats.org/page/s/techproblems [democrats.org]

Spam the shit out of their inbox, and tell them they look like a bunch of douches. I did. 50 million emails should be enough for the densest of democrats, so get started. Of course, they are all engrossed with the memorials for the rat bastard from MessyTwoShits who dropped dead recently - the one who murdered his pregnant girl friend. It may take a few days before they get back to business.

Liberals. (-1, Troll)

Anonymous Coward | about 5 years ago | (#29251009)

Further proof that liberals are dumb.

Re:Liberals. (-1, Offtopic)

Anonymous Coward | about 5 years ago | (#29251053)

Further proof that liberals are dumb.

If only the woman made from a rib hadn't listened to the talking snake maybe there would be less dumb people in the world ...

Re:Liberals. (2, Insightful)

Anonymous Coward | about 5 years ago | (#29253457)

Maybe you see these problems on the democratic domain, because the conservatives in this country are still trying to figure out what the internet is.

http://www.huffingtonpost.com/2008/06/11/mccain-admits-he-doesnt-k_n_106478.html [huffingtonpost.com]

http://www.youtube.com/watch?v=f99PcP0aFNE [youtube.com]

Re:Liberals. (-1, Flamebait)

Anonymous Coward | about 5 years ago | (#29256433)

If they can't run a website, they sure as hell can't run health care.

Are you illin in the panicillin? (-1, Flamebait)

Anonymous Coward | about 5 years ago | (#29251025)

Is she illin in the panicillin?
Is she chillin in the panicillin?
Is she stealin in the panicillin?
Is she feelin in the panicillin?

Panka panka

Is she liable no suitifiable pliable style is so suitifiable
Is she liable no suitifiable im not on trial but its suitifiable
Is she reliable no suitifiable not just viable but real suitifiable
Is she try-able no suitifiable lying in the aisle im real suitifiable

Is she spillin in the panicillin?
Is she squealin in the panicillin?
Is she feelin in the panicillin?
Is she trillin in the panicillin?

Panka panka

Is it libel? no suitifiable pliable style is so suitifiable
Is it a style? no suitifiable im not on trial but its suitifiable
Is it a mile? no suitifiable not just viable but real suitifiable
Is it wild? no suitifiable lying in the aisle im real suitifiable

419 scams? (-1, Troll)

Salo2112 (628590) | about 5 years ago | (#29251027)

I thought they passed that number within days of Zero's inauguration.

OK, come on (1, Funny)

damn_registrars (1103043) | about 5 years ago | (#29251037)

Someone please tell us how this problem with the democrats.org website must clearly be related to the impending socialist takeover of schools and soda machines. Certainly this is how Marxism takes root, by allowing 419 emails to propagate, right?

Re:OK, come on (2, Funny)

Nidi62 (1525137) | about 5 years ago | (#29251109)

If Democrats cant even design their website to keep people out or prevent people from doing whatever they want in it, how are they going to keep pedophiles out of our schools? Think of the children!

Re:OK, come on (0, Troll)

Dersaidin (954402) | about 5 years ago | (#29251151)

But don't think of the children if *your* the pedophile.

Re:OK, come on (1, Funny)

Anonymous Coward | about 5 years ago | (#29251187)

Modded you Troll because you can't spell "you're".
 
Furthermore, that joke is old.

Re:OK, come on (0)

Anonymous Coward | about 5 years ago | (#29251767)

This is the first time I've posted here (been lurking for a while), but you finally drove me to comment.

Modded you Troll because you can't spell "you're".

I love you.

Re:OK, come on (-1, Troll)

commodore64_love (1445365) | about 5 years ago | (#29251179)

You're being facetious, but the government-run system really is a mess. I tried to file my biweekly claim for unemployment and it told me it's "inactive". Then I followed the instructions to reactivate it, and I was told I was ineligible because I haven't worked these last six months. Well of course I haven't worked. That's why I was on unemployment! So apparently I'm just supposed to drift without income. Is this the so-called "government compassion" the Democrats / progressives/ leftists propagandize about?

Stupid, stupid government.

I think when I finally get back to work (probably January when managers get new budgets and fresh money), I'm going to refuse to pay the Unemployment. Why should I pay for a program that doesn't help me out when I need it?

Re:OK, come on (-1, Offtopic)

Anonymous Coward | about 5 years ago | (#29251217)

because I haven't worked these last six months. Well of course I haven't worked. That's why I was on unemployment! So apparently I'm just supposed to drift without income. Is this the so-called "government compassion" the Democrats / progressives/ leftists propagandize about?

Get a job you smelly bum

Signed,
The Republicans who cut entitlements so that people wouldn't become lazy and start living on the unemployment dole.

Re:OK, come on (-1, Offtopic)

commodore64_love (1445365) | about 5 years ago | (#29251281)

Don't blame the Republicans - it's the Democrats who are in charge. They SAID they extended benefits to 1.5 years, but apparently that's not true.

Re:OK, come on (4, Insightful)

UltraAyla (828879) | about 5 years ago | (#29251279)

My goodness. I believe the reason you can't collect benefits is because most states only provide unemployment insurance for 6 months after the termination of employment. That might not be entirely correct, but it's some period of time. Secondly, The "government compassion" you're whining about was actually doubled in the stimulus bill. The bill vastly expanded unemployment benefits both in terms of length of time, amount of money provided, and tax breaks for the unemployed. See http://employeeissues.com/blog/arra-unemployment-assistance/ [employeeissues.com]

There's your frickin' government compassion. And now you want to refuse to pay into it? Conservatives who utilize government services then complain about how they shouldn't exist at all kill me. Either advocate for smaller government OR take the benefits. Don't do both. I just can't believe it. This is the type of crap that brings our country down.

Re:OK, come on (0, Troll)

commodore64_love (1445365) | about 5 years ago | (#29251343)

>>>And now you want to refuse to pay into it?

Why should I pay for a program that claims I'm ineligible to receive benefits? That's like being forced to pay Microsoft for Windows 7, but they never bother to send it to me.

And also you're confusing Republicans with Libertarians. The "L" party supports repealing everything, but the R party supports safety-net style programs such as Welfare, Food Stamps, Unemployment, SCHIP, et cetera.

And finally - you missed the point.

If I can't even get an unemployment check, how am I supposed to get help if I have breast cancer? If that govt program runs like the unemployment program, then I'll fill-out a lengthy time-consuming form just to be told I'm "ineligible" for help. Government-run monopolies are crap. Look at the bankrupt post office and amtrak for obvious examples.

Re:OK, come on (1)

UltraAyla (828879) | about 5 years ago | (#29251415)

Why should I pay for a program that claims I'm ineligible to receive benefits? That's like being forced to pay Microsoft for Windows 7, but they never bother to send it to me.

You could have received benefits (and it sounds like you did) during the period of time after termination of work that the government is financially able to help you. That period is now over. It's not a flaw in the program - if more money is paid into the program, they can fund more people for longer. Many people contend it's short in order to force people back into the workforce - that doesn't work as well in a recession, which is why the benefits were extended in February. It's simple.

And also you're confusing Republicans with Libertarians. The "L" party supports repealing everything, but the R party supports safety-net style programs such as Welfare, Food Stamps, Unemployment, SCHIP, et cetera.

I never said Republicans. I said conservatives. You're talking about fiscal conservativism, which both Republicans and Libertarians generally subscribe to. I know plenty of Republicans, and even a few Libertarians, that support these programs.

If I can't even get an unemployment check, how am I supposed to get help if I have breast cancer? If that govt program runs like the unemployment program, then I'll fill-out a lengthy time-consuming form just to be told I'm "ineligible" for help. Government-run monopolies are crap. Look at the bankrupt post office and amtrak for obvious examples.

Damn it, we're not talking about healthcare right now. I'm not trying to prove to you that big government and a public option are better. All I'm saying is don't use a program then whine about how it expired and refuse to pay into it. It's hypocritical asshattery. If you want to say smaller government is better, then fine. I disagree but won't argue with you on that since it's a deeply rooted ideology for us both that won't change in a slashdot discussion and because it's not the discussion we were having.

Re:OK, come on (-1, Flamebait)

commodore64_love (1445365) | about 5 years ago | (#29251481)

>>>That period is now over.

I only received four months (April, May, June, July). Unemployment benefits are supposed to last longer than that you stupid twit.

Re:OK, come on (0, Flamebait)

greentshirt (1308037) | about 5 years ago | (#29252111)

Because youre lazy ass didn't apply in time. Do you want the government to change your diaper too, reject? Dumb right wing retard... I hope you don't make children, but the dumb ones always do.

Re:OK, come on (1)

greentshirt (1308037) | about 5 years ago | (#29252133)

And before you ignore everything else and jump on the typo, your* Dolt.

Re:OK, come on (1)

foniksonik (573572) | about 5 years ago | (#29253523)

how long did you work at your last job? you may not have qualified for longer benefits. I went on unemployment about 5 years ago after a 4 year employment. I got 9 months of benefits. that was the maximum at the time. it was $1650 per month also the max at the time.

Re:OK, come on (0)

Anonymous Coward | about 5 years ago | (#29254059)

So, you are saying is that I should pay for it and then not use it? That sounds even worse than use it and complain about it to me. I was always told to never look a gift horse in the mouth too, so in the same situation I would probably use it even if I hadn't paid into it. Whether I use it or not has no bearing to whether or not its a good idea. It wouldn't even make me a hypocrite. If I told people not to use it, then I used it I would be a hypocrite. If I tell everyone its a bad idea then I use it, worst case is that it could be used as an point against my argument that its a bad idea.

Re:OK, come on (0)

Anonymous Coward | about 5 years ago | (#29256771)

So, you are saying is that I should pay for it and then not use it?

Why not? Microsofties post this many times per day on this site. You must be new here.

Re:OK, come on (0)

Anonymous Coward | about 5 years ago | (#29252611)

Okay, now how the fuck is this guy getting modded troll all over the place? Get your heads out of your asses, people.

"TROLL" IS NOT "I DISAGREE"

Re:OK, come on (0)

Anonymous Coward | about 5 years ago | (#29256501)

It is on Slashdot.

See, if you have no counter argument, but you have mod points, there ya go! Of course some mouth breathing, mother's basement dwelling Liberals just mod anything down that does not include a tribute to The One, The Uniter, The Barry!

Re:OK, come on (1)

GodfatherofSoul (174979) | about 5 years ago | (#29252633)

You want to understand the problem with conservatives? Craig T. Nelson's words sum it up perfectly:

"I've been on food stamps and welfare. Anybodyï help me out? No."

Re:OK, come on (0)

Anonymous Coward | about 5 years ago | (#29252921)

So, as a conservative who advocates for the end of a government service, I'll get some of my tax $ back because I don't use the service, right?

It won't be like I'm being forced to pay for something and then told not to use it just because I'd rather not pay in the first place.

Re:OK, come on (0, Troll)

Pax681 (1002592) | about 5 years ago | (#29251289)

hmmm whenever i think of you after reading your posts i quite often think of pictures like THIS [stonkin.eu]

a goaste link would have worked too. but that meant having to actually look at that bloody image again

Re:OK, come on (0)

Anonymous Coward | about 5 years ago | (#29251349)

It's an essential argument.

On the one hand, you have people who are in the middle and upper class. These people pay a significant portion of their income in taxes. They feel as if they are paying a lot more into a system than they are getting out of it. On the other hand, you have people who are in the lower and poverty class. They feel that they are doing the "shit jobs" which make the society work, and that they do it for crap amounts of money. They feel that the government should help them make ends meet.

On one side of the argument you have the cheaters.They are rich people who try (and succeed at) not paying "their fair share". They also are poor people who freeload off and abuse the system.

Then there's everyone else. Everyone else includes people with money (but not that much) trying to avoid having their property taken away from them (through taxation). They work hard, they try to make ends meet, and they just want to save some cash and live the american dream. You have people who are poor or without money that just want a helping hand so they can be productive members of society. They don't want to be dependant on on other people. With a little assistance, they can join working society and keep the gears turning.

Politicians pretend like they are all about "the everyone elses". You sound like you're in the everyone else group. They turn around and really fight for the cheaters. They either remove taxes on the rich and cut funding to programs for the poor, or they increase taxes and ignore system abusers. Neither side really works to make the system work better. They just work to stay in office. So you still have people who are either not getting enough use out of their publicly dedicated funds OR you have people who can't get the help that they need to be productive.

So, basically, what I am trying to say is this: Either way, the system sucks.

Re: You may not even pay for Unemployment (2, Informative)

InvisiBill (706958) | about 5 years ago | (#29253929)

I think when I finally get back to work (probably January when managers get new budgets and fresh money), I'm going to refuse to pay the Unemployment. Why should I pay for a program that doesn't help me out when I need it?

In Michigan at least, employees don't pay for unemployment insurance, the employers do. Yes, in the end, everything comes out of our pockets in some way (i.e. they could pay you higher wages if they didn't have to pay for your unemployment insurance). However, you don't pay x% of your paycheck every week into Unemployment.

Don't worry about schools (0, Offtopic)

davidwr (791652) | about 5 years ago | (#29251207)

If you ignore teen-on-teen sex, the number of times you see sex on K-12 school campuses is very small. The rare cases of teacher/student sex you see in the papers almost always happens off-campus.

A much better question is "how do I make sure my fiancee or his/her brother or father or uncle isn't a pedophile, and if he is, what am I going to do about it?"

Another very relevant question is "how do I make sure my kid's best friend's dad isn't a pedophile, and if he is, what am I going to do about it" or "how do I make sure my kid's teenage or adult babysitter isn't a pedophile, and if he or she is, what am I going to do about it?"

Remember: Police records only show those that have been caught - the smart ones don't get caught* - and they do NOT show all of those who received deferred adjudication or who were adjudicated as minors.

*The smart ones don't get caught unless they get unlucky. The very smart ones obey the law in the first place and aren't a concern.

--
Back to schools:

Schools do background checks on employees, volunteers, and vendors, and some even background-check regular visitors. Many schools escort visitors who are there for a pre-arranged visit. You will see random adults in the building on election day but they are usually confined to a small area of the campus and well monitored.

There is some risk during "Public School Day" or open houses or other times where the public is specifically invited into the building. However, most parolees and probationers who have a sex crime record know they aren't allowed in, and in some states registered sex offenders aren't allowed in schools at all without a specific reason, such as voting or visiting their kid's teacher. However, even this is negligible risk since kids are generally not at risk from abuse from adults they don't know well, even if that adult happens to be in a school building.

Some good news for worried parents:

Only about 0.1% of the population is on the sex-offender registry. At any given time, the number of people out there who are at risk to have sex with children or underaged teens is quite small. The odds of you bumping into one of them and that person taking an interest in your child is even smaller. The odds of the person getting very far with your child is smaller still, and is practically zero if you've taught your child how to say "no," run away, fight back, call for help, etc. AND it's well-known that your kid knows how to say "no" defend himself. Criminals generally won't take a chance if they know they will get caught.

Re:Don't worry about schools (0, Offtopic)

commodore64_love (1445365) | about 5 years ago | (#29251575)

With that kind of talk you'll never get elected to office. It's much more effective to use scare tactics like, "There are sex offenders everywhere and we must crack down. I'll make sure to enact new laws that give sex offenders lifelong sentences, such that they will be tracked by the government until the day they die!"

That's how you win votes.

I guess politicians should forget to mention taxes (1)

davidwr (791652) | about 5 years ago | (#29256243)

With every get-tough-on-crime speech are these unwritten words:

"And because prisons and tracking and feeding of ex-offenders who can't find jobs because employers are needlessly scared costs money, please support me in my efforts to raise your taxes."

Re:OK, come on (-1, Flamebait)

commodore64_love (1445365) | about 5 years ago | (#29251443)

You're being facetious, but the government-run system really is a mess. I tried to file my biweekly claim for unemployment and it told me it's "inactive". Then I followed the instructions to reactivate it, and I was told I was ineligible because I haven't worked these last six months. Well of course I haven't worked. That's why I was on unemployment! So apparently I'm just supposed to drift without income. Thanks Mr. Obama.

Stupid, stupid government.

I only got 3 months (April, May, June) - why am I being cutoff???

Re:OK, come on (0, Redundant)

commodore64_love (1445365) | about 5 years ago | (#29251509)

[correction] I only got [4] months (April, May, June, July) - why am I being cutoff??? It's supposed to last longer than that. A friend of mine received unemployment for 13 months and we both live within the same state.

Grrr.

Sorry. Obviously I'm very very angry right now. I was counting on that check carrying me until January and now suddenly it's stopped for no apparent reason. I paid $19,500 in taxes last year. I've done my part and now for the government to turn its back on me is completely unacceptable.

Re:OK, come on (3, Insightful)

Anonymous Coward | about 5 years ago | (#29252399)

Waiting 9 months until you might get a job back in January is a pretty shitty reason for not getting off your ass and finding another job. Heaven forbid you actually use unemployment as a bridge to finding new employment. No, you should be able to sit on your ass and collect it until the same people who laid you off decide that maybe they can afford you again for a short time? Come on.

Re:OK, come on (1)

Cstryon (793006) | about 5 years ago | (#29252905)

In his defense, I have been actively searching for a Job for 6 months, and only JUST scored one. My brother who is just as qualified as I am, can't get a job at McDonalds, because of this economic crisis you may have heard of.

I may not know the numbers, and I may not know why times are bad, but some of us experience it first hand.
    If I put a huge chunk of money into a pot, money that I can't choose to put in there or not, I better damn well be able to pull that money out for months at a time when no one will hire me.

Re:OK, come on (0, Troll)

michaelhood (667393) | about 5 years ago | (#29252773)

I paid $19,500 in taxes last year. I've done my part and now for the government to turn its back on me is completely unacceptable.

Um, income taxes aren't to fund unemployment.

Re:OK, come on (0, Troll)

funkatron (912521) | about 5 years ago | (#29251225)

At the very least this will give fox news some new material to work with. They need it after their recent run of substandard sketches about the NHS.

ha (1, Funny)

Anonymous Coward | about 5 years ago | (#29251041)

Spamocrats

Not really a hole, more like open barn door (5, Insightful)

HangingChad (677530) | about 5 years ago | (#29251061)

That wasn't so much a security hole as just bad programming. The equivalent of not merely leaving the barn door open, but designing the barn with no doors. Who thought that was a good plan? None of the developers spoke up and said, "Hey, this is a really bad idea!"

And, last I checked, the page was still up.

Re:Not really a hole, more like open barn door (-1, Troll)

Anonymous Coward | about 5 years ago | (#29251121)

Update:

democrats.org [goatse.fr] now redirects to goatse [goatse.fr] . Now there's a hole.

Re:Not really a hole, more like open barn door (0)

Anonymous Coward | about 5 years ago | (#29251185)

still is- if they didn't notice the spam traffic, they're not going to notice slashdot.

Re:Not really a hole, more like open barn door (1)

Dan541 (1032000) | about 5 years ago | (#29251293)

The page is up but not responding to well.

I'm sure some /.ers will be adding to the abuse.

Re:Not really a hole, more like open barn door (2, Informative)

UltraAyla (828879) | about 5 years ago | (#29251299)

Solution: Use the website to fill up the sysadmin's box with requests that s/he add a captcha - that'll do it for sure! Right? Right?

Re:Not really a hole, more like open barn door (0)

Anonymous Coward | about 5 years ago | (#29251331)

None of their devs are geeky enough to read /.

Re:Not really a hole, more like open barn door (1)

Barny (103770) | about 5 years ago | (#29251369)

Nah, its good programming. The design on the other hand, is another thing.

I bet lots of people complained. (3, Insightful)

khasim (1285) | about 5 years ago | (#29251485)

But somewhere in the line there was an executive/manager who said "there isn't a problem" or "spammers won't bother with us" or some such.

It's very difficult to explain a problem BEFORE it happens to someone who has a vested interest in not understanding the issue.

Re:Not really a hole, more like open barn door (0, Troll)

isa-kuruption (317695) | about 5 years ago | (#29251845)

An open barn door... is a hole in the wall. Therefore, it's a hole.

Stop trying to sugar coat the inability of Democrats to secure anything... our nation or their own mail server.

Re:Not really a hole, more like open barn door (2, Insightful)

ukyoCE (106879) | about 5 years ago | (#29251915)

Yeah. It's pretty standard for websites to allow e-mail to an arbitrary address. Every time you sign up for a website, they send an e-mail to an arbitrary address.

The difference is every other website sends a FORM LETTER to the address. Letting you type in a message (and especially making it the entirety or bulk of the e-mail) is what turned this into a stupid idea. Easy to fix too, if they just get rid of the "type your message here" box and do a form letter instead.

I warned them in 2006. (5, Informative)

Spazmania (174582) | about 5 years ago | (#29251923)

None of the developers spoke up and said, "Hey, this is a really bad idea!"

In point of fact, I spoke up. Loudly. And eventually resigned when the problems were not adequately addressed.

In August 2006 I wrote a white paper detailing the issues, including the "mail your friends" code that the invite URL falls under:

http://bill.herrin.us/composer.html [herrin.us]

In fairness, the director of technology at the time no longer works for the DNC. The current guy inherited the problem.

Re:I warned them in 2006. (1)

IamTheRealMike (537420) | about 5 years ago | (#29252861)

That's good page. However your definition of "spam" is not correct. Modern spam filters are trained based on what users report. Thus "spam" is by definition any mail which the majority of your recipients don't want, and click "report spam" on. It's got nothing to do with the total number of people who receive it.

Re:I warned them in 2006. (2, Insightful)

Spazmania (174582) | about 5 years ago | (#29253637)

The problem defines the tool, not the other way around. The trained Bayesian filter is one of many tools for filtering spam and other undesired mail. But spam is not defined as "that which the Bayesian filter detects." Nor is all undesirable mail spam; spam is only a subset of undesirable email.

Re:Not really a hole, more like open barn door (1)

FlyingBishop (1293238) | about 5 years ago | (#29252907)

My university decided that it would open up its wireless, since the administration didn't want to increase IT funding, but it wanted to support iPhones. Anybody with a halfway decent understanding if IT knows it's a bad idea for the college to provide free unauthenticated WiFi anywhere on campus, but apparently no one put it in terms that convinced the board.

Your official guide to the Jigaboo presidency (-1, Troll)

Anonymous Coward | about 5 years ago | (#29251067)

Congratulations on your purchase of a brand new nigger! If handled properly, your apeman will give years of valuable, if reluctant, service.

INSTALLING YOUR NIGGER.
You should install your nigger differently according to whether you have purchased the field or house model. Field niggers work best in a serial configuration, i.e. chained together. Chain your nigger to another nigger immediately after unpacking it, and don't even think about taking that chain off, ever. Many niggers start singing as soon as you put a chain on them. This habit can usually be thrashed out of them if nipped in the bud. House niggers work best as standalone units, but should be hobbled or hamstrung to prevent attempts at escape. At this stage, your nigger can also be given a name. Most owners use the same names over and over, since niggers become confused by too much data. Rufus, Rastus, Remus, Toby, Carslisle, Carlton, Hey-You!-Yes-you!, Yeller, Blackstar, and Sambo are all effective names for your new buck nigger. If your nigger is a ho, it should be called Latrelle, L'Tanya, or Jemima. Some owners call their nigger hoes Latrine for a joke. Pearl, Blossom, and Ivory are also righteous names for nigger hoes. These names go straight over your nigger's head, by the way.

CONFIGURING YOUR NIGGER
Owing to a design error, your nigger comes equipped with a tongue and vocal chords. Most niggers can master only a few basic human phrases with this apparatus - "muh dick" being the most popular. However, others make barking, yelping, yapping noises and appear to be in some pain, so you should probably call a vet and have him remove your nigger's tongue. Once de-tongued your nigger will be a lot happier - at least, you won't hear it complaining anywhere near as much. Niggers have nothing interesting to say, anyway. Many owners also castrate their niggers for health reasons (yours, mine, and that of women, not the nigger's). This is strongly recommended, and frankly, it's a mystery why this is not done on the boat

HOUSING YOUR NIGGER.
Your nigger can be accommodated in cages with stout iron bars. Make sure, however, that the bars are wide enough to push pieces of nigger food through. The rule of thumb is, four niggers per square yard of cage. So a fifteen foot by thirty foot nigger cage can accommodate two hundred niggers. You can site a nigger cage anywhere, even on soft ground. Don't worry about your nigger fashioning makeshift shovels out of odd pieces of wood and digging an escape tunnel under the bars of the cage. Niggers never invented the shovel before and they're not about to now. In any case, your nigger is certainly too lazy to attempt escape. As long as the free food holds out, your nigger is living better than it did in Africa, so it will stay put. Buck niggers and hoe niggers can be safely accommodated in the same cage, as bucks never attempt sex with black hoes.

FEEDING YOUR NIGGER.
Your Nigger likes fried chicken, corn bread, and watermelon. You should therefore give it none of these things because its lazy ass almost certainly doesn't deserve it. Instead, feed it on porridge with salt, and creek water. Your nigger will supplement its diet with whatever it finds in the fields, other niggers, etc. Experienced nigger owners sometimes push watermelon slices through the bars of the nigger cage at the end of the day as a treat, but only if all niggers have worked well and nothing has been stolen that day. Mike of the Old Ranch Plantation reports that this last one is a killer, since all niggers steal something almost every single day of their lives. He reports he doesn't have to spend much on free watermelon for his niggers as a result. You should never allow your nigger meal breaks while at work, since if it stops work for more than ten minutes it will need to be retrained. You would be surprised how long it takes to teach a nigger to pick cotton. You really would. Coffee beans? Don't ask. You have no idea.

MAKING YOUR NIGGER WORK.
Niggers are very, very averse to work of any kind. The nigger's most prominent anatomical feature, after all, its oversized buttocks, which have evolved to make it more comfortable for your nigger to sit around all day doing nothing for its entire life. Niggers are often good runners, too, to enable them to sprint quickly in the opposite direction if they see work heading their way. The solution to this is to *dupe* your nigger into working. After installation, encourage it towards the cotton field with blows of a wooden club, fence post, baseball bat, etc., and then tell it that all that cotton belongs to a white man, who won't be back until tomorrow. Your nigger will then frantically compete with the other field niggers to steal as much of that cotton as it can before the white man returns. At the end of the day, return your nigger to its cage and laugh at its stupidity, then repeat the same trick every day indefinitely. Your nigger comes equipped with the standard nigger IQ of 75 and a memory to match, so it will forget this trick overnight. Niggers can start work at around 5am. You should then return to bed and come back at around 10am. Your niggers can then work through until around 10pm or whenever the light fades.

ENTERTAINING YOUR NIGGER.
Your nigger enjoys play, like most animals, so you should play with it regularly. A happy smiling nigger works best. Games niggers enjoy include: 1) A good thrashing: every few days, take your nigger's pants down, hang it up by its heels, and have some of your other niggers thrash it with a club or whip. Your nigger will signal its intense enjoyment by shrieking and sobbing. 2) Lynch the nigger: niggers are cheap and there are millions more where yours came from. So every now and then, push the boat out a bit and lynch a nigger.

Lynchings are best done with a rope over the branch of a tree, and niggers just love to be lynched. It makes them feel special. Make your other niggers watch. They'll be so grateful, they'll work harder for a day or two (and then you can lynch another one). 3) Nigger dragging: Tie your nigger by one wrist to the tow bar on the back of suitable vehicle, then drive away at approximately 50mph. Your nigger's shrieks of enjoyment will be heard for miles. It will shriek until it falls apart. To prolong the fun for the nigger, do *NOT* drag him by his feet, as his head comes off too soon. This is painless for the nigger, but spoils the fun. Always wear a seatbelt and never exceed the speed limit. 4) Playing on the PNL: a variation on (2), except you can lynch your nigger out in the fields, thus saving work time. Niggers enjoy this game best if the PNL is operated by a man in a tall white hood. 5) Hunt the nigger: a variation of Hunt the Slipper, but played outdoors, with Dobermans. WARNING: do not let your Dobermans bite a nigger, as they are highly toxic.

DISPOSAL OF DEAD NIGGERS.
Niggers die on average at around 40, which some might say is 40 years too late, but there you go. Most people prefer their niggers dead, in fact. When yours dies, report the license number of the car that did the drive-by shooting of your nigger. The police will collect the nigger and dispose of it for you.

COMMON PROBLEMS WITH NIGGERS - MY NIGGER IS VERY AGGRESIVE
Have it put down, for god's sake. Who needs an uppity nigger? What are we, short of niggers or something?

MY NIGGER KEEPS RAPING WHITE WOMEN
They all do this. Shorten your nigger's chain so it can't reach any white women, and arm heavily any white women who might go near it.

WILL MY NIGGER ATTACK ME?
Not unless it outnumbers you 20 to 1, and even then, it's not likely. If niggers successfully overthrew their owners, they'd have to sort out their own food. This is probably why nigger uprisings were nonexistent (until some fool gave them rights).

MY NIGGER BITCHES ABOUT ITS "RIGHTS" AND "RACISM".
Yeah, well, it would. Tell it to shut the fuck up.

MY NIGGER'S HIDE IS A FUNNY COLOR. - WHAT IS THE CORRECT SHADE FOR A NIGGER?
A nigger's skin is actually more or less transparent. That brown color you can see is the shit your nigger is full of. This is why some models of nigger are sold as "The Shitskin".

MY NIGGER ACTS LIKE A NIGGER, BUT IS WHITE.
What you have there is a "wigger". Rough crowd. WOW!

IS THAT LIKE AN ALBINO? ARE THEY RARE?
They're as common as dog shit and about as valuable. In fact, one of them was President between 1992 and 2000. Put your wigger in a cage with a few hundred genuine niggers and you'll soon find it stops acting like a nigger. However, leave it in the cage and let the niggers dispose of it. The best thing for any wigger is a dose of TNB.

MY NIGGER SMELLS REALLY BAD
And you were expecting what?

SHOULD I STORE MY DEAD NIGGER?
When you came in here, did you see a sign that said "Dead nigger storage"? .That's because there ain't no goddamn sign.

Next time, strive for +5 funny (1)

davidwr (791652) | about 5 years ago | (#29251237)

If you'd posted a genuine 419 mail, particularly one re-written to spoof the Democratic Party, it would be marked +5 funny not -1 troll.

Re:Your official guide to the Jigaboo presidency (1)

yesteraeon (872571) | about 5 years ago | (#29252535)

Mod this down. 0 isn't low enough.

Right (0)

Anonymous Coward | about 5 years ago | (#29251111)

That's asinine. That's democratic party website. Touche?

Give it until Tuesday (0)

Anonymous Coward | about 5 years ago | (#29251127)

The news hit on Friday.

Give them 1 full business day before calling them incompetent.

Epic... (1)

shentino (1139071) | about 5 years ago | (#29251129)

...fail!

So... (5, Funny)

Anonymous Coward | about 5 years ago | (#29251133)

Spammers are making liberal use of a democrat website?

Convenient link... (0)

Anonymous Coward | about 5 years ago | (#29251407)

You forgot this [is.gd] .

Why is this tagged "politics"? (2, Insightful)

mantis2009 (1557343) | about 5 years ago | (#29251169)

It's not like the Democratic party has a policy of encouraging spammers, while the Green party argues for locking up people who send unsolicited emails. This isn't a political story, folks.

Re:Why is this tagged "politics"? (0)

Anonymous Coward | about 5 years ago | (#29251347)

Mod the parent +1 Tonsil!

Re:Why is this tagged "politics"? (1)

Clover_Kicker (20761) | about 5 years ago | (#29251389)

You're not going to many page hits with an attitude like that.

Won't someone think of the page hits!

This has nothing to do with politics! (4, Insightful)

Zerbey (15536) | about 5 years ago | (#29251259)

Just another clueless web designer putting up an open relay form. I thought I'd seen the last of these back in the 1990s! I'm sure the web site in question has been blacklisted by all the major DNSBL lists by now.

Re:This has nothing to do with politics! (1)

cyberstealth1024 (860459) | about 5 years ago | (#29251953)

I'm sure the web site in question has been blacklisted by all the major DNSBL lists by now.

One can only hope!

Re:This has nothing to do with politics! (2, Informative)

noc007 (633443) | about 5 years ago | (#29253837)

The MX records for democrats.org point to 208.69.4.29, 208.69.4.30, and 208.69.4.31 and the MX records for dnc.org point to 72.35.23.4 and 216.129.90.46. As of this posting, Spamhaus doesn't have those blacklisted.

Re:This has nothing to do with politics! (1)

Bourdain (683477) | about 5 years ago | (#29254081)

it is in major DNSBL (i.e. to test that, my fastmail.fm account blocked it and yahoo, of course, let it straight on through)

Geniuses... (5, Insightful)

Anonymous Coward | about 5 years ago | (#29251297)

These are the same geniuses who want to be able to take down the internet when problems arise. They can't even manage themselves but want to control everything else. Go figure...

Re:Geniuses... (-1, Troll)

Anonymous Coward | about 5 years ago | (#29251541)

If I hadn't used up my mod points already, I'd correct that 'Troll' mod with a +1 Interesting.

And the thought occurs - might these be the same people who just got the $18MM "transparency" website contract from the Odministration? *That's* a scary thought!

Blame Ruby on Rails (0)

Anonymous Coward | about 5 years ago | (#29251335)

It's a good thing the DNC is right now advertising an opening for a Ruby on Rails developer position: http://jobs.37signals.com/jobs/5515 [37signals.com] , hopefully they get replace someone whoever is was inept enough to do this.

And now ... (0)

Anonymous Coward | about 5 years ago | (#29251351)

Fun shall be had ...

Ok Slashdot, here is your chance to fight spam (1)

fooslacker (961470) | about 5 years ago | (#29251365)

Someone write an email that sends out the "new democratic party platform". Feel free to copy it from the Republicans site. Then send it to all the known big donors. I figure 10,000 emails and five minutes later and this hole will be closed. Politicians (of all persuasions) only respond to two things and reason is not one of them. Votes and money. Threaten those and they'll be all over this. =)

Don't you worry (0)

Anonymous Coward | about 5 years ago | (#29251457)

Oh don't you worry anything from democrats.org is already on my spam list

It's not a hole (2, Funny)

andy1307 (656570) | about 5 years ago | (#29251465)

It's not a hole..It works exactly like it was designed to work..making it easier for people to spread their word.

Re:It's not a hole (1)

La Gris (531858) | about 5 years ago | (#29251577)

More like: "It's Not A Bug - It's A Feature."

By the way, It does not even wait between retries and it may as well fail completely in the void after the second one.

Aug 30 16:30:14 ns1 postfix/smtpd[3774]: connect from mailservices.democrats.org[208.69.4.29]
Aug 30 16:30:14 ns1 postfix/smtpd[3774]: connect from mail-fallback.democrats.org[208.69.4.31]

Re:It's not a hole (0)

Anonymous Coward | about 5 years ago | (#29253843)

Probably the same kind of ease they intended when during election season they removed all credit card verification requirements on the donations page. "Wtf is their a 2000$ donation to the Obama campaign on my credit card? I voted for Mccain."

Re:It's not a hole (1)

Culture20 (968837) | about 5 years ago | (#29255623)

It's not a hole..It works exactly like it was designed to work..making it easier for people to spread their word.

The new Democratic platform: Deposed Nigerian monarch money and bigger penises for everyone!
I may vote next election.

No need to worry -- they can't deliver mail either (1)

originalhack (142366) | about 5 years ago | (#29251591)


Amazing layers of stupidity....

Not only will they accept and deliver arbitrary messages, if their first attempt to deliver fails, they switch to a "backup" server and try again immediately and then forget the whole thing. Clearly never heard of greylisting.

Change we can believe in (1)

jimmy_dean (463322) | about 5 years ago | (#29251925)

This is definitely change we can all believe in. :p

A rookie mistake (4, Insightful)

coryking (104614) | about 5 years ago | (#29252021)

Who here can honestly say the first couple email forms they created *did not* get shut down by spammers? The first I created looked almost like the one linked in this article--no security checks, no throttling and the ability to completely alter the message and subject.

The the second one I created let you add extra headers in the mail message--course part of that was thanks to the shitty, insecure mail api provided by PHP. Their API is more than happy to let you add linefeeds in the "From" or "To" parameters and thus let you add extra headers (say BCC). The reason it was my fault was for using PHP in the first place!

No sir, we've all done this. Every developer who ever created something that let the public generate email has created a gateway for spammers at least once.

My hunch is an intern did this :-)

Re:A rookie mistake (0)

Anonymous Coward | about 5 years ago | (#29252319)

My hunch is an intern did this :-)

Mike Sandy did it and he took Computer Science III motherfucker. So there!

Re:A rookie mistake (1)

Stan Vassilev (939229) | about 5 years ago | (#29252675)

[...] insecure mail api provided by PHP. Their API is more than happy to let you add linefeeds in the "From" or "To" parameters and thus let you add extra headers (say BCC). The reason it was my fault was for using PHP in the first place!

There is no "From" parameter. It's called additional_headers which, yes, lets you include one or more raw headers, separated by newlines. There are plenty of higher-level API-s for PHP, but you chose to pass headers to the the raw API without validating. Have you heard this one: "a poor craftsman blames his tools"?

Re:A rookie mistake (2, Insightful)

coryking (104614) | about 5 years ago | (#29252745)

That is why it is called a rookie mistake. And yes, I'll blame PHP. It is a beginner language and should encourage people to do the right thing. Instead, it makes it hard to create a non-exploitable mail form and trivial to make one that is wide open.

a poor craftsman blames his tools

A skilled craftsman knows what constitutes a good tool is and why it might be important. A skilled craftsman also knows when something *is* the fault of the tool. A novice doesn't know a good tool from a bad tool. PHP is a useful tool, but in hands of a novice it can lead to exactly the scenario in this article and *that* makes it a poor tool.

Re:A rookie mistake (1)

fractalus (322043) | about 5 years ago | (#29253311)

PHP being dangerous for novices doesn't make it a poor tool, it makes it a poor tool for novices. C is a useful tool too, and in many cases can be the best tool for the job, but in the hands of a novice it can be dangerous.

The problem isn't PHP specifically (because just about any web-oriented programming language can have similar problems) it's that there are lots of people interested in making dynamic web sites who don't understand the risks. Building and deploying dynamic web sites means subjecting them to possible attack from billions of other people. This is a far different (and bigger) challenge than simply deploying a desktop application, but we still have scads of "tutorials" that treat security as an afterthought.

Web programming is not, nor should it be, something anyone can "whip up" without understanding what they're doing. Think of it this way: "Hey Bob, while you're in that level 4 biohazard lab, why don't you check out this nifty tool I made. I'm pretty sure it won't damage your suit. What? No, I don't have any experience making bio lab tools. Or working in one. Does that matter?"

Re:A rookie mistake (3, Informative)

coryking (104614) | about 5 years ago | (#29253433)

Web programming is not, nor should it be, something anyone can "whip up" without understanding what they're doing

Sure, in make-believe land this will happen. But here in reality, there are tons of rookie coders writing crap, insecure web programs. Given this will *never* be stopped, the *least* PHP might do is make it feel natural to do the right thing.

For example, if you search "PHP send mail", one of first hits you get [about.com] has example code that *will* be exploited by spammers. The fact that the *core default way to send mail* does not have a parameter for "From:" has resulted in thousands of websites getting reamed by spammers. Everbody wants to customize the "From:" in an email based on user input! No novice will know how to properly construct a "From: $username" to pass into the additional_headers! They'll gloss over the warning in the link I gave--why? Like most people they will assume the warning only applies to people doing advanced tricks with email like attachments; all they are doing is something "simple" like customizing the From: line! Hell, that is how I got burned. I assumed since I was doing something simple, PHP would do the right thing for me. I was wrong. Live and learn!

The easy to exploit mail function isn't what is happening in the article. That "exploit" isn't even really an exploit but it is what I originally called it--a rookie mistake. That kind of thing can be done in any language and you'd be lying to say your first email form didn't have the exact same problem!

Re:A rookie mistake (0)

Anonymous Coward | about 5 years ago | (#29253907)

My hunch is an intern did this :-)

It was written by this guy: http://www.joeshmoe.com/resume.html [joeshmoe.com]

Re:A rookie mistake (0)

Anonymous Coward | about 5 years ago | (#29254107)

My hunch is an intern did this :-)

You mean in between fetching coffee and giving BJs? How did she find the time?

Re:A rookie mistake (1)

sg_oneill (159032) | about 5 years ago | (#29256187)

Speak for yourself. It was always obvious to me these stupid forms where far too dangerous to allow, and that was back in the mid 90s when we where first fucking around with CGI mail.

Don't assume other people share in your historical naivete.

Fix the Problem (1)

davidshewitt (1552163) | about 5 years ago | (#29252187)

The democrats.org technical support website doesn't have a captcha either. Maybe /.ing them with requests to fix this lack of security will raise their awareness. This sort of thing is unacceptable and needs to be fixed.

Their support website is: http://www.democrats.org/page/s/techproblems [democrats.org]

They have a captcha now (1)

Mr. Roadkill (731328) | about 5 years ago | (#29255957)

Mind you, it's being used by 419ers... they don't honestly believe that they'll keep 419ers out with a captcha, do they? These are the same people who'll cheerfully sit there sending mail out through hotmail accounts, so a captcha's not going to keep them out.

Oh (2, Insightful)

BCW2 (168187) | about 5 years ago | (#29252239)

I thought it was just standard propaganda from them.

Silly me.

How can you tell? (3, Funny)

Punk CPA (1075871) | about 5 years ago | (#29252339)

Nearly everything coming out of Washington looks like a 419 scam anyway.

Oh the irony (2, Funny)

PHAEDRU5 (213667) | about 5 years ago | (#29255771)

John McCain never left his email server open for this sort of exploit!

A good way to get them to fix the problem: (0)

Anonymous Coward | about 5 years ago | (#29255857)

All you need to do to get the problem fixed is start using their site to send out birther or anti-healthcare messages, and maybe a few campaign emails for the opponents of Harry Reid and some of the other prominent Dems. Make sure to include the site administrators on the email message, and maybe include a line at the bottom saying, "This message brought to you courtesy of democrats.org"

I'm pretty sure they'll get the holes closed up pretty fast!

Limit 10 at a time (0)

Anonymous Coward | about 5 years ago | (#29256081)

Their limit of 10 at a time makes this a not so effective strategy, unless of course you send the mails to a few tens of prominent Democratic politicans or donors.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>