Posted by:
admin
17 years, 1 month ago
The Radical Georgia Moderate blog has a post about accidentally getting access to a Ralph Reed campaign email account.This morning, I received another unsolicited e-mail newsletter from the Ralph Reed for Lt. Governor campaign. So, I wrote a brief reply to info@ralphreed.com that included a link to the post on my web site where I chastized it for adding my e-mail address to the list without permission. A few hours later, I looked in my Statcounter and saw a hit from the mail.ralphreed.com domain. I clicked the link, and to my shock found that I had full access to the campaign’s e-mail (from the info@ralphreed.com address, anyway). I assume I was granted access because a non-expired session ID was in the URL, but that still is an unacceptably low level of security.
Share on Twitter Share on Facebook