Hiding Something Isn’t Exactly the Problem Here

I demand to know when he stopped beating his wife.

@Benedick HRH KFC: Around the time he started beating his meat on Twitter.

Real? Fox News Gets Cracked.

@JNOV knows Dick: Fox calls it a hoax, and Raw Story notes that there have been similar fake videos making the rounds. Reality is not having a good week.

@Benedick HRH KFC: Weiner gets a strong presumption of innocence — as, for the moment, does the alleged hacker — but I don’t yet have the confidence to make a call either way. (I’m very strongly inclined to agree it was a hack, but I don’t want to get ahead of the facts.)

The definitive evidence is buried in the server logs for Twitter and yfrog. Which IP address was the photo uploaded from? And does it match the IP address Weiner used minutes later to tweet that he had been hacked? This can be easily resolved, but It Takes A Geek.

@nojo: Yeah. Looking like a viral ad campaign. Boo!

@nojo: It Takes A Geek and a nation of millions to hold you back.

I assume it’s his dickpic but I find it hard to care nonetheless. I’m not even sure this rates a single diaper unless he’s actually having an affair with the college student.

@JNOV knows Dick: It Takes a Gangsta Geek.

@nojo: Right!

Now WTF would it take to get rid of the damned ISI? I saw Bhutto over the weekend, and I’m not all that sure she and Mr. 10% weren’t/aren’t corrupt.

@nojo: Unless the attacker spoofed the IP address to counterfeit a connection from the House servers. Still, you could audit outbound logs to see if the activity on the receiving servers corresponded to activity on the House servers. Another step but still this should have been cleared up in 10-20 minutes.

@FlyingChainSaw: Weiner was at home, as I understand it — everything happened late Friday. So you’d have to spoof his cable modem, unless he used his iPhone, and hope he wasn’t at some coffeehouse wifi instead…

So a spoof would still be a crapshoot under the best of circumtances. My money’s on a shoddy password used across various websites.

Which, um, is how I figured out all the CP accounts one night…

@nojo: O_o

@nojo: CP bloggers? Cuz commenters’ passwords are anon/hidden/whatever, uh, right?

@JNOV knows Dick: No, the CP Twitter account and such. Greg used the same password across the board.

@nojo: Phew. Not that I’m worried about you cracking my passwords — I’m no fun to mess with — but I have stopped using the same passw0rds for similar account names since Gawker got cracked.

@nojo: Take the CP twitter acct for a ride.

@nojo: IP spoofing doesn’t depend on device or location. That’s why it’s spoofing.

The intrusion vector you posit is probably right, though, as things like office Twitter accounts’ passwords are shared, giving an attacker multiple targets to compromise.

@FlyingChainSaw: Yes, but…

1. If Weiner’s at home, his IP is his cable modem.

2. If Weiner’s at the office, his IP is either a congressional office building, or one of his district offices, which likely have multiple IPs each.

3. If Weiner’s at Starbucks, his IP is the Starbucks wifi.

4. If Weiner’s out and about with his iPhone, his IP may hail from Cingular, which mine still identifies itself as on 3G.

So: Which IP do you spoof?

Bear in mind that Weiner himself tweeted minutes after the photo was posted. That’s your reference IP, the one he was actually using. If I spoofed his office IP to upload the yfrog photo, and he tweeted minutes later from his home IP, it doesn’t matter how clever I was to fake the upload location. I still got it wrong.

@nojo: Likely basic Congressional access protocol requires VPN access from district offices or home offices. You spoof the IP address of the machine that hosts the VPN services.

Congress critters are not letting their staffs access web application through unconditioned, unsecured connections that can’t be audited. If they are, they’re probably running afoul of all kinds of ethics laws and some chunks of sarbox.

Good point about the last reference – but I hope you’re wrong about him not using a VPN for official business, even as silly as Twittering. Still, Breitbart could argue he spoofed an attackers IP address to ‘prove’ it wasn’t him that posted the schlongograph.

@FlyingChainSaw: Now I’m curious about the standard Internet arrangements for bog-standard congresscritters. I can imagine security geeks taking a special interest in members who sit on, say, intelligence committees, but is there a Capitol Geek Squad that handles things for everyone else? Or do they just order business service from the local cable company?

@nojo: I am sure there are lotsandlotandlotsa rules about absolutely everything to do with Congressional IT management and likely an IT staff versed in them. You can’t open a cigar store (that takes credit cards) without being subject to a lot of IT regulation, all of which can be covered by qualified vendors (to clear the card transactions, for instance).

It’s worth some calls as it is really strange he didn’t trot out his logs and make this all go away. If he’s running web applications out of his kitchen, it’s really mickey mouse and likely a violation of a goodly pile of Congressional IT rules.

Then again, we could speculate about how Breitbart may or may not bring tranquilizer darts to the zoo to incapacitate animals that would not usually have sex with him.