Re: [ALSC-Forum] icannatlarge.com security issue

[William S. Lovell]

These are indeed quite proper questions that should be answered.  That 
the site
was hacked may not be a "hole" that is fixable without extreme measures 
-- even
the CIA site has been hacked.  But proper authentication of the source 
of a post
should be doable. I had registered, and then shortly afterward I 
subscribe or joined
the Forum, and to tell you the truth, I don't recall whether I had to 
use a password
to do that. It could have been done without the use of any password.  If 
passwords
were not a part of that, we might respond to Danny's rightful objections 
by putting
them in.

(And by the way, since I had posted the WHOIS from which the hacking 
evidently
originated (in California, where else?  :-) ), has anyone down in that 
neck of the
woods gone to knock on that feller's door?)

As to the polling issue, a poll is presently being conducted on the 
ga@dnso.org in
which people are checking boxes "Yeah" or "Nay." Unless I'm mistaken, anyone
who subscribes to that list can count up the responses for themselves 
and confirm
the result for themselves. I don't know how the icannatlarge.com polling 
system
works, so I can't comment on it, but if it is not equally transparent, I 
suspect it
should be.

One aspect of on-line voting which differs from the ballot I'm about to 
mail in for
an Oregon election seems to be that for the electorate to be confident 
in the result,
i.e., there is a trepidation that the "count" might be manipulated by 
whoever is
running the vote, the votes cannot be secret but must instead be posted 
publicly
so that anyone who wants to can count up the results. I am not concerned 
that the
Oregon Secretary of State might manipulate the votes and come out with a 
false
count, but on the internet, where as they say anyone could be a dog, it 
may be
that the same level of confidence is really never going to come about.

Bill Lovell

DannyYounger@cs.com wrote:

>Dear Joop or whomever the current webmaster might be:
>
>A post was made your forum 
>http://www.icannatlarge.com/forum/viewtopic.php?t=183 that purportedly was 
>posted by me (as it lists me as the author of the post and designates me as a 
>guest).  I did not make such a posting (although the partial quote attributed 
>to me is correct).  
>
>As all such posts require a login process, how is it that my name was spoofed 
>onto this posting?  Your site has already been hacked once... how many other 
>security holes do you have?  Can your polling site be trusted, or is it too 
>readily compromised?
>
>