Franken-Coleman Update, 03/12/09 (AM Edition): Trusting Republicans with Your Money
WineRev over at DailyKos, was filling us in on the post-court developments yesterday. The biggest case-related one: Coleman’s people, despite having officially rested his case last week, were sending out e-mail and fax subpoenas for information to several county elections officials, far more than would be needed for a rebuttal (which is only supposed to cover material submitted before the rebutting side rested its case); not surprisingly, the court only let in a small portion of it. WineRev also mentioned what most everyone knows, which is that even the most generous mathematical estimate of countable ballots that could be let into the count will not suffice to give Norm the lead. In fact, as MinnPost‘s Jay Weiner mentions, Franken attorney Marc Elias says that the likely number of new countable ballots to come out of the 1,360-ballot pile Norm wants counted is zero.
Speaking of numbers-crunching: The TradMed is, wonder of wonders, not just taking Norm’s spew on faith, but actually talking to IT security experts about the bad joke that is www.colemanforsenate.com. While Norm and his people are still crying about political hacking, the experts and some Coleman donors are firing back that the only political hackery involved is coming from Norm’s side:
Kelly McShane, whose job is to secure information in the banking industry, said he learned that the last four digits of his American Express card — and the four-digit security code used to verify the card — were posted online when a reporter e-mailed him.
"I’m in IT security for a bank, and I can tell you that this is so … irresponsible that I can’t believe it," said McShane, who had donated $100 to the campaign online.
Credit card industry standards — via the Payment Card Industry Council, which includes representatives of major credit cards — dictate that credit card information should never be on the same server as a Web site, said Eric Schultze, chief technology officer for Shavlik Technologies, a Roseville-based computer-security company.
Moreover, he said, credit card numbers should be encrypted, or coded, so if a hacker were to gain access to the separate server, he or she would need to crack the code.
"Otherwise, you’d just see gobbledygook," Schultze said. "It’s a big oops on the part of the Web site administrator, and I’d be surprised if that person still had a job. … It’s a rookie mistake. Anybody worth their salt would not set up a Web site that way."
As WineRev points out, Franken’s website certainly isn’t set up that way. It uses high-grade encryption — RC 4, 128-bit — unlike the Coleman site, which does not use encryption at all.
But of course it’s better to trust Republicans with our money — right? Right?!
UPDATE: Adria Richards, the IT security expert who discovered and publicized the dreadful lack of security at the Coleman site way back in January, explains how she did it. (Hint: It’s so easy, even a Republican can do it.) She also explains how Aaron Landry determined that the Coleman people were lying back in January when they’d claimed that their site was crashed by user demand.