Norm Coleman Website Crash Exposes Database and Email Lists

What’s worse than losing a Minnesota Senate race?

Losing your website’s entire database, that’s what.  As if claiming your website was brought down by too much traffic wasn’t bad enough, Norm Coleman’s website received a second round of criticism when I found a database file sitting in a directory that anyone could download…

I first picked up this story from @Chuckumentary on Twitter about Norm Coleman’s office saying their website had been “inundated by tens of thousands of hits today – temporarily crashing the website.” Of course that got me curious as an IT consultant and I went to check it out.  Aaron Landry broke this story because previous website traffic reports and the location of the domain name didn’t match up.  Paul Schmelzer at the Minnesota Independent picked up the story which is where I first saw it.

Norm Coleman’s website crash revealing a database full of supporters is now known as Crashgate.


Update 7: How ironic is it that January 28th, the day I posted this was also Data Privacy Day?

Update 6: Interviewed by MPR Coleman warns donors after data breach

Update 5: Interviewed on The Rachel Maddow Show, MSNBC

Update 4: Interviewed by MN Independent Coleman’s site wasn’t ‘hacked,’ says IT pro who discovered donor breach

Update 3: Blog Post  Breaking: Coleman’s unsecured donor database revealed on Wikileaks

Update 2: Blog Post  Who is Searching Google for Norm Coleman’s Database?

Update 1:  Wikileaks.org is putting Norm Coleman’s business out on the Internet.


Curious, I wanted to see where the domain was currently pointing.  I used OpenDNS.com’s cache check to identify the current ip address of 208.42.168.251 and then loaded that address into my web browser.

Screenshot of opendns.com information for colemanforsenate.com

I had to see what all the fuss was about.  Was there really an attempt to bring down the website due to political unrest with these ballots in my state?  Were the allegations of a poorly coded website true?

What I got instead was a plain text listing of directories…

The Database of Norm Coleman

Wowza.  As I was tooling around in the directories, I saw a database file.  I thought, “That’s not right.”  I began taking screenshots and uploading them to Flickr.  I didn’t know what the database contained but hoped there wasn’t financial information in that database.  I figured it was a list of email addresses for Norm Coleman supporters and staff but I did not download it find out.  Did you download the database?

There is a term known as “Google Hacking” where you can actually search for files that people have on sites and ftp areas that have names like “passwords.txt”, “backup.tar.gz”.  Eeek!  Backups should be stored above the “root” folder that is shared out to the internet.  This is showing up because the server located at http://208.42.168.251 was not told to restrict directories from the web.

All photos are licensed under Creative Commons.
Norm Coleman database photos on Flickr

I wonder how much user information is in this database at colemanforsenate.com?

I began posting links to the photos on the blogs of the Minnesota Independent and Minpublius to bring awareness to what I had found.  Would I have done the same if this were a democrat?  Probably.  For me, it’s about computer security and data privacy, not about political affliation.

You can become Norm Coleman’s Website Admin

I will give them the benefit of the doubt and assume I was only able to get here because the website is not functioning.  Below you can see that I could enter an email address, name and password and if this site was working, it would create an administrator in the database.  I found similar files to edit and delete records as well.  Being able to write to the database like this from a form should require an authenticated and active session but I can’t see the code so I don’t know.

wow, is it this easy to create an admin account at colemanforsenate.com?

Indexing of directories is turned on

This is a security risk.  I would hope they have .htaccess files in place to restrict access to the admin directory and that index listings are turned off for the current site.

directory of colemanforsenate.com at ip address 208.42.168.251

Website errors show you configuration file locations

You see errors like this a lot on Joomla websites when there is a problem connecting to the database, there is a permissions issue on a file or when files are missing.

Incorrectly configured Linux server to blame? colemanforsenate.com

Missing log files

This directory is empty.  It doesn’t mean there are no log files (deleted?)

why is this directory for log files empty on the colemanforsenate.com website?

Site is down again

So, the site is being reported by OpenDNS.com as down again and I am getting the same info at DNSStuff.com too.

colemanforsenate.com is back down again accordin to OpenDNS.com

The moral of the story is that you should hire computer and website professionals who understand technology.  You should plan and develop a strategy for downtime and problems.  Don’t put all your eggs into one basket with one website programmer.  If he or she is hit by a truck (or something goes wrong on the website and they have no recourse to help you.

Resources to protect your data

Minnesota Law on Data Security Breach Notification, Statute 325E.61 – This describes what needs to be lost for a company to notify you and how they must go about doing it. Unfortunately, it seems a company can lose your full name, address, income, number of children and previous purchases BUT not be required to tell you. (Disclaimer: I am not a lawyer)

Data Security Breaches in the US 2005, 2006, 2007, 2008, 2009 – Check to see if a school you attended, a doctor you saw, an employer, your local Veterans office, your bank, your utility company, your library or even a hotel you stayed at is listed here.

Resources for website security

The Importance of Web Application Scanning – Acunetix makes an application that can scan websites for vulnerabilities.  There is a free version that will check for XSS (Think back to when Barack Obama’s website redirected to Hillary Clinton’s).

3 Common Website Security Problems – This article from Georgetown University  summarizes how issues on Norm Coleman’s site could have been addressed before “Crashgate”, especially this one on unsecured files and databases:

Unsecured files and databases

When setting up your web site or application, make sure that any files that contain data that is not intended to be public (such as information about people) are not located in public web folders. Do not place such files in folders with the belief that because you are not linking to them, a user cannot find them.

  • Files (such as Access databases) that are datasources for your application must be located in a non-web-accessible folder (the web_datasources folder in your hosting account).
  • Other files that contain data used by the application should also be located in a non-web-accessible folder.
  • Other files that contain non-public information should be placed in a folder that is access restricted using a .htaccess file or other web server access restriction.

Update 12:12am 1/29/2009

Folks, the directory listing for colemanforsenator.com has been replaced with a login box.  But…we know what’s behind the curtain now.

Login box replaces 205mb database on colemanforsenate.com

Update 5:40pm 1/29/2009

Stay tuned for video posting from the 1/29/2009 lifestream:

“Norm Coleman’s Database”

  • why the database was available
  • what it contained
  • how website developers and companies can work to prevent this from happening
  • and take questions from viewers

Update 11:11pm 1/29/2009

Number of hits to the post 54

Photo stats for the post
I wonder how much user information is in this database at colemanforsenate.com? 1,458 views
You can become Norm Coleman’s Website Administrator at colemanforsenate.com 290 views

Current rumors
The database contains social security numbers
The database contains credit card information (POST data)

Update 6:54pm 1/30/2009

Number of hits to the post 610
In-Progress Video of “Norm Coleman’s Database: What Happened and Why”

Post picked up on:
Politics in Minnesota – Epic recount website fail: One Dot One Dot One Dot One

Thanks to Ben for picking out the incorrect use of “then” when I should have used “than” in the header “What’s worse than losing a Minnesota Sentate race?”

FYI: If you enter a fake looking email address with your comment, I will probably not approve it. If you want to share something with me offline, use the contact page. Thanks!

Question from Dennis
What does “Awaiting Moderation Mean? Where’s my comment?

Answer
I did not publish your comment because there was NOTHING technical in it. I have published comments that:

      * indicate how they feel about the info being released
      * indicate how they feel about what I did as an IT person doing this
      * ask questions related to the technology aspect of the Norm Coleman database
      * share personal stories on how this affected them
      * thank me for my efforts
      * support me for taking initiative
    * judge, criticize and blame me for making the wrong choice

If you just want to harp on Democrats vs Republicans and Norm Coleman vs Al Franken, you should go to a political blog and do that.

Did interview with PJTV, conservative focused online media site (PajamasTV)

Article at ChannelWeb, Serious Security Flaw Discovered In Less Than 2 Minutes On U.S. Senator’s Web Site

Excerpt from resume of website developer who created Colemanforsenate.com website:

ColemanForSenate.com
* Developed a custom content management system from the ground up in PHP

New Video is up! Live: Coleman Question and Answer after The Rachel Maddow Show 3/14/2009 12:45am CST

Blog Post MN Independent Coleman donors express ‘extreme anger,’ fear, worry after breach

YouTube video: How I Found Norm Coleman’s Website Database in 2 Minutes

Best quote to me on the phone: “I just hung on the secret service to talk to you” — unnamed reporter

Lifestream video : I explain what went wrong and answer questions about the Norm Coleman’s website

This entry was posted in Cover Your Butt, Politics, Security, Tech Tasty, Troubleshooting, YouTube and tagged , on by .

About Adria Richards

Adria Richards is a developer and entrepreneur focused on digital equality. She has worked in the tech industry since 1998 solving big problems for companies of all sizes. Embracing her inner nerd, Adria moved moved to San Francisco in 2010 to pursue her passion for technology. Previously she has worked in technical and training roles for enterprise, nonprofits and startups; from Apple to Zendesk. Adria is a popular speaker and gives talks about culture, communication and diversity. In her free time, she enjoys snowboarding, yoga and bacon; not necessarily at that order. Her Twitter account is followed by President @BarackObama.

94 thoughts on “Norm Coleman Website Crash Exposes Database and Email Lists

  1. Pingback: Cryptosmith » Donor Data Exposed from MN Senate Race

  2. Pingback: Norm Coleman’s Tech Snafu | Smatters

  3. Jon

    @Adria Richards,

    Good work Adria.

    For the rest of you: I too am an IT consultant and *applaud* the way this was handled. *Somebody* had to shed light on this, and because Norm Coleman chose his career over the financial security of his donors, someone else stepped up to the mic.

    The fact is, they knew they had a problem that they were obligated to fix. They knew they’d exposed donor information and had an obligation to inform the people affected. They didn’t. Until someone forced their hand.

    Again, Well done Adria!

  4. Adria Richards

    @Al,
    Oh dear! Al, I don’t think I can commit on this just yet. I’ll take it to mean you really, really, really appreciate my efforts!

  5. BeckiTrue

    @adria.richards,
    I agree with Pixelpusher. You found an unlocked door, walked in, looked around and took pictures. Rather than notify the owner, you chose to put a big sign in the front yard announcing that the door is unlocked and posted pictures of the contents for everyone to see. For a technology professional, this is an ethical question, not a political one.

    You said it yourself, you thought it was “news” and that is lens through which you filtered your decisions. Your desire to be part of a news story outweighed your duty to act responsibly, and you helped to expose sensitive personal data that might not have been otherwise. It doesn’t matter that you were not the first on the scene.

    Sure, you didn’t unlock the door or store information that isn’t supposed to be stored unencrypted, but you did tell as many people as you could about the vulnerability, and did so before the door was locked. You could have publicized the negligent actions of the site administrator after the vulnerability was dealt with. You would have made your point without unnecessarily exposing people to identity theft or credit card fraud.

    It’s an easy mistake to make given the current emphasis on instant communication, Internet fame and the view that data nearly valueless. If nothing else, this incident serves as another case study for Information Assurance and Business Ethics students.

  6. Blake

    Nice work! I was surprised when you were on the Rachel Maddow show and said it was just directory browsing being enabled on the server.

    This was a theft of information but there was NOT any hacking involved. This was simple negligence on their part. Assuming they had not made the obvious mistake of enabling directory browsing. Here are some other mistakes they made:

    1. Storing database files in the web root is a security risk for this very reason. You should always store data files below webroot so it would not be accessible in the event of a compromise.

    2. You should NEVER have a administrative backend that is accessible WITHOUT a password.

    3. You should NEVER store credit card numbers in plain text, it should be encrypted. You are also not ALLOWED to store credit card numbers unless your server is PCI Compliant, and this server is OBVIOUSLY not (being PCI Compliant costs a lot of money, and as we can tell the Senator’s site is a low-budget).

    4. Storing CCV number at all IS ILLEGAL!!

    5. Their site is (was?) vulnerable to SQL Injection attacks, which would have been able to EASILY retreive credit card data from their database even IF they did not have directory browsing enabled.

    The fact that he is trying to push this off on to hackers is ridiculous. This is negligence.

    For the record, I work in the web-hosting industry and deal with compromised sites/servers on a daily basis.

    ~Blake

  7. Al

    @Adria Richards, Okay, I can accept that…Then, perhaps a flower for your efforts?

    8″”=””8′ “88a88′
    .. .;88m a8 ,8″” “8
    “8”‘ “88” A” 8;
    “8, “8 8 “8,
    “8 8, 8, “8
    8, “8, “8, ___8,
    “8, “8, “8mm””””””8m.
    “8,am888i”‘ ,mm”
    ,8″ _8″ .m888″
    ,88P”””””I888888
    “‘ “I888
    “I8
    “I8_
    ,mmeem.m””i, I8″” ,mmeem,’.
    m”” . “8.8 I8 ,8″ . “88
    i8 . ‘ ,mi””8I8 ,8 . ‘ ,8″
    88.’ ,mm”” “8I88″m,,mm'”
    “8_m”” “I8 “

  8. JohnC

    @adria.richards,

    Adria – I agree with Becki, this was definitely not ethical. It’s irrelevant that it was a political site (and I don’t care who wins). It’s irrelevant that they may or may not have had professionals managing the site. It is relevant that they exposed data. Someone with more intelligence about such an issue – and how to fix it – such as yourself, had two choices. One was to find a way to address the problem, to contact someone – ANYONE. From 7pm to 730, you discovered more and collected your evidence. Sadly, you took the 2nd choice. You didn’t address the problem, you publicized it – even insisting on your website that it was okay to publish the pictures, “as long as you credit me”. Wouldn’t an IT professional such as yourself better serve the public and help the weak by fixing the problem? Your own website says “I like to help people”. Who did you help? I might have missed it, but I didn’t get the impression that the Coleman people ignored your pleadings, your evidence, your *desire* to help them. Instead, you went for the 15 minutes of fame in this 2.0 world, even giving props to Twitter. For what, getting you on TV? You used your experience and greater IT knowledge for personal gain. But this too will fade. The legacy you could have left for this event could have been an ethical one. It’s too bad it won’t be.

  9. adria.richards

    @JohnC,
    I couldn’t “fix” the problem. The real issue here was negligence.

    -The location of the backups were being done “one level up”

    -Someone was hired to create a Content Management System (CMS) that intentionally stored credit card numbers and the 3 digit security code

    -Someone was hired to setup and maintain financial transactions for the website who did not do it correctly

    -Someone was in charge of the website the day it had problems and made decisions which left it up with exposed folders…they also left the database file there

    This is about security and keeping people safe. Not the specific people who were in the database but to raise awareness that this is a global problem.

    Please take a look at the thousands of security breaches at this website for schools, banks, hospitals, law firms, retail stores, government agencies, police departments, hotels, veterans homes

    80,000 current and retired New York City police officers should have never had their Social Security Numbers and direct deposit information stolen March 4th, 2009 by a civilian employee. The link above says they caught him because he disabled the security cameras when he stole the backup tapes.

  10. Pingback: Situation Norman, All Fucked Up - Updated « 300

  11. JohnC

    @adria.richards,

    Adria – you couldn’t fix the problem, that is correct. It wasn’t your job to do that, and I get that. I understand the technical specifics of the problem, as well as the concept of data breaches. I have been doing information security for almost 20 years. I can’t agree with you that you kept people safe here – you heightened the problem. But this too, is not about me. But it’s fair to ask, what would I have done in this situation? If I was looking to promote awareness as you mentioned you were doing, I would have taken the pictures – blacked out any personal information and then I would have tried – endlessly – to have contacted the ISP, Norm Coleman’s office, the domain administrator, etc. and let them know of the issue. I could have promoted the awareness on my blog later, after they fixed it. But instead you attempted not to fix the problem – which would have been to contact them, but rather you stemmed the continued bleeding of data. Obviously someone was around as you pointed that they put a password on the page. And don’t get me wrong – I believe they were TERRIBLY negligent. How did you help?
    None of the people who you mentioned as the victims of past breaches deserved to have their information exposed. Those organizations that were negligent have suffered as they should, and Coleman would have as well – but stopping the issue was more important than going to press about it while it was still hot.

    I do admire that you are willing to put up posts that disagree strongly with you, as I do. I believe you have a great future ahead of you, but may I suggest you put this behind you as quickly as possible because it does not bode well at all for your ethics. There are better ways to make the same point you are trying to make…

  12. o4tuna

    @TJSwift,TJSwift, you really don’t have any idea what your talking about. Entering an IP address into a browser is not illegal or uncommon. And finding a Direcroy structure when you get there, and looking through it is legal and common too. it is assumed that if you find a directory structure, you can look through it. This is how it was back in the early days of the internet, and the practice is still used.

    What I find questionable is that there was a tarball (a zip file to you) of the database in a publicly accessible directory. This is either a huge mistake made by a complete beginner, or a plant. There are plenty of way to have kept this information, this file, from being found, by the method in which Adria found it. (It shouldn’t have been there in the first place). So much so that I believe it was done on purpose. Nobody, nobody, that is in the business of building web sites for a living would put credit card information out on a open directory. This smells bad.

  13. o4tuna

    @Bob, See my reply to TJSwift. You are another person who doesn’t have the knowledge to make this judgment. She did nothing wrong. You sir, are completely ignorant of what she did, even though she has laid it out for you to see. Instead of asking questions, you choose to pass judgment and remain ignorant. This is your mistake. One in which I’m sure you often repeat.

  14. o4tuna

    @Dean W., For God sakes! Put down the Anne Colture books, turn off Fox, go buy a nice cd of polka music to play in your car. Get a grip before it is too late! Let rational thinking and vigorous curiosity return to that place it has long since vacated.

  15. Pingback: The Norm Coleman Database Debacle (Or….How NOT To Store Other People’s Information/Money) | The SmackDog Chronicles (Ver. 2.6)

  16. Pingback: random notes » Blog Archive » another smart person

  17. Minnesota Central

    Just ran across your posting and as a non-technical person I must thank you for making your presentation so understandable.
    AND for sounding the alarm.

    I don’t know if you can tell from the information available, but I have a concern of a potentially bigger problem.

    There are some important questions that need to be asked :
    What company did Coleman hire to collect his donations ?
    Did that company perform similar work for others ?
    If so, does(did) that company maintain “illegal” information on their databases ?

    If the company maintained this information for the Coleman campaign, was the same information maintained by other campaigns ?
    The Coleman incident may have exposed a problem that every political campaign needs to address. Proactively, every campaign that collected monies through credit cards needs to perform an internal investigation and issue a press release if illegal information was maintained. This would include not only Minnesota campaigns, but also others that collected monies within the state such as Romney, Guiliano, et al … as well as Democrats.

    Admittedly, those other campaign sites may not be exposed yet, but that doesn’t mean that they are not maintaining information that they should not. There is no reason for waiting for the FEC, FBI, Secret Service or MN Attorney General to investigate … campaigns need to be forthright and transparent.

  18. adria.richards

    @Minnesota Central,
    Agreed. The real issue at hand is the development of insecure websites.

    If you bought a car that you could not lock, it would get stolen often.

    If you adopted a puppy that was not vaccinated properly, it would need to see the vet.

    If a website collects information from people, especially financial information, it is a must to plan out the data workflow.

    Instead of storing the credit card information, they could have just collected the name, email, address and sent the financial portion onto a payment gateway processor like Authorize.net.

    The biggest problem here was the management of the server and website. The Coleman office could have hired an experienced Linux and website administrator to lead the website rollout, audit the site and read through the error logs. Instead, they brought in the “Secret Service” who found “nothing”.

  19. Jachra

    Adria,

    Although this a great find, I do agree with others that you should have acted more ethically. This was definitely not a responsible disclosure. Any exploit like this should be reported first.

    Yes, they should have hired a proper administrator in the first place. However, I am not surprised that they had to call the Secret Service because of some regulation.

  20. Jachra

    Adria,

    I watched the video, but that does not change my opinion. You still should tried to contact someone at senator Coleman’s staff and his ISP.
    Your failure to do so is very unethical.

  21. BeckiTrue

    @Adria Richards,
    Did you know the site was hosted by Visi? I don’t think it is now, but it looks like it was when you took the screen shots. They have 24×7 phone support BTW.

    : dig -x 208.42.168.251

    ; <> DiG 9.4.2-P2 <> -x 208.42.168.251
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48770
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

    ;; QUESTION SECTION:
    ;251.168.42.208.in-addr.arpa. IN PTR

    ;; ANSWER SECTION:
    251.168.42.208.in-addr.arpa. 900 IN PTR v-208-42-168-251.mn.visi.com.

    ;; AUTHORITY SECTION:
    168.42.208.in-addr.arpa. 900 IN NS ns.visi.com.
    168.42.208.in-addr.arpa. 900 IN NS ns2.visi.com.

    ;; ADDITIONAL SECTION:
    ns.visi.com. 807 IN A 209.98.98.1
    ns2.visi.com. 807 IN A 66.254.98.138

    ;; Query time: 76 msec
    ;; SERVER: 68.11.16.25#53(68.11.16.25)
    ;; WHEN: Mon Mar 16 21:33:32 2009
    ;; MSG SIZE rcvd: 154

  22. adria.richards

    @BeckiTrue,
    No I didn’t know the server was at VISI.com. That’s interesting. I suggested that the Norm Coleman office contact VISI.com to get a senior level person to look at the server when the problem happened.

    I wonder why they didn’t ask VISI.com to review the log files. VISI.com support folks are very experienced. Maybe they were collocating a server there.

    I wonder if this supports the theory they were moving the website to a new location and I found the old server.

    There are so many unknowns to this issue..

  23. adria.richards

    @Jachra,
    I really appreciate you taking the time to watch the video and post back to the blog with your updated comments. Everyone has a right to their opinion about my actions.

  24. Pingback: Privacy Lives » Blog Archive » InfoWorld: Beyond the Norm: Coleman’s data leak disaster

  25. decora

    i have learned to always think twice before i post crazy stuff i find on the internet. the ethical questions are not so simple as they seem at first glance.

    if what you find is truly important to society, you can always keep copies, and then upload what you found, later.

    journalists have big databases of notes and documents that they dont show to just anyone… they have all sorts of guidelines and judgement calls they have to make about what they can reveal, vs what they cant, and the effects it might have on the lives of various people, including their sources.

    the hacker culture is a bit different from the journalism culture, thats imho maybe part of the problem with the internet and events like this. it wasnt the first event, (ayone remember when AOL published a bunch of ‘anonymized’ search queries?), and im sure it wont be the last event like this to happen.

    hopefully the computer professors will start taking a little advice from the journalism professors and start teaching this stuff in their courses.

  26. Pingback: Wikileaks Presents New Legal Questions « Media and Communications Law Society

  27. Pingback: This is not at all political - except in that it sort of is. | Inside the Nerdery

  28. Pingback: Get Clients Now! A 28 Day Marketing Program For Success | Adria Richards

  29. Pingback: Shot in the Dark » Blog Archive » Hacks

  30. quyet22

    結婚 相談
    お見合いパーティー
    海水魚
    吉田不動産
    貸し事務所
    エアコン 故障
    エルメス バッグ
    家電 レンタル
    弁護士 銀座
    株 初心者
    J-Payment
    お見合い
    アヴァンス
    ハワイ旅行
    オフィス レイアウト
    介護
    car insurance
    債務整理 無料相談
    DVDコピー
    株式 情報
    時計修理
    USBドングル
    折込広告
    老人ホーム 横浜
    恵比寿 賃貸
    カイロプラクティック
    厨房機器
    バイク便
    川西賃貸
    ECサイト 構築
    ピアノレンタル
    教員採用試験
    債務整理
    越谷 不動産
    小さな靴
    カフェポッド
    商品先物取引
    福生市 不動産
    募金
    三軒茶屋 マンション
    ピアノ教室
    RMT
    マンション 貸す
    過払い
    婚活
    コーヒーワゴンサービス
    彫刻刀
    オーガニックコットン
    スキューバダイビング
    港区 不動産
    子宮筋腫 漢方
    グッチ バッグ
    店舗デザイン
    今井クリニック
    育毛 東京
    日商簿記
    志木 一戸建て
    冬虫夏草
    乳がん
    オフィス賃貸
    ビジネス英会話
    ビジネススクール 英語
    ナース服
    レストラン 求人
    立川市 不動産
    調布市 不動産
    八王子市 不動産
    福生市 不動産
    あきる野市 不動産
    黄体機能不全 漢方

  31. quyet22

    結婚 相談
    お見合いパーティー
    海水魚
    吉田不動産
    貸し事務所
    エアコン 故障
    エルメス バッグ
    家電 レンタル
    弁護士 銀座
    株 初心者
    J-Payment
    お見合い
    アヴァンス
    ハワイ旅行
    オフィス レイアウト
    介護
    car insurance
    債務整理 無料相談
    DVDコピー
    株式 情報
    時計修理
    USBドングル
    折込広告
    老人ホーム 横浜
    恵比寿 賃貸
    カイロプラクティック
    厨房機器
    バイク便
    川西賃貸
    ECサイト 構築
    ピアノレンタル
    教員採用試験
    債務整理
    越谷 不動産
    小さな靴
    カフェポッド
    商品先物取引
    福生市 不動産
    募金
    三軒茶屋 マンション
    ピアノ教室
    RMT
    マンション 貸す
    過払い
    婚活
    コーヒーワゴンサービス
    彫刻刀
    オーガニックコットン
    スキューバダイビング
    港区 不動産
    子宮筋腫 漢方
    グッチ バッグ
    店舗デザイン
    今井クリニック
    育毛 東京
    日商簿記
    志木 一戸建て
    冬虫夏草
    乳がん
    オフィス賃貸
    ビジネス英会話
    ビジネススクール 英語
    ナース服
    レストラン 求人
    立川市 不動産
    調布市 不動産
    八王子市 不動産
    福生市 不動産
    あきる野市 不動産
    黄体機能不全 漢方

  32. Amanda

    Okay so I just found your blog today. That's cool that you're the one who found all this out! I live in Minnesota as well so I heard about this all over the news, but I never knew who was the person who discovered everything. Very very cool. :)

  33. Adria Richards Post author

    Thanks Amanda! Yes, the 1 year anniverary of that blog post was yesterday and I’m planning to do a blog post on it next week.

  34. Pingback: You’re Invited To Adria’s Going Away Party! | But You're A Girl

  35. Bucks00786

    journalists have big databases of notes and documents that they dont show to just anyone… they have all sorts of guidelines and judgement calls they have to make about what they can reveal, vs what they cant, and the effects it might have on the lives of various people, including their sources.

    the hacker culture is a bit different from the journalism culture, thats imho maybe part of the problem with the internet and events like this. it wasnt the first event, (ayone remember when AOL published a bunch of ‘anonymized’ search queries?), and im sure it wont be the last event like this to happen.

  36. Pingback: Twas the night before DEF CON 20 - But You're A Girl -

Comments are closed.