McCain learns why hotlinking images is stupid
From the ever, clueless ABC News...
ABC News' Jennifer Parker Reports: In what is perhaps a new weapon in campaign digital media warfare, the MySpace page of presidential candidate Senator John McCain, R-Ariz., was hacked Tuesday.
It actually had nothing to do with politics and it wasn't hacking. Newsvine Founder and CEO Mike Davidson gives a more lucid account (although also makes the error of calling it hacking)...
If you visit John McCain's MySpace page (as of 9am PST Tuesday morning), you will notice an interesting announcement from him. He's apparently reversed his position on gay marriage as well as revealed a bias towards attractive lesbians.
Why would a presidential candidate make such an important announcement on his MySpace page?
The answer? He wouldn't.
But I would.
You see, John McCain's people commandeered my world-renowned MySpace design template and did a few things wrong:
- They did not credit me for the template, even though the template explicitly requested credit.
- They used my own unmodified imagery, specifically for the "Contacting John McCain" table.
- As if #2 wasn't bad enough, the McCain crew is actually pulling their image directly from my server on each page load. So every time someone visits the McCain MySpace page, my bandwidth is being used to deliver part of the page! Bad McCain!
So...
Numerous people have written me over the last few weeks to tell me that McCain has been using my code, but up until I realized he was pulling images from my server, I didn't really care. A lot of celebrities including Ryan "Van Wilder" Reynolds and the beautiful Nelly Furtado use my code and I'm totally cool with it....
Luckily, I had already set up a special .htaccess rule on my server which served my real "contact me" image if the image was referenced from my own MySpace page, and served up a sample image if it was served from anywhere else. This is the whole reason I even figured out what was going on. I had my real image in cache and upon loading McCain's page, the real image showed up (including my special note that said "NO REQUESTS FOR DESIGN HELP PLEASE"). Thinking it was weird that McCain would get any requests for design help, I immediately realized what happened.
So, the only thing necessary to effectively commandeer McCain's page with my own messaging was to simply replace my own sample image on my server with a newly created sample on my server. No server but my own was touched and no laws were broken. The immaculate hack.
Smooth, but falls short of the term hacking, since he only made changes to his own server.
This reminds me of when Christopher Petro exploited an error prone IRC chat put on by CNN and impersonated then President Bill Clinton. What he did was no more advanced than walking through a door, carelessly left open, Democrats wailed that sophisticated, high-tech hackers had commandeered the internet to personally attack Clinton.
Hopefully McCain and his staff have learned their lesson. Hopefully other politicians will take note, and be careful about how they set up pages, as well.
Posted by Danny Carlton at March 28, 2007 5:36 AM